I'm making a game for iphone, so my question:
How is the end user supposed to change his login. Meaning if he decides to log in under a different name?
I noticed that even a resetting of the phone and reinstalling the app doesn't work, I'm still logged in under the same user as before.
My next guess was FB.Logout, but this page tells me not to use it:
https://developers.facebook.com/docs/unity/reference/current/FB.Logout
And also, under Settings -> Facebook I logged into another user already, too - in my game it's still using the old user...
You need to set
[FBSession.activeSession closeAndClearTokenInformation];
for Facebook Logout.
closeAndClearTokenInformation closes the session and clears any cached info, destroying the session. This means that when the app is re-launched the cached token will not be available. The login view will then be shown.
That is because that LogOut function will log out the user from FACEBOOK, not just from your app. Plus the documentation you are looking at is for unity. You should follow this guide: https://developers.facebook.com/docs/facebook-login/ios/v2.0
They show how you can easily log in and log out which is what you are looking for. If you don't have a predefined account set on the device then you will be able to log in with your email and password using the facebook log in interface (in were you can log in as a different user if you want)
Related
I'm creating a book library app, where people buy an account and become able to read all the books...
In the past, we were able to get the UDID of the iOS device and the login only works from this specific UDID.. now apple prevents this, another solutions were there like OPEN-UDID but now doesn't work...
Are there any other means to prevent the user from giving the credentials to another people??
The only solution on top of my head now is this :-
When a user login, a flag on the server becomes true, and when another account try to login using the same credentials, it will show an error message "you are already logged in on another device".. when the original user logs out, the flag becomes false.. this will prevent the account from being used on multiple devices at the same time.. but the drawback is, what if the user unInstalls the app without logging out?
Is there a research on this topic that covers all these scenarios?
Is there a way to use apple keychain or iCloud or any other solution ?
What you can do is on new login invalidate api request(and send them to login screen) of previous login you can use device token with each api to check if you want to send data to device or it's a old login token and needs redirect to login. you have to just store a device token for each account login if it matches then send data else redirect to login
Edit 1:
if you uninstall the app then you have to login again from other device to access the books(data) and in each login you'll replace the old token with new one. Now only device which has this new token can access books. All other device if there are any login left in any device then they will get message from API that token not matched and you have to redirect them to login page again
I'm using the latest Facebook iOS SDK, 3.1.1. I want to give users the option to "disconnect" our app from Facebook. I'm calling:
[[FBSession activeSession] closeAndClearTokenInformation];
That seems to work fine, but the next time I call
[FBSession openActiveSessionWithReadPermissions:allowLoginUI:completionHandler:handler];
it immediately gives me a token, without asking the user to login again. I would expect it to ask the user again to authenticate. If there's no Facebook account set up on the device, it works fine, because it opens the web browser where it tells the user they've already authenticated the app and shows the 'Okay' button. But if it is set up, it just silently gets the token again and so the user's "disconnecting" the app has no effect.
Is anyone else having this issue, and how are you handling it?
It doesn't ask again because the iOS SDK has given the Facebook SDK a valid access token. This is just how Apple designed their Facebook (and Twitter) frameworks. There's nothing you can do about it. Personally I think it's great. The user should only have to tell their phone once that they accept an app.
Also note that the cached token may have expired. The Facebook SDK at present doesn't fully handle the case where the iOS SDK gives it an expired token.
If you want to test then you can delete the Facebook account on your device and re-add it. That should clear the cached token.
Using:
- (void)openWithBehavior:(FBSessionLoginBehavior)behavior completionHandler:(FBSessionStateHandler)handler;
with FBSessionLoginBehaviorForcingWebView as the behaviour solved my problem. It opens the login modal box and forgets the user cookies.
I have FB connect implemented in my app. After battling with the FB app installed on a user's phone, I finally had success forcing the standard FB dialog and bypassing the FB app
(see iOS: Connect to Facebook without leaving the app for authorization)
My new problem is that I cannot seem to switch FB users within the app. When I click the "Login with Facebook" button from within my app, it quickly brings up the FB dialog, dissappears, and always logs me back in with the previous user (meaning I have no way to switch FB users).
I've check both Safari and the FB app, and neither are logged in. Do I have to tell FB to log out the previous user before a new user/pass is prompted?
Thanks
Your implementation probably saves user's access token in NSUserDefaults. If it is so - you just need to delete it from NSUserDefaults any time there is a logout or you're switching users.
Also if needed you are able to deauthorize the user by making a DELETE graph API call to uid/permissions.
hope this helps
I just run the demo app for the single sign on Facebook and I am getting the following:
And what I want is actually something like this:
I wanted it to not show as a web view, how do I do that?
Please see my answer here (which answers this question):
FaceBook API, login in-app
Please also note my caveat. OAuth was designed to authenticate outside of your application - but in this case, you can make it work inside (but it breaks a core principle of OAuth).
When an app requests authorization or login, the application gets the user's login information via the browser (as you showed in the second image) or, if you have the Facebook app installed, from the Facebook app. It looks like you have the Facebook app installed, so the app automatically pulled the user's information from that app.
Then, for any new app that a user uses, Facebook verifies with the user that the app's requested features are allowed by the user.
Since your device pulled the login info from the Facebook app, the email/password screen is not used and the permissions screen is shown first. Once you allow the features, you should not see that screen again, when you start the app again for that same user.
Modify your Facebook.m
- (void)authorize:(NSArray *)permissions {
self.permissions = permissions;
// with both options NO, authorization always happens in-app
[self authorizeWithFBAppAuth:NO safariAuth:NO];
}
I am integrating my app with FaceBook on iPhone. When the first time user log's in I would like to ask him to enter the FaceBook credentials, but after than whenever he come back to my app I don't him to show the login screen again. So I have two questions
How does this single sign on works? - it says that if the user is already logged into FaceBook through some other app, FaceBook login screen will not be shown to him, so does the FaceBook gives the same access token and expiry time as it has given to the other app or does it create a new access token and a new expiry time?
So after the expiry time, user will be presented the FaceBook login page again? I really don't want this to happen, is this is way to avoid it.
One solution that i can think of this to make a request with the permission for offline_access, in which case the token will never expire, any other solution guys?