I'm using authlogic_facebook_connect plugin on my RoR app. Looking to get extended permission from the user to acquire their facebook email address so that I can use this email to store in the database as their "myapp.com" registration email. This way a user can come to the site and click on the facebook connect button and be automatically signed up with my site as well. I know that I need to ask the user for their permission before I can get their facebook email, but I can't find anything around on how to do that..
(fyi I've tried simply getting email from facebook_session.user.email, but of course it's nil due to the permission restrictions)
Related
So I have an iOS app that uses Firebase, signs users in anonymously initially and then allows them to later add an email address, which is linked to the Firebase user using a call to:
Auth.auth().currentUser?.linkAndRetrieveData(with: credential)
This all works fine but I'm now running into the issue of being unable to update that user's email. I assumed this would work by simply sending another email link to the new email, then calling linkAndRetrieveData with the new credentials.
This, however, gives me a FIRAuthErrorCodeProviderAlreadyLinked error, because the user already has an email address. I would've expected it to just overwrite the existing email. I then tried/considered to solutions:
Unlink the email provider, then relink with the new credentials. First, this seems impossible since the stated "providerId" for an email-link-authenticated user is "Firebase", and when I feed that into unlink it fails. Second, this is bug prone because you could successfully unlink the first email and then have the link of the new email fail.
Use the provided "updateEmail" method - this doesn't work because it assumes email/password authentication, and I'm using email link authentication. Even if this did work, it would mean having an unverified email.
So I'm wondering how to do this, or if it's actually possible that this isn't supported at all. I can't believe this wouldn't be supported since it seems like a very common issue and basically makes email link authentication a nonstarter.
updateEmail() is the method to change email for signed in user, no matter how the user was created or authenticated. You are right that the new email address would become unverified. The sendEmailVerification() method can then be triggered to send a verification email to the user, so they can verify the email address.
The providerID for an email link user should be "emailLink" (Android link, since I couldn't find the iOS version quickly, and the values come from the server anyway).
But note that a linked account will always have a top-level provider of "firebase", and then have the actual values of the linked accounts in the UserInfo elements of the provider array.
My AWS Cognito Pool has email as a required attribute. All users who sign up to my app have been required to provide their email.
I've recently added Facebook as an Identity Provider to my user pool.
The problem is that Facebook doesn't always provide an email, and in those cases, Cognito will redirect new users to an error page saying "Email is Required".
I want to prompt the user to enter his/her email and then continue the sign up process, rather than just ending it with an error. Is there any way to do this?
This simply is not currently possible with Cognito User Pools.
I've hit the same example when working with clients, even when consenting to the appropriate scopes, Facebook will not provide it in the OpenID token.
I suspect though that the email is retrievable via the API following this, so you may have some luck with a Cognito User Pools trigger to go retrieve the email and stuff it in post-authentication if it's missing.
Otherwise there's not a lot you can do other than making email address optional and then designing customer experience around this.
If you have set 'Email' in the Facebook token scope, Facebook will provide the email address if it has one. However, Facebook itself doesn't always have an email address for a user
https://developers.facebook.com/docs/facebook-login/permissions/#reference-email
Note, even if you request the email permission it is not guaranteed
you will get an email address. For example, if someone signed up for
Facebook with a phone number instead of an email address, the email
field may be empty.
In this case I think you either have to live with the current Cognito behaviour, or make email optional, but effectively enforce it yourself with a Cognito Post-Authentication Lambda trigger
I want to add "Login with Email" functionality in ios app.
I searched about this, but i found that we can not get default email account of iPhone.
Can anybody suggest me how should i proceed for this issue. Thanx in advance.
use this link for your login with gmail http://technogerms.com/login-with-google-using-oauth-2-0-for-ios-xcode-objective-c/
will u need just like this , here i used
Login with FB
Login with Twitter
Login with manually
-- here i used server and Sqlite for save the user information
-- email, name, p/wd, phone number, etc.
-- this login accessing with our own db or server
Of all the apps that ask for email and password, none get it directly from the iPhone settings, which makes me believe that there must be some sort of restriction for gathering that information.
So, then the procedure is ask for email and password from the user directly, fire a url to validate and check for the user with those credentials and either login or ask him/her to sign up
I want to give the opportunity for a user of an app to register/login with Facebook or by creating an account. I know that I can get the user's Facebook account email address, and their first and last names. That's basically the only information for creating a 'local' app account, apart from a password. How can I make sure that if that person logs in to Facebook on another device, that their two devices are linked to the same 'local' account? (i.e if they choose to sign in with Facebook with 2 devices, I only want one local account to be created on my server for that user).
Ideally, I want the login schemes for both to be identical. So if that user logs in with Facebook, I can check (securely) that the FB account is linked to a 'local' account, and automatically log that device in without making the user type in a password. Is this possible?
Edit: The 'local' users will be stored in a database on my server, and the front end will be done in Python running alongside the API for the app. Note that 'local' is just referring to the fact that it uses my app web service rather than an external social network.
You can do that within your users database as per below:
assuming you store the user data in a table named userinfo, this table should contain user e-mail, first name, etc..
Add another column in this table named fbemail.
If users signs in using web service, his email will be saved in the email field & the fbemail should be null, if signs in using FB, then both email & fbemail should be the extracted email.
when the user uses FB login, check the fbemail field, if not found, then this is a new user, add his data, if not, then this is a returning user, no need to add his data.
Option 1.
You can identify your Facebook user by his Facebook User ID. If he logs in using Facebook on other device you know it cause he sends you his Facebook User ID in the authentication process. He also sends you Facebook access token which you validate contacting Facebook to see if it is correct. Using this approach you have to have a different authentication scheme for Facebook user and "normal", email user.
Option 2.
To have the same login scheme you can use Facebook to get user email and prepend it in the email text field in your registration screen. The user would need to additionally provide a password. This means that you are not really doing a Login with Facebook, but use Facebook to obtain an email (and any additional information) so the user does not have to type it.
This is an old post but still very valid. You are correct, anybody who has your FB email could potentially access your server rest-api and log into it. To access a backend service you will need to use as password the FB access token generated during the FB log-in. This is stored in the device keychain and can be retrieved as:
NSString *accessToken = [[FBSDKAccessToken currentAccessToken] tokenString];
NSString *userID = [[FBSDKAccessToken currentAccessToken] userID];
The topic of using a FB authentication system in parallel to a custom login/registration system is covered in this FB guide: Using Facebook Login with Existing Login Systems.
In sum, different scenarios need to be addressed:
A person signs up for your app using their email and password, but later they want to use Facebook Login to obtain data from their Facebook account, to post to their timeline, or just to use to log in with in future.
A person signs up for the app using their email and password, but later chooses to log in with Facebook separately. This guide assumes that the email supplied first and the primary email associated with their Facebook account are the same.
A person signs up for the app using Facebook Login and later wants to log in to this account using an email address and password.
The guide recommends using two different tables for the FB log-in and the custom login.
I have recently implemented login to my via facebook connect. So now users have 2 ways of logging in to the site. The old way of registering an account and the new way (facebook connect).
One thing I would like to do is link a new facebook connect user account to existing accounts if they logged in the old way.
Has anyone had any success doing this?
Very good question I think and lots of people will benefit from an answer.
What you need to remember is that accounts are only linked so long as they are authorised to be linked through Facebook. What you should do is maintain a second table of linked accounts in your database so that you know who is who and if they are linked with Facebook.
You should read this integration comment, it provides a lot of useful information.
http://crazyviraj.blogspot.com/2010/01/test-cases-for-basic-facebook-connect.html
It doesn't really say how to do things, but it makes sure you tick all the boxes of what you should be doing.
ie:
Sign Up should fail if the user denies
permission to the app (category: sign
up)
Since we need access to an email
address, Sign Up should fail if the
user provides publish permission but
denies email permission (category:
sign up)
If the user provides an email address
that already exists in your system,
fail Sign Up. Make sure no YouFace
backend tables are modified (category:
sign up, 1:1 mapping) PS - when this
happens, I didn't find a way for you
to de-authorize YouFace on the
Facebook user's behalf. The user must
manually do this if they wish you use
the same account but provide a
different email address.
Accounts created using Facebook
Connect should not be able to login
using YouFace's default email/password
login system (category: sign in,
account security). PS: Since YouFace
accounts require a password and those
created using Facebook Connect don't,
make sure to insert a random password
hash into your table to avoid silly
errors
Accounts created using YouFace should
be able to sign in without requiring
to be signed into Facebook, even if
when a link to a Facebook accounts
exists (category: sign in)
Any many more
You should be asking for permanent access through fb connect authentication. Once you've done that, you'll get a token which gives your permission to access someone's Facebook information, and that token will not expire unless the user explicitly removes you from the permission list or changes his/her password.
Once you have the token, associate that token with the user / create a new field in your user table to store it.
To associate the user with a Facebook account without the user logging in, you can try to match by email. It's not 100% accurate but it's pretty good. Facebook doesn't give you email addresses in text form but you can get email hashes from FQL. Since you already know user email addresses, you can calculate the hash for all of your user emails and search through your user base for matches every time a new Facebook Connect user signs up.