I am working on one application which require Facebook Login.
I went through various blog and it is clear how to implement facebook or any other third party login. However just bit confused regarding login persistence/ Or process when user comes to website second time.
What i need is
User come on website and can choose wether he want to register or want to login with facebook.
Once he log in with facebbook i need some additional information from him and i will store that information along with his userid in the database.
If he log off, and comes again to website he will again provide his facebook login details.
once he do that i will get his facebook user id and with the help of that i can create a session easily.
BUT not in case he is already logged in from facebook in the browser and if he try to browse my website, then i have to redirect him to authorized page directly. In that case i have to implement a solution which will take care of this issue. While searching i found one blog which might be the way how to implement it. Facebook Login Filter
But is there any other way i can achive it?
Related
I am confused with how social oauth works? Lets say i have implemented social oauth login in my project.
user A signed up in my website with Google Oauth. I somehow put that SIGN UP WITH GOOGLE button in my sign up page and then user will click it and will be directed to a link where google will ask to authorize my app or not. If the user A allows, then at first time what information does the google server send to my server. It will send something so that i could save it in my server to know that a user A has been signed up and could give the userA a id to link it to other tables of my database which is in my server (nothing to do with google server). So real question is what will google(or any other service provider like facebook, twitter etc) send me when a new user signed up and when a existing user signed in again. what will happen if a user (already signed up) try to sign up again? or didn't authorize the website again when logging in?
If you want more detailed question, please comment and I will elaborate.
Ok first off lets use a different term than social login. Lets call it third party login and heres why.
Your application has its own login system users can create their accounts on your system by say adding an email address and creating a login name and a password. Now you want to add third party login that being, Facebook, google and twitter login. These are actually third party logins.
What you will actually be doing is linking the users third party social media accounts with your login system. The term often used for this is called account linking.
Lets say user A has created an account in your system already now A has a Facebook account so they would like to link their Facebook account with your login system. So you create a Facebook login button Facebook will return to you an id this often being the id of the user on facebooks system. So when the user logs in using Facebook you get the Facebook id back that you can store on the users account in your system.
Things get a little more confusing if user B wants to login to your system using Google and B does not already have an account in your system
when they login then you will probably get the users id and i think you get their email address back as well so you can use the email address from google so you can create them a actual account on your system and directly link the google login to it automatically.
Its been a while since i have done it but i believe that you get the user id and the email returned to you from third party providers you may want to check thought if memory serves they are not all the same and you may have to make a request to get the email address after you get the id back.
Social login is still not normalized. You have to work them out one by one unless you leverage something that do it for you like the trusstee.io solution.
It appears to be simple to use and is described here https://medium.com/me/stats/post/ef5d5a5a3943.
I know, this might be a very naive question, but I'm having hard time imagining a complete picture of how Facebook SignUp and Facebook Login should be used in my application. I understand Facebook documentation, but it gives me scattered pieces which I can't figure out how to put together. I would appreciate any links for how-tos regarding this issue.
The problem I'm trying to solve, is simply to use Facebook SDK to register users in my application. But, what does this mean? Generally, if we take e-mail registration, this means getting e-mail address and a password, which will be used for later logins. For every login, my server will generate a session id, which will be used in API calls.
Now, I can obtain user's e-mail using Facebook SDK. But now what? What about the password? How should I generate a session id now on my server? Do I have to perform Facebook login call every time I start the app? Or should I send access token to my server and store it in users table and use it for generating session id? I don't need to perform Facebook Graph API calls in my app. All I need - is "single-click" signup/login functionality. What's the right way to do it?
I'm here to discover if what I want to do is possible or not. Can I connect to facebook using a rails method without passing through the facebook confirmation page?
I want to implement an app that should have a facebook acc/pass and I need to send a comment in a timeline, but I don't want to allow the facebook page. I want to do something automatic.
Thanks!
No, the facebook api in rails is built in a way that you can't directly login to your site using facebook. This is restricted for facebook authorization issues and it's terms and conditions.
If the user wants to allow access, he’ll have to log into his account (still on the facebook page) before being redirect back to your application. In the background Facebook will return an access token that your application will use to get access to the users data.
Check this for more details.
My plan for this web app is that it needs the user to log in with LinkedIn, and the user's id on the site and database is their LinkedIn id.
So, the most convenient and elegant thing would seem to be to have no "native" login at all, and just have the user log in with LinkedIn from the start.
Having seen recent disaster for Twitter api developers, I now wonder if this is considered too risky. I am assuming that it is allowed by LinkedIn (haven't checked that yet).
Alternatives could be:
native login then login with LinkedIn after that.
OpenId login and then login LinkedIn after that.
Somehow have a backup login incase linkedin kicks me off.
Any thoughts on the main idea or alternatives? Any other ideas?
As soon as you require a user to create a native login, you're making the usability of your app more challenging IMO. I hate, hate, hate it when I'm forced to create a new account on a site when a single button press would work.
Of course, usability would be at near zero in the unlikely circumstance that LinkedIn's provider no longer works for your app. So, there are tradeoffs.
Does LinkedIn provide access to the user's e-mail address when you authorize them? If that's the case, you could just login with LinkedIn. If LinkedIn's provider no longer works for your app, you could send users an email with a temporary password in an authoritative way. If they don't provide an e-mail address via their provider, then you'll be forced to collect it separately directly from the user (and potentially verify it in case the user made a typo or something).
I am working on a web application, I am using graph API with php sdk for accessing the facebook features.
I am using facebook connect and it is working fine for login, but every time a user come to my site and get login by using the login button.
I want to make this automatic, Is there any way that when users come to my site they get logged in automatically.
How can I achieve this..
anybody help please.
thanks in advance.
Danish
If the user does not explicitly authorize you to get some private data from his Facebook account (included his Facebook ID), you can not get them.
I cannot think of a way to get the Facebook ID without the authorization of the user. So no way for you to automatically log in users.
Hope that helps.
I would say that maybe you shouldn't make it to connect automatically, some viewers of your website might not be very happy that as soon as they get there they are automatically logged in with their facebook profiles, pictures, information, etc.
Also because there could be another one's facebook already connected on the same computer, but still...
My advice would be to just leave a button to login when the user wants.