This option is confusing me, as I mentioned on Github!
Is it supposed to actually deal with a popup window or does it mean something else? Just a bit strange as you get so much out of the box with Omniauth, yet this interaction is clunky.
I've seen this "solution" which isn't very elegant.
Turn omniauth facebook login into a popup
Am I missing something or do I need to ditch the server interaction and auth via the FB Javascript API?
TIA
In short: "The display=popup option simply tells Facebook to provide a page optimized for display in a popup. You need to open the pop window yourself, using Javascript."
The smoothest UX seems to be using the FB JS API.
See:
https://github.com/mkdynamic/omniauth-facebook/issues/47#issuecomment-5524582
Related
I want to open, from an iOS app, a web page that requires authentication in order to get to that page.
I googled a little bit and I believe I need to use WebKit and Javascript injection, but I am not sure and I have never done something like this, so every bit of information is welcomed or pointing me in the right direction.
I will give an example that I hope will make things more clear(I don't actually want to open facebook, it's just part of the example):
Is it possible to do the following scenario? And if yes, how?
Open a web page from an iOS app, for example: "https://www.facebook.com/profile" without having to go through the login page? I do have the user credentials(username and password), as the user is already logged in with those credentials in the iOS app, but the requirement is to not go through the login page, but to go straight to the profile page.
In general the answer is: no. Even if the user is already logged in and has a valid authentication token that token may only be valid from within your app and not from within the browser. And the login form may be protected by something like a captche preventing you from automatically logging someone in.
There certainly are situation where it is possible: For example if the tokens are not scoped to your app you can try passing them along. Or there is an actual API that you can call with the token that logs the user into the website on the website, etc. But those depend on the specific target website or wether you can control that target website and can add this functionality.
I've successfully added a Sign in with Facebook feature to my Rails 5 app with Devise and Omniauth.
Instead of my static button, I'd like to implement Facebook's embed "Continue as {name}" login button. In their documentation they'll produce the following code for you to implement:
<div class="fb-login-button" data-size="large" data-button-type="continue_with" data-auto-logout-link="false" data-use-continue-as="true"></div>
Just implementing it like that obviously doesn't work. I'd really like to be able to handle it in a way where I can specify it to direct to my user_facebook_omniauth_authorize_path. How do I do that?
I've implemented Facebook SDK on the website.
Thank you in advance. Your help is much appreciated! :-)
Omniauth uses the server-side login flow, whereas this button is part of the client-side login flow.
Only by being embedded on the client side can it determine whether there is a logged-in Facebook user in the first place - on the server side, that info isn’t available.
The server- and the client-side auth flow have quite significant differences, so I doubt you would be able to implement this, without rewriting how login is handled almost completely.
i am working with the HelloFacebookSample from face book's sdk.
i have a few issues, but am trying to get through them.
The one i have right now is that after I login, then logout, then login again, i am automatically logged in without being asked for credentials. Is there any way to change this behavior?
And secondly (for now), is there any way i can bring up the FB login dialog within my app instead of it going to Safari? i don't want my users to have access to safari at all, so i need to keep control.
The original FB sdk (about 2 years old) handled the login directly from within the app, so I am thinking i am just missing something here?
Thanks,
Jerry
If you want full control over the login process then you can't use the SDK, you need to add and manage a web view yourself. Facebook tries to bother the user to reconfirm as little as possible, so it will provide a login with the least path of resistance (and user taps / interaction).
Depending on how the user is logged into Facebook you won't be able to force them to re-enter login details unless you implement the web view approach. If you're using the SDK then you would need to call closeAndClearTokenInformation on the active session and also delete any Facebook related cookies from the app (and that's probably as close as you can get).
I am using omniauth-facebook and omniauth-twitter gems to enable log in via Facebook, Twitter.
Everything works fine, I am able to authenticate user using OAuth. The BIG problem here is that when user is signed out from my application, it doesn't log out
from the social site that they authenticated from, which is dangerous.
I would like to add a functionality that will destroy the session in both places i.e, my application and the corresponding social site.
How do I do that?
Is it possible using the omniauth gems that I am currently using? Or is there an alternative gem/API available to achieve this?
It seems to me that the problem is we don't know the user's intent. If the user logs out from your app and they don't have other tabs open with Facebook and then they walk away from the computer thinking they're all done but leave the browser open, then yes, that would be bad. On the other hand, if they have another tab which is on Facebook, if they log out of your app and then switch to the other tab expecting to carry on using Facebook, they'll be annoyed. You could argue that annoying people is better than leaving them logged in to Facebook unwittingly - I'd generally agree!
I don't know of a nice/official way to do this if you're handling the login flow server-side. Some suggest building a normal Facebook url - see https://stackoverflow.com/a/8765863 - and I guess you could redirect to that and make it redirect back if that approach still works (it's an old answer), but it feels brittle as the user implies.
If you're using the javascript api, there's the FB.logout function:
https://developers.facebook.com/docs/reference/javascript/FB.logout/
and/or the auto-display of a logout button instead of the login button using the auto_logout_link parameter:
https://developers.facebook.com/docs/plugins/login-button/
One option which covers both user intent scenarios is to have your normal logout button which obviously kills your app's session and when they click it, redirect to a page which has a "Logout from Facebook?" button - perhaps using the javascript login button with the auto_logout_link parameter. Then they can logout from Facebook if they're done with the computer, or choose not to click it if they have Facebook open in another tab and want to continue using it.
As I'm sure you know, omniauth-facebook supports both server-side and client-side login flows.
I'm not sure if an equivalent is possible with omniauth-twitter - I don't have experience with it.
I am adding facebook comments to my iPad application using UIWebView and HTML5 code provided by Facebook.
When the user is not logged in, the application shows the comments and button "Login to Facebook to Post a Comment".
Clicking the button takes me through login process. After the login completes the view is redirected with an empty page with "Login complete" message. It is not redirected back to the comments dialog.
Right now I implemented an ugly workaround. Upon receiving webViewDidFinishLoad event, I look at contents of the page and reload it if the page shows this message. Though, it does not seem a clean way to go.
Why doesn't Facebook redirect me back to original comments page?
I suspect the problem you're having is related to this issue: Facebook authentication in a UIWebView does not redirect back to original page on my site asking for auth
Specifically, the standard Facebook web login process launches a new browser window dialog, and dispatches a message back to the opener to indicate login success for the redirect to occur.
Quoting a passage in the linked SO, "UIWebView doesn't support multiple windows so it can't postMessage back to your original page since it's no longer loaded."
I'm also developing an iPad application, and my solution is similar to yours: i drive the user to "https://m.facebook.com", always, to force him to login first, then in "webViewDidFinishLoad" i inspect the returned url and if it matches:
"https://m.facebook.com/login/checkpoint/"
exactly, that is, the url returned upon a successful login, then i call my own method (with reload or anything i want). At this time, the user is authenticated and has a valid FB session, so, redirections are not necessary anymore.
It's definitely not pretty, and may break as soon as FB changes the way it processes the login dialog, but i too cannot find a way to resolve it any better. Even tried using "FB.Event.subscribe('auth.login', function(response) {});" without success, of course, because the code is never reached.
I think a bug is already submitted to FB, but i don't think it's getting the deserved attention...
I ran into same issue as this question, but after reading some Facebook official documentation, I'll be redesigning to use the Facebook native SDK.
All iOS and Android apps must (effective October 2, 2013) use our SDKs
for iOS and Android for requesting permissions.
Though, I also gather that the "or else" is just a "developer notification"?
Posting this in hopes it will save time for someone using the same approach :)