I am building a site in php which uses facebook login to grant access. When the user logs out I want to log them out of facebook as well as my app. I have looked everywhere to find out how to do this but there is nothing out there apart from a tutorial the facebook developer page that explains how to log the user out while also revoking the permissions they granted you when they logged in. I dont want to do this, I just want to log the user out of my app and facebook without revoking permissions. Is this possible with the server side sdk?
If you are using the PHP SDK, you can use it as described in the following link :
http://developers.facebook.com/docs/reference/php/facebook-getLogoutUrl/
Related
I am successfully connecting to the Google Adwords API with the OAuth2 examples from Google. I want now to implement programatically the disconnection of the customer for this OAuth2 connection.
I saw in some examples the function
$client->revokeToken()
but in my case this function is not present. I am using for the connection the libraries from
"googleads/googleads-php-lib": "*"
I think you miss-understand how Oauth2 works. When you run your application a window pops up asking the user if they would like to grant your application permission to access their data. Assuming the user says yes then your application can now access their data. They are not logged in any scene.
What revoke does is remove the access that they granted to your application.
There is an issue about this on the issue forum 986 I cant seem to figure out if the bug was fixed or not.
If you cant get it to work you can do
https://accounts.google.com/o/oauth2/revoke?token={token}
this works the same as the user removing your application from Permissions
I'm trying to get read_stream and rsvp_event permissions but FB's staff continue rejecting my submissions .. Why is so tricky retrieving permissions for a simple app?
I just need to read my status messages and events and display it on my website.
How do you create permissions submissions for your FB apps?
(I use graph api on my php site)
This is from the docs at https://developers.facebook.com/docs/facebook-login/permissions/v2.1#reference-read_stream
This permission is granted to apps building a Facebook-branded client on platforms where Facebook is not already available. For example, Android and iOS apps will not be approved for this permission. In addition, Web, Desktop and TV apps will not be granted this permission.
So, it's very unlikely that you get this permission approved.
Regarding the events, I think user_events would be the right one: https://developers.facebook.com/docs/facebook-login/permissions/v2.1#reference-user_events
As I understand this is only for the use on your personal website, why don't you generate the Access Token for your user manually via the Graph API Explorer, prolongue it and store it somewhere in your PHP script? You'll need to update the Access Token every 60 days manually as well, but this I think the most pragmatic option you have.
See
https://developers.facebook.com/tools/explorer
https://developers.facebook.com/docs/facebook-login/access-tokens#extending
I have a very basic PHP site that I want to use oauth2 authentication against Google Apps, using the example they provided (below is my version), The user on authentication keeps getting prompted to allow my app offline access to their account, Which I don't want.
$this->gapps_api_client = new Google_Client();
// $this->gapps_api_client->setAccessType('online');
$this->gapps_api_client->setApplicationName( GAPPS_APPLICATION_NAME );
$this->gapps_api_client->setClientId( GAPPS_CLIENT_ID );
$this->gapps_api_client->setClientSecret( GAPPS_CLIENT_SECRET );
$this->gapps_api_client->setRedirectUri( GAPPS_REDIRECT_URI );
$this->oauth2 = new Google_Oauth2Service($this->gapps_api_client);
It's worth nothing I have been playing with "setAccessType" however no values seem to have an effect on this offline permission mode.
I've tried leaving it commented out, setting it to "online", "offline" nothing has made a difference.
Anybody else been able to oauth2 authenticate without the user granting your app "Offline access"?
The offline access display is often flagged if you have previously granted an app access, but the app is asking for sign in again (if the consent dialog is being forced or similar). This is due to incremental auth - its trying to hide previously granted scopes.
To test this, try revoking all app access with https://security.google.com/settings/security/permissions and signing in again. You should see the full scopes.
If that is the issue, then it is likely something your users wont see - when they sign in again they should not see a consent dialog unless you are using prompt=force or similar.
You might also want to look at retrieving profile using the Google+ API (this works for all account types): https://developers.google.com/+/api/latest/people/get, and upgrading to the latest version of the PHP library: https://github.com/google/google-api-php-client
I have a facebook web login page, and when you already loggin in with facebook you don't have to log in anymore with you're account.
Now the problem is when I open the website on a iPad/iPhone and on the device I'm already logged in with the facebook app. My site can't see this and will ask you to log in via safari again.
I tried to use the Facebook JavaScript and PHP SDK, and both can't find an account logged in on the app. any idea's?
I assume there are two different sessions. The app and the actual website must share the same session but this is not really a good idea security wise, and I am not sure if it is even possible.
I'm currently working on adding Facebook integration into a website of mine via the PHP SDK. I'm requesting and planning to use the offline_access permission so I'm storing the access_token in a database. However, I'm giving the user the option to remove the integration with Facebook after they add it and therefore then removing this access_token from the database. This is where the issue comes in:
The first time they add the integration, my app redirects to Facebook correctly and asks for the permissions, etc. Then, however, if they remove the integration and then re-add it, it doesn't ask for the permissions again (which makes sense since those permissions are still technically given to my app on that user's profile unless they went into Facebook and manually deleted them).
My question is if theres a way to tell Facebook to remove my app and its permissions from that user's Facebook profile so that if they go to re-add the integration, they are once again prompted to accept the permissions.
Perhaps something like $facebook->expireAllAppPermissions() I guess.
You can issue an HTTP DELETE request to /PROFILE_ID/permissions to revoke authorization for an app.
this is because you are just deleting access token from your data base , it will not remove your app from user profile. user is still authenticated with your app. he has to remove the app manually.