I am getting awkward issue in iOS app when I try to post on friend's wall using FBWebDialog
fbconnect://success?error_code=110&error_msg=Missing+user+cookie+%28to+validate+session+user%29
In which I am using stored access_token on server and creating session using that on every device when user logs in.
While I cannot be sure, the issue seems to be with the access token that you are using. You mentioned 'stored' access token so it is possible that the access token had already expired when you made the request. This answer may point you in the right direction.
Related
I'm writing an offline application that uses the Dropbox API. When a user comes to the application, I'm using the https://api.dropbox.com/oauth2/token (docs) to get a refresh_token, which I store for later use.
I am calling the same endpoint every time the user logs in (unless I've already got the user's data in a cookie). I'm not sure that this is the best way to go about it: I at least need to get the user's account_id, so that I can look up their refresh_token in the database if I already have it. But every time I call https://api.dropbox.com/oauth2/token, the user is redirected to the Dropbox app authorization interface, as if they've never approved the app before.
So I would either like to know how to stop Dropbox from forcing the user to re-authorize an app every time. Or, if that is just how https://api.dropbox.com/oauth2/token is supposed to work, I'd instead like to be able to get their account_id somehow when they visit my page.
(In case it's relevant, the app is still in development mode at this point.)
The https://api.dropbox.com/oauth2/token endpoint is an OAuth endpoint that the app can call to get an access token/refresh token. Being an API endpoint, it does not itself redirect the user to the Dropbox app authorization page.
The Dropbox app authorization page is at https://www.dropbox.com/oauth2/authorize (documented here), and the app decides if/when to direct the user there to authorize the app.
You generally only need to send the user through the app authorization flow (sending them to https://www.dropbox.com/oauth2/authorize and then calling https://api.dropbox.com/oauth2/token) once per user for an "offline" application. Once you do so, you should store the resulting refresh token for that user. You'll typically store the refresh token for that user tied to their user account in your own app.
Exactly how you manage the user accounts in your own app will depend on how it's built, but, as it sounds like this is a web app, typically you would use the user's browser cookies to identify the user when they return to your page so that you can look them up in your database and retrieve their details, such as their corresponding refresh token. (Or, if they're not already signed in to your web app, you would have them do so first.)
Greg's answer is very helpful, and very politely addresses my misunderstanding of the auth flow. (I was revisiting old code I'd written years previously—obviously I should have documented it better than I had!)
In the end I believe that Dropbox was forcing me to reauthorize because my application was in development mode, and had a small user base. When I used the identical code in an app set to production mode, it stopped forcing me to reauthorize. So the “problem” is really a Dropbox security feature, and the solution was just to use production mode.
I am developing iOS App which use Facebook iOS SDK 4.
When user has already done Facebook login, by doing Facebook login the dialog which shows "user has already approved your app" had be displayed.
So, do not show the dialog. I want to know whether the user has already done Facebook login.
Anyone know the good way? I think accessToken is returned if user once had done Facebook login.
FBSDKAccessToken manage current logged user's accessToken.
According to official Facebook Login guide
"FBSDKAccessToken Represents the access token provided by a successful login. Most important, it provides a global +currentAccessToken to represent the currently logged in user."
The currentAccessToken is a convenient representation of the token of the current user and is used by other SDK components (like FBSDKLoginManager).
According to above you can check either user has valid accessToken or not and based on this you can track call login method otherwise just skip to next flow.
In Facebook the access tokens are per user so you can pass them around apps and they will work. In your case if you can ship an access token from another app you will be able to skip the next logging in and use the API normally.
However I think this this thread will help you.
Things are a little bit different with iOS cause I have done a facebook login on Android and got no such issues.
So, I'm just starting to use omniauth and have gotten it working with facebook. I have set it up so that it automatically redirects back to facebook for a new token when the current token expires. Based upon that, is there any reason why I should be storing the token to the db? I currently log user accesses but don't really see any value in logging the token. Would appreciate any ideas on why I should.
thx
Depends on your business logic. For example, do you need to access the user's Facebook details at a later time, even when he is logged out? Or if you are queuing tasks (i.e. running this in the background), do you need to post to his wall a few hours later, instead of this very instant?
Another reason I can think of, is. Do you require your app to obtain a new token via Facebook all the time when the user needs to interact to Facebook via your app? Or would you like to store these tokens in your app, so the user does not need to go through the same process over and over?
It all depends on the kind of user experience you are trying to deliver.
I am using tmhOAuth as PHP API for connecting my twitter app. Every time user tries to tweet through my app, The user need to authorize app every time even if he has authorized earlier. Is there a way I could find out whether the user is logged in and already authorized the app.
Since there has not been any response for the problem, and I have somehow succeeded in solving the problem. The solution is pretty straight and simple. You just need to hit /authenticate rather than /authorize as the hitting URL. This will handle the log in and permission flow by it self.
I am getting a problem, fetching facebook freinds information.
When I launch the app, and login to facebook I am able to get friends list.
Once, I do quit the app and launch it again I am seeing this error :
"An active access token must be used to query information about the current user."
though, i had all my facebook info stored in user defaults, I am seeing this.
Strange. Have you echoed your output send to FB.
I have made the experience, that a second reqeust on the same app page will be answered empty, so i store all the Request Data from the first in php Session Vars.
You need to make sure you are resubmitting the access token every time. Are you able to submit the snippet of code you are using? If you are using oauth2 you can use FB.getAccessToken() to retrieve the token in your request.
Edit: realised you tagged iOS so my above answer maybe not relevant. It could be that because you are logged in already, when you revisit, you arent getting a login response, because you haven't just logged in, so the access token is not present? It's hard to know without seeing code. Make sure you are directly getting the token, not relying on the login process to get it