So I'm trying to integrate twitter with the app I'm working on. The flow I'm looking for is one in which the user is prompted to enter his twitter username and password just once, and then anytime the user wants to post to twitter he can do so by entering text into a textfield and clicking a "send" button - no other hurdles.
I know how to accomplish this if the user already has the twitter app installed with an associated account - you can retrieve the account form the ACAccountStore. But what do you do when the user does NOT have the twitter app installed/no twitter account in ACAccountStore? Is there a way to add a new ACAccount using the username and password I have the user enter in-app?
You can then use the twitter framework for setting the account with in the app or you can force the user directly from with in the app to goto setting and set up an account for twitter..
Related
I'm developing an iOS app with a server-side component. Users can create and login to accounts with an email/password combination. I'm also building in an option to alternatively login via Facebook. If the user logs in via Facebook I will need to create an account for them using the email we get from Facebook - but what do I do about the password? The server obviously requires a password to create an account. Should I use something like their Facebook user ID as a password (doesn't seem secure), do I force them to create a password? What's the standard practice here?
You can set a button text or alert saying "Use Facebook data for Registration".
After clicking on the button, you can redirect the user to the registration screen.
Fill up all the data with his facebook data then leave the password and confirm passwords blank to let him choose his password.
Trying to use his personal Facebook data as password may be the cause for rejection of your app on Appstore.
I've implemented Twitter Login in my iOS app with the following tutorial:
https://dev.twitter.com/twitter-kit/ios/twitter-login
But after I chose a Twitter account when I log in the first time, the app always defaults to this account. I would like to enable users with multiple accounts to select the Twitter account they'd like to log into each time.
How can I re-enable the UIActionSheet that allows the user to select which Twitter account they want to use for login?
There is a method Twitter.sharedInstance.logOut to delete the local Twitter user session. And you also should clear Twitter-related cookies in NSHTTPCookieStorage to prevent using of old credentials in further UIWebView-based login sequence.
The new Twitter Kit 3.0 now supports this flow by default. Every time that login is called, the user will be able to add or change their Twitter account.
Can an application check if anybody is logged into Facebook application in mobile ,if logged in get the user email Id from that and use it in their application?
To get a logged in users email address, you would have to authenticate with the API and the user would have to approve you using the Oauth workflow.
You can display a customized login / connect button using the Facebook API but if I recall correctly, that is an iframe that is embedded in your page, and you never see the email from that.
tldr; No. You need to authenticate using the Oauth workflow and have the user grant you permission.
First you have to authenticate user and then you can get logged in user profile information. For that you have to use Facebook API. Please check below link.
https://developers.facebook.com/docs/facebook-login/ios/v2.2
I am using the Facebook iOS SDK to allow quick sign-up of users in my app. Here is the flow:
User taps "Login with Facebook" button
Taken to Facebook app or Safari for login
Redirected back to my app
Show Sign-up for with pre-filled fields from FBGraphUser object
User creates account using data from Facebook
After they created an account, is it possible to authenticate with Facebook, and let them login to my app without having to enter the username and password they just created? How would the flow of that work?
Seems like I should be able to do the following:
User taps on "Login with Facebook" button
Authenticate with Facebook SDK
Return to app, and make a call to server, checking to see if there is a username matching the Facebook email
Allow the user into the app with no password, since they have authenticated with Facebook and have an account in our system.
Is this the correct way to do it?
That is very close. However, it is not enough to just check that the email/username is valid. It is strongly recommended to validate the token directly with Facebook as well.
See Use Facebook authentication token in API for a very similar concept and the Facebook docs about verifying token: https://developers.facebook.com/docs/graph-api/securing-requests.
I want to give the opportunity for a user of an app to register/login with Facebook or by creating an account. I know that I can get the user's Facebook account email address, and their first and last names. That's basically the only information for creating a 'local' app account, apart from a password. How can I make sure that if that person logs in to Facebook on another device, that their two devices are linked to the same 'local' account? (i.e if they choose to sign in with Facebook with 2 devices, I only want one local account to be created on my server for that user).
Ideally, I want the login schemes for both to be identical. So if that user logs in with Facebook, I can check (securely) that the FB account is linked to a 'local' account, and automatically log that device in without making the user type in a password. Is this possible?
Edit: The 'local' users will be stored in a database on my server, and the front end will be done in Python running alongside the API for the app. Note that 'local' is just referring to the fact that it uses my app web service rather than an external social network.
You can do that within your users database as per below:
assuming you store the user data in a table named userinfo, this table should contain user e-mail, first name, etc..
Add another column in this table named fbemail.
If users signs in using web service, his email will be saved in the email field & the fbemail should be null, if signs in using FB, then both email & fbemail should be the extracted email.
when the user uses FB login, check the fbemail field, if not found, then this is a new user, add his data, if not, then this is a returning user, no need to add his data.
Option 1.
You can identify your Facebook user by his Facebook User ID. If he logs in using Facebook on other device you know it cause he sends you his Facebook User ID in the authentication process. He also sends you Facebook access token which you validate contacting Facebook to see if it is correct. Using this approach you have to have a different authentication scheme for Facebook user and "normal", email user.
Option 2.
To have the same login scheme you can use Facebook to get user email and prepend it in the email text field in your registration screen. The user would need to additionally provide a password. This means that you are not really doing a Login with Facebook, but use Facebook to obtain an email (and any additional information) so the user does not have to type it.
This is an old post but still very valid. You are correct, anybody who has your FB email could potentially access your server rest-api and log into it. To access a backend service you will need to use as password the FB access token generated during the FB log-in. This is stored in the device keychain and can be retrieved as:
NSString *accessToken = [[FBSDKAccessToken currentAccessToken] tokenString];
NSString *userID = [[FBSDKAccessToken currentAccessToken] userID];
The topic of using a FB authentication system in parallel to a custom login/registration system is covered in this FB guide: Using Facebook Login with Existing Login Systems.
In sum, different scenarios need to be addressed:
A person signs up for your app using their email and password, but later they want to use Facebook Login to obtain data from their Facebook account, to post to their timeline, or just to use to log in with in future.
A person signs up for the app using their email and password, but later chooses to log in with Facebook separately. This guide assumes that the email supplied first and the primary email associated with their Facebook account are the same.
A person signs up for the app using Facebook Login and later wants to log in to this account using an email address and password.
The guide recommends using two different tables for the FB log-in and the custom login.