I am working on a website which will allow registered users to link with their Facebook account and periodically, the site will poll their information and post back to their Facebook page.
The site is Joomla based, so using the PHP API seemed most sensible, but I'm not sure.
I've looked at the Facebook documentation and it seems confusing. Do I need to write an app and get it approved, or is there a simpler way?
If I need to write an app, is there anyway to develop and debug the app before getting approval and only turn off sandbox mode after approval has been achieved?
What would be the simplest way to implement this so I can retrieve some Facebook info and make posts to Facebook pages at later dates?
In future, I may wish to allow users who are logged into Facebook to automatically login to my site, but for now, I do not want this.
You will need to register an application. Being that this is not an application hosted on facebook, there really isn't much of an approval process.
PHP SDK would be required for what you want to do.
In order to post to facebook or get facebook account information, the user would need to authorize your application and provide permission for what you want to do.
Keep in mind that although a user can grant your application a key via which you can do things on their behalf on facebook, this key will eventually expire if the user does not return to your application.
I would take a look at the Facebook API that was done for summer of code. It is currently in the platform tracker and you also need the OAuth1 API that she did. If if you use that you'll have a good start on what you need.
Related
I've spent a week trying to figure this out, and I am turning to the experts on Stack Overflow for a little help.
The Concept
I've designed a front-end and a back-end that are relatively separate. Members interact with a Client-side application that runs on Angular4 frameworks. For that, I use the Javascript SDK to control Facebook login. The application does not use Facebook for anything more than login and pixel information, so I request bare minimum permissions (thus bypassing any need for application review also).
On the back-end, I store the facebook ID of the members. The facebook ID is their unique identifier, since not all users will have an email address. If the member has a paid subscription to the site, the backend needs to invite them to a group page that has SECRET privacy setting. Membership to this exclusive group is one of the perks of paid membership.
The Problem
Here's the problem, to send a member invite, I need a CLIENT_TOKEN from a group administrator. OR I need to have a CLIENT_TOKEN for my APP, if the page that is created was created by the app itself.
What I have found
Facebook API documentation on the CLIENT_TOKEN is very sparse. The documentation includes redirects where the user supposedly enters their user-name, password and then, when they return, a CLIENT_TOKEN is passed back with the redirect. However, this does not work for the Backend, because the admin user (me) is not going to be available to interact with the page that is loaded on the redirect.
I thought about creating the group with the APP to utilize the CLIENT_TOKEN that is owned by the APP itself. However, the documentation (current link pointed to by the current API, btw) notes that APP groups are deprecated, so this is not an option.
What I need to know
Here is what I need to know:
1) How do I obtain a CLIENT_TOKEN for my personal user account without being present to authenticate each time it is requested?
2) In addition to the above, do you have any other advice or tips that I might have forgotten to ask about that pertains to programmatically inviting and removing members?
You can not send invite requests for a group to users via API.
That was a feature available specifically for App & Game Groups as well, but is gone with them.
I have a problem to find the right way of implementing a login service.
First my environment:
An Android or IOS APP
My own web-api in PHP
Now the users have to login to get specific data from the api. So I have to check if the user is logged in with the API.
First i thought I could do this with JWT (JSON Web Token). But users with existing Google or Facebook account should also login to my side.
Is there a way to implement the login in PHP (the API site)? The most examples to login with Google or Facebook are simple Websites and not an APP with API.
How could I implement this login system?
Some time ago I thougt I could use GIT (Google Identity Toolkit). But now they switch to firebase and the website only contains examples for Webapps and Android/IOS.
Is there a common technique to do a login system like mine?
Do I have to implement OAuth2?
Oh. Besides the Google/Facebook login, there sould be a way to login with email and password.
I'm a little bit confused. It can not be, that I'm the only one with this problem. Or do I am a blockhead?
Yes, it is posible and it is well documented on the API's page.
For Facebook login, you can check this link.
For the Google's case, you should check this link
Side note: I know that I should quote the relevant parts of the link, but there are too much steps to follow, specially on the Google's case, so I haven't done it to avoid a huge block of quotes.
Solution:
Implement the Login in the Android- or IOS-App and get there the access token. Now send this token to the API. There you can check it and to everything you want with the Facebook-/Google-API.
This is a tough question to ask so I hope I can make it clear!
I'm writing a PHP script that access a users Gmail calendar. I first wrote it using Zend and it was fantastic, but found that I have to use the Oauth to get to tasks - therefore I rewrote it for Oauth instead.
In order to use Oauth I have to go to my API console and set up the account and then I have access and everything works great. Here is my problem: I can't ask every single user to go through this somewhat technical step of creating a key and all of that just so my app can work with their Gmail.
Zend was really easy, the user provides me with their name and password and I have access. Now I don't see any way to change accounts using the Oauth method, all of the credentials are for a SINGLE Gmail account (as far as I can tell).
Is there a way to do what I'm trying to do without making the users go through fifteen hoops to allow me access? I would like to register my app and get my keys, then be able to point to ANY Gmail account, the user grant me access, and I'm in. Otherwise each user has to go to the API console in their own Gmail, create branding, create a key and then create a server ID, THEN provide that all to me so I can plug it in and THEN redirect them back to Google so they can say "yes, I accept this". That's a lot of steps to integrate.
I hope this was clear enough :).
That's basically how OAuth works. ONLY the developer that wrote the app needs to register it, get the keys and add that to the configuration.
Users of the app simply get taken to a page (after signing into their Google account) where they will grant access to your app in a single click. Google will remember their decision and the next time will be even faster.
Ok guys I'm creating an application in CodeIgniter that utilizes the Facebook SDK, both PHP and JS. It will be a user platform will people earn rewards etc. for sharing. What I'm confused about is the authentication for my application. So when a user comes to my site and logs in, do they need to authenticate every time? Can I store credentials? Should I only log them in with facebook. I guess to me it seems like they have to authenticate every time. How would you suggest integrating the authentication into the login process? I want to make calls like gathering info etc. but I want them to just authenticate one time and that's it.
I'm using calls like this from the sparks facebook SDK
$user_profile = $this->facebook->api('/me');
which basically works when the oAuth happens. how can I make this happen with out making them click through to facebook every time?
You can combine it with the login process, that seems to be a better choice for your needs. You can store the non-expiring offline access token returned by facebook and save it into the database
P.S. They are deprecating the offline access token but you can use it for now. After deprecation, you can probably get an extended access token which is valid for 6 months)
i am wondering how facebook works for logging in user on our websites.
I mean a user needs to be registered to my website for posting a comment, how can I check trough my php code if it's a logged user?
I heard you can only check if it's a logged user with javascript
Thanks for any explanation
You can use the Facebook PHP SDK to check if a user is logged in with Facebook, and optionally get information about her/him. That way you can let your users complete their registrations or use your website with some restrictions.
But you need to register a Facebook Application first, as that application will be shown when asking the user about for permissions you require.
You don't need JavaScript to do this, but Facebook makes it pretty simple to use thier JavaScript lib. You do have access to whether or not the user is logged in in php using this method.
Take a look at the single sign on section of the developers API.
If you are running a software package like Wordpress or phpBB you could google around to find a plugin that did it for you. Otherwise, ignore this ;)