I am implementing the web service for mobile phone(Like ios, adnroid etc). I dont have login/signup through facebook in my App. But i want to share the data from my App to facebook (and twitter ) as a post. For this, i dont want to redirect user to facebook to enter their credentials on facebook and then share the data. My requirement is get only Username and password from the user save it in DB and call the FB API from my webservice which will check for the authentication of the user credentials (Facebook ) and if correct then it will psot the data / message to user FB wall. I am trying with php for this , but all the libraries and codes available, are going for FB login window.
I know that offline facebook access is removed, but still want to go for it.
Please, one guide me for this. Any code for php or code for mobile (Iphone and Android) will work
You can´t use the api with only username and password, that would be a major security problem. If someone hacks your database > access to all Facebook accounts.
That being said, you don´t need to authorize a user for sharing, the Facebook docs offer a lot of information about that topic: https://developers.facebook.com/docs/sharing
You can just use the native share dialogs. For posting without a dialog, you would need to do a lot more things:
Authorize the user with the publish_actions permission
Go through a review process on Facebook with that permission
Use /me/feed to post: https://developers.facebook.com/docs/graph-api/reference/v2.1/user/feed
And keep in mind that the message parameter must be 100% user generated, see platform policy: https://developers.facebook.com/policy/
2.3 Ensure that all content in the user message parameter is entered by the user. Don’t pre-fill. This includes posts, messages, comments,
and captions.
A generated message will not get you through the review process.
Related
Good morning all,
I must create a site in PHP where we enter the url of the facebook profile, and then it must retrieve some information from the profile:
The profile picture
The name
If the profile and verify
I wish I could do it without this connection.
What to give me a clue?
(I succeeded with tiktok, instagram, etc.) but with facebook it's been a while that I'm looking for the solution
This is not possible for 2 reasons:
Scraping is not allowed on Facebook, you must use the API for accessing any data
Any user data is unavailable with the API, unless the user authorizes your App to access his data
The correct way to implement verification is to implement login with the Graph API and let the user authorize your App. Btw, this still does not mean you can verify his profile url, because you will not get the real URL, not even with authorization.
I've got a custom built news page that can cross post articles to Facebook and twitter. I'm using the Facebook SDK - everything works perfectly. I'm able to add articles, delete articles and even post/delete events.
All of this happens under our company's FB account, however folks writing the articles are first taken to FB to log in (or the SDK asks for permission to post to their personal FB account if they are already logged in). This is triggered by a call to getUser().
I've googled a bit on this, and find a lot of info on working with the current FB user's data/profile, but haven't found where to automatically log in with a specific FB account, prior to working with that account.
Is what I'm wanting possible with the SDK? If so, can someone point me to some 411 on getting this accomplished, or reply here with some info?
EDIT:
Instead of downvoting, can someone reply back with some feedback? I don't mind deleting the question if it is not appropriate, but I'd like to see where I deviated first. Thanks.
I don't think you can auto login using facebook. Either you log in everytime using a specific account. Or you have 1 universal account and use offline access with that. That way user A, user B and user C log in with an internal account and then use the offline access with the FB universal account to post to FB.
Hope that is clear. :)
If you need something more than publish_stream, then it's going to be a manual process for you to give your automation an extended 60 day user access token.
If you only need publish_stream, then you can publish at any time, even when the user is not present using an app access token. See Facebook's permissions documentation.
Enables your app to post content, comments, and likes to a user's
stream and to the streams of the user's friends. With this permission,
you can publish content to a user's feed at any time, without
requiring offline_access. However, please note that Facebook
recommends a user-initiated sharing model.
I have created a facebook app for a companies facebook pages. Ie the app is used as a special tab on the facebook pages.
Can I get it to post to the current user's wall without having to ask the user to install and authorise the app in the way you would for a fully fledged app like farmville?
FYI - I'm currently using the latest PHP sdk
Can I get it to post to the current user's wall without having to ask the user to install and authorise the app in the way you would for a fully fledged app like farmville?
No, users must always explicitly give an application permission to post content. It'd be hugely abused - any tab you visited might spam your wall to hell.
Your app cannot post info on the user's wall unless explicitly given permission by the user. The user has control over all aspects of their account and having non-consensual access results could result in wall spamming.
Therefore if your app wishes to post to their wall, explicit permission is required.
So I am trying to let my customers login in with Twitter, and just twitter.
Twitter says "You should never store a password for your users again", but how am I going to reauthenticate my users with twitters API?
If I resend the user to twitter after they have deleted their session, twitter asks the user again if they want to give acces to my application.
Is it at all possible to have seamless intergration with twitter accounts without ever storing local user data?
EDIT
It seems that the question is not extremely clear. What I have experienced using for example http://forum.jquery.com/. They use OpenID. I click "Login with google". I get redirected to google. Google remebers I gave acces to Zoho once and instantly sends me back to forums.jquery.com, this time with an access_token for zoho to authenticate me with. I have no persistent data with Zoho. Yet they can log me in.
What twitter with OAuth does is the following. A user comes to my site, they click "Login with twitter" and get redirected to twitter.
Twitter asks them again whether they want to give the application access to their data. Instead of the immediate redirect google does.
Is it possible for twitter to immediatly redirect the user to me. Is there a setting for me I am overlooking.
Send users to https://api.twitter.com/oauth/authenticate instead of https://api.twitter.com/oauth/authorize. If the user is already signed into Twitter and has previously authenticated with your app they will be redirected without seeing an allow/deny prompt.
What you store from Twitter are the user's TOKEN and user's SECRET. Those values are issued by Twitter (or any oauth provider) when you are in the process of oauth authentication.
You can get the idea using this library in PHP:
https://github.com/abraham/twitteroauth
Or this one in Ruby:
https://github.com/jnunemaker/twitter
The process is quite straightforward once you tried with any real example. It is not difficult at all.
There are also some nice screencasts here:
http://railscasts.com/episodes/241-simple-omniauth
http://railscasts.com/episodes/235-omniauth-part-1
http://railscasts.com/episodes/236-omniauth-part-2
Have you actually read the API?
Read the getting started page, you don't store passwords you store access tokens for the user. And if you want people to log in and register your going to have to store some data ;-)
I had this problem exactly and solved it using setAuthorizedUrl method - for more details see here http://www.evilprofessor.co.uk/359-sign-in-with-twitter-using-zend-framework/
This tutorials might Helpful for you.
Twitter API connect using oAuth
Cristian comment is what I was looking for.
You have to save those values in any persistent storage, if not, your users will always need to go Twitter again.
Shame that twitter doesn't recognize that the users have already allowed my app and redirects automatically
I have a facebook application in my website. When someone is already logged in to my website, I have the offline_access of his facebook account, but when I put a like button, it always asks for login to facebook again.
Everything else works, like printing the posts, photos, etc. But the simple action of liking something, doesn't. How can I make it work using the php-sdk api?
I'm presuming that you have just used the like button code from here. What's happening when they click that button it's not going THROUGH your website but rather taking a bit with it to facebook. So it takes your URL to facebook and they do the whole posting bit... therefore if the client is not logged into facebook it'll ask them to login.
What you can do is use a curl posting script through your website and that should post whether they are logged into the facebook main site or not provided they logged in with the offline_access.
Please tell me if you need more information or if I have mis-interpreted what you meant.
Regards,
Jon
I guess you are misunderstanding the behavior of the offline_access permission:
Enables your application to perform
authorized requests on behalf of the
user at any time. By default, most
access tokens expire after a short
time period to ensure applications
only make requests on behalf of the
user when the are actively using the
application. This permission makes the
access token returned by our OAuth
endpoint long-lived.
This would mean, even if the user is logged off, your application will still have access to it's account BUT this DOES NOT mean that you can capture/monitor if the user is back on your website again until he is logged to his FB account again.
So offline_access will never know if the same user is currently on the page and "automatically" log him to his FB account!