Edit: I found the solution here:
Using app access token in IOS
Hi,
I read in this thread:
Facebook API without client authentication for public content
that it is possible to make facebook api graph requests without the need to log in as a user.
I tried getting the app access token with a NSURLConnection request,
but from there I don't know what to do.
How do I get the NSData response into the right format for the token (which is what, a NSString?)?
And how do I send a facebook graph request with the aquired token?
Or is there a simpler way to receive public posts from a facebook wall without the need to login as a user?
Greetings
Michael
Hey i'm struggling a litle bit with the same problem.
Since a couple of days Facebook changed some things concerning having an access tokken. Now, if you only want to read a users posts you will need to have an access token (even if this info is public).
Luckily you can also use the app access token. I'm trying to figure out how to fix this, but here is some information about that: http://developers.facebook.com/docs/authentication/ (chech app login)
Related
I know, this might be a very naive question, but I'm having hard time imagining a complete picture of how Facebook SignUp and Facebook Login should be used in my application. I understand Facebook documentation, but it gives me scattered pieces which I can't figure out how to put together. I would appreciate any links for how-tos regarding this issue.
The problem I'm trying to solve, is simply to use Facebook SDK to register users in my application. But, what does this mean? Generally, if we take e-mail registration, this means getting e-mail address and a password, which will be used for later logins. For every login, my server will generate a session id, which will be used in API calls.
Now, I can obtain user's e-mail using Facebook SDK. But now what? What about the password? How should I generate a session id now on my server? Do I have to perform Facebook login call every time I start the app? Or should I send access token to my server and store it in users table and use it for generating session id? I don't need to perform Facebook Graph API calls in my app. All I need - is "single-click" signup/login functionality. What's the right way to do it?
How do I get Facebook Page Access Token using SLRequest (with a graph api call) on iOS.
I have an app that posts photos to a particular Facebook page. I've got it working through php so I know there is no issue with obtaining such permissions. But I need to do it completely in native iOS now.
In iOS, I've got post permission to said page owners feed, but that's not what I want. when I use the app token to post to a page (this is a photo album on a public facing page) it gives me 'permission denied errors'
I have this working through php using
$request = new FacebookRequest($session, 'GET',
'/me/accounts?fields=name,access_token,perms');
Just need to get the same for iOS using SLRequest as I'm using iOS Social framework
Thanks for the help
You should not make call to the Graph API using an App Access Token from a device. That is because the App Access Token should be considered like a password; storing it on a device is insecure because the token can be extracted using special software.
You can read more about this here: https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
...Again, for security, app access token should never be hard-coded into client-side code...
You can handle your situation in two ways:
Just make the call using the User Access Token. If you have the correct permissions from the user, you can post as that page to the photo album.
Send the data to your own servers and make a call, using App Access Token, from there to the Graph API.
I would suggest you use method 1. Its also for your rate limiting better to use User tokens instead of App tokens.
I am integrating the facebook SDK in my application for ios. When the user login via facebook I am getting the token, and using it to authenticate the user in my app. The token will also be used to get the user information and validate the user on the server.
My question is this:
If the user login using facebook with the same account but on another device.
1) A new token will be send for him?
2) if so, what happen to the old one? does it get expired?
I know I can test and see what happens but we are still in the planning phase and we can't afford to spend time on implementing tests. Searching on google about this issue didn't result in any clear answers. So I would appreciate if someone has info about it
Thanks a lot
To answer my own question in case someone is looking for it
1) A new token get sent
2) The old token still works
I'm using omniauth-twitter for twitter log in to the website and it works perfectly well (go to /auth/twitter, user authenticates, and then redirect_to /auth/twitter/callback). Great.
However, on the iOS side, how can I implement sign in with twitter? Do I do it client side or server side? Could anybody go through the steps? (note: the only way to sign in to the app is through twitter)
We've tried:
using a UIWebView that goes to /auth/twitter, but on redirect, it goes back to the web version. Is there a way to get JSON data from the UIWebView?
doing sign in with twitter client side, and using a made up password to authenticate in sessions#create that matches a made up password on the db.
Is there another alternative for authentication? I know what we're doing has a lot of flaws but we couldn't find any other solutions even after asking in meetups and researching online for days. please help!
You could add an OAuth 2
implementation on your server. Your server authorizes the iOS app for an authenticated user / content owner. (You have completed the authentication part.) Once authorized, the iOS app accesses that particular user's content (via an api on your server) as if it is logged in as that user.
You will find one potential OAuth 2 provider implementation for RoR as
applicake/doorkeeper
You will find a sample iOS client application as
telegraphy-interactive/OAuthClientSetup
That is one suggestion, in any case. Not the whole answer, which would require a book chapter.
I am developing an application that requires login with social media (Facebook, twitter). From these services I just need to obtain the session tokens. So, when the user presses the "Login with Twitter button", I want to have a sign in method similar to what the Facebook application does, where it signs in the user and then returns with a session token.
I would like some pointers on where to start. I searched the official API documentation, but is seems developing with Oath is way complicated and demands time that I can't afford to devote at this point. I stumbled upon MGTwitterEngine, But I failed to see a way of obtaining the OAuth's session's token, and also, it hasn't been updated in 3 years! https://github.com/mattgemmell/MGTwitterEngine
Can anyone point me into the right direction?
You should use the APIs and OAuth. It would probably be more difficult and take longer to try to avoid OAuth. Just put up the twitter or facebook login pages in a UIWebView and go from there.
Getting the oAuth token from Facebook is very straight forward, the iOS facebook API provides it. Getting the Twitter API token is just a matter of parsing the URL that is returned to you. Niether is very difficult.