I have a rails application that allows third party sites to embed my widget on their site. Part of the functionality of my app requires people to 'link up' their facebook accounts. Can this be done through a widget? Can they link up facebook to my app through a widget on a third-party site?
It should work if
your widget is in an iframe (so the window location url matches the one you set for facebook oauth)
and you use client side oauth (you don't want to overwrite top.location)
Why don't you try it and come back if you have any problems
Related
I have iOS native app , need to display stories from Facebook fan pages , currently I have to enforce users to login to Facebook throw my App to see the page posts , is there a way to let them see the posts without enforcing them to login ? specially the page is public and I can open it from any web browser without login.
I have found the solution for this issue as follow
you can use your appID|App_secret as an access token , this will enable the retrieval of any content without enforcing the users to login
but this is not safe to be used from the client side since this URL can be intercepted and app secret being revealed.
The saver implementation is to use this on server side and work as proxy between the client application and FB API.
We have an ios app that uses native Facebook login just fine.
Then we also have a website (app is basically an optimized client for it) where people can login via Facebook too. When they open our website in mobile safari, they are directed to Facebook pages to authenticate there and it works, but.. it is still far from native and users have to retype credentials they often have in ios already.
So could it be possible to to somehow launch system fb authentication for just a web page (maybe using some clever URL schema?) and get granted token back to web?
Difficult way
As described here http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#mobile-apps you could find URL scheme to trigger the native iOS app for app authorization:
fbauth://authorize?redirect_uri=[redirect_uri]&client_id=[client_id]&response_type=token
But if you call that link it's not possible to have a redirection. You could try to hack that redirection but maybe you could not find a way out.
A secure way to solve that problem is to use a SSO token to authenticate user on your App when he logs in, and next on Safari take a redirection, with a custom url to your APP, that do as bridge to FB App via Token stored in your APP. After FB authentication you can directly redirect user back to your landing page in Safari. As said by #Lego it's an alternative way to direct authenticate that could be made by going deep to custom URL used by FB.
No, it is not yet possible to directly authenticate the user via the native Facebook App, but it's possible to authenticate the user using a custom URL scheme which opens your native iOS app which then handles the authentication flow:
The user authenticates natively with your iOS App. You then store the user login (not password) in your app (i.e. using NSUserDefaults).
Then the user opens your web page in Mobile Safari. You redirect the user via a custom url scheme to your app (i.e. using myapp://authenticate). Apple documentation on implementing custom URL schemes: click
Now, if you have an active FB session in your iOS app, you can either directly redirect the user back to your landing page in Mobile Safari, passing the access token via url get parameter or you first re-authenticate the user, displaying a login view with the user name pre-filled, which you have stored in your iOS app before (step 1) and then redirect the user to your landing page, again all depending on session state and your security needs.
For opening face book app you can use Custom URL scheme. But i am not sure if u can authenticate user from it. In case if you could also then it will be confined up to the fb account which is already configured on that device app .so better try to use face book api or something
I don't get your question exactly but i think as per your question you want to create fb app Login in safari or in your custom web view.
is this perfect ?
as per my knowledge web view is different thing and native app is different thing.
if you are Login in web view then no need to check anything token or other thing because it will give you Logout thing there.
but if you are Login in your application then "developer.facebook.com" will definitely help you.
and yes, you will do most of the thing in your app as native facebook app do.
Hope it help....
I've a simple application, that requires facebook signup/login built in Rails 3 that works exactly as I want it to.
Meanwhile, I had several requests to make it behave like an API, the web app is a social media tool where people publish content to their own social networks. i'm converting the system to provide a solution for the following problem:
3rd party website having their own login system
They want to make a button - publish through X service - and as soon as the user presses the button he will be shown the Facebook Permissions' dialog for my own fb app, as soon as he authorizes it the content will be published
So far, while the webapp was a standalone website, this was really easy to do - they would go to my webapp, login with facebook and published whatever they wanted to, however, I'm finding it hard to come up with a solution that doesn't present any security issues. Here's what I was thinking:
I provide a JS SDK which:
the 3rd party install in their website -> a special method is associated with a button
Once the button is pressed, the user is redirected to FB (sets de redirect_ui to be the current page)
catches the params whenever FB redirects back (as soon as the user gives the permissions)
Push the content through Facebook and so on
the 3rd party provides a callback that will run as soon as the content is published (I send them the FB_ID and access token)
The 3rd party can now make calls to all my API given they will send the FB_ID and access token which I sent as soon as I had the permissions
Will this work ? Can I easily catch back the FB redirect ? Are there any security issues ?
Thanks in advance,
Ze
My system does something quite similar. I provide API to 3rd party sites and make calls to Facebook on behalf of their users.
The approach I took was to implement my system as an oauth provider. This way, when the user logs in on the 3rd party site, he's presented with my login page, which on click or by redirection, redirects him to Facebook oauth flow.
3rd party-->my site--> Facebook
However, this might be a bit of an overkill in your case.
Using Facebook SSO (Single Sign on), after the system prompts the user for permissions to work with their Facebook account, it directs the user back to the app that SSO was being run in. How specifically does FB SSO accomplish this? (How does it know which app to reopen after the permissions are granted?)
We are building a SDK that interacts with Facebook, and it is not clear how the facebook app figures out which app to return to.
When you add the Facebook SDK, one of the steps is to register a URL scheme for your app with your API key.
When you authorize the app in Facebook it tries to open the URL (usually formatted like fbXXXXXXXXXXX) and since your app is set to handle this URL scheme so the app is opened.
And here's a list of other apps you can communicate using handleOpenURL:
http://handleopenurl.com/
I am using RPXnow.com authentication solution for a rails app and am now at the point of wanting to develop Facebook integration features using Facebook Connect and the client api. What I am unclear on from RPXnow docs is the level of integration their solution provides. When a user connects via rpx using their FB creds, are they now using Facebook Connect? Can I make calls to the client api from my app? Do I need to use the RPX api to access the FB client APIs?
Anyone with experience using both who can shed light here, much appreciated.
dnewman,
Great question. Facebook Connect is simply a javascript layer built on top of the Facebook Platform APIs. RPX uses the platform APIs to authenticate the user, and after they have signed in, you may safely use the native Facebook Connect javascript to implement FB specific features on your site like posting activity back to the News Feed. You just need to set your connect URL on the facebook developer site and drop in the Facebook Connect javascript and then start implementing. After authenticating via RPX, the user will already have approved and "connected" to your website, and you'll have access to the breadth of Connect directly.
Also, if you have an RPX Plus/Pro account you can make simple RPX API calls to set a user's status and post activity on Facebook (and Twitter/MySpace).
Brian Ellin
RPX Product Manager
Once you've hooked up RPXNow (JanRain) single sign-on, you can follow the Facebook documentation. The Server-side Personalization example is in PHP but the idea is the same in any language.
// Fetch the user's friends
$friends = json_decode(file_get_contents(
'https://graph.facebook.com/me/friends?access_token=' .
$cookie['oauth_access_token']), true);
$friend_ids = array_keys($friends);
The key point to note is that the $cookie['oauth_access_token'] referenced in this example needs to be the string returned by the RPXNow sign-on API response in the JSON field
['accessCredentials']['accessToken']
Hint: from your RPXNow dashboard, check out the Test Sign-In Widget page under Resources to see where that token is in the response.
Initially I thought this would be hampered by having your Base Domain set to rpxnow.com in your Facebook Application settings, but this is not the case. It works fine.