We have a scenario where application is scheduled for a private beta launch. Also, application will only have login via facebook facility.
As per the app workflow, we will initially send invite to a few selected users who will then authenticate using facebook. Authenticated users can establish connections with their facebook contacts within application context. As they establish these connections, application will send out invites visible only to connected contacts of the user. Invited contacts can then login into the application using facebook auth.
What I have tried and where the problem is:
Notifications: As per facebook docs, only canvas applications can send light weight notifications. Even if we decide to launch application within facebook canvas, notifications can be sent to user contacts (those contacts who have not already authorised application) only via User-generated requests (i.e. via Request dialogs). This doesn't go well with application requirements and needs i.e. showing a request dialog every time user establish a connection with it's contact doesn't seems like a nice user experience to us.
Wall Posts: Another possibility is to post invitation on contact wall. However, facebook doesn't seems to provide an ability to control privacy of posted feeds on contacts wall. Documentation says Post privacy settings (can only be specified if the Timeline being posted on belongs to the User creating the Post)
Is there a legal way to launch application under private beta / invite only using facebook authentication mechanism ? Since application is targeted for a specific kind of user group, we would like to control who gets to try the application.
Related
We want to send email to logged in users in our Drupal application. We are authenticating using AAD and our site is hosted in Azure app service.
we have a generic service account with a mailbox attached and we would like to notify the logged in users in case of any event using MS graph API and O365 connections.
Can we please get some guidance in this respect.
You can use the Graph API to send emails from your service account. Where you are going to have a problem is with identifying logged in users. An AAD token will be valid for your site even if the user originally signed in somewhere else, so logging signins isn't foolproof. Unless your users specifically sign out, the token will also be valid past when they stop using the site.
If you wanted to go down this road, then doing some logging of user actions and then sending the email to users that have been active within X amount of time might be an option.
If your goal is to notify users and you don't need an email specifically, then you might want to looking into using websockets or something similar to send notifications to the users within their browser.
For my current project I'm building a Laravel project where each customer will manage his company online. Each customer will invite his users to join his company on the platform, and we will use existing social networks for that, and especially Facebook. But I'm struggling with that invitation system.
Each customers will have to link their business page online with the Fabook Graph API with a page access token I'll stock on database. Like this customers will be able to send invitations through Facebook from our platform.
The problem is that I would let them invite only people who are following them on Facebook and are not on our platform. I saw that it was not possible from the Facebook GRAPH API to get the list of users who liked a Business page. It's only possible from the user to know if he like a specific page if he gave the authorization.
I would like to know how could I reach that goal ? Indeed, I would like to avoid people who are already on our website to be spammed on customers Facebook pages. Would it be a good idea to create a Facebook App linked to our Laravel platform to have more possibilites here on check in system ?
I am interested in expanding a Laravel 4.2 web app into the realm of mobile apps, allowing simple things such as the ability for existing users to sign in (but not sign up) and receive push notifications (simple at first for beta testing). I am very intrigued by Parse.com for their push notification capability but do not want to have to manage two sets of users - Parse and Laravel. Further, this app will be locked down to subscribers - it cannot be a free for all when it comes to user registration.
On the feature list for Parse Core it mentions connecting users via "traditional logins" but I cannot find an example of this anywhere. By "traditional login" do they mean sending a username and password to a remote back end? Or is that their way of referring to logging in with Parse users? Is it possible to connect Parse to a remote API such as my Laravel project (something along the lines of sending POST data with username and password and returning an auth token)?
I'd appreciate any advice on this or links to tutorials/documentation/etc. I have searched quite a bit and cannot seem to find anything.
Thanks!
You can use any of the SDKs to login a user either using a username/password or using Facebook.
Android login
iOs login
REST login
I would suggest you log the user in on the client device so that their device is registered to allow push notifications.
You can also use the REST API in your server code to do other things, such as creating the User and sending push notifications.
You can use Roles to limit things, e.g. create a "Subscriber" role and set permissions based on that Role.
I'm currently building a web service to allow a mobile app to login to our app using Facebook.
What is the best practice on implementing that feature?
My current flow is :
1st condition : User haven't registered yet...
User tap "Login with Facebook" button in the mobile app.
And then, user allows permission for the Facebook app that I created
for the mobile app.
The app retrieved email address, Facebook ID number, and Name from
the Facebook API
The app check if the Facebook ID && Email address already registered
in our database
If not registered :
The email address, Name, will be automatically filled into the
Registration form
After submitting, the app sends the information (Fullname, email,
hashed password, and facebook Id to the server, registering the user)
If already registered :
- The server returns the token code, which used for in-app activity
Do you think there will be a security issue there? I'm thinking if maybe someone knows you, knows your Facebook ID which can be fetched using Graph tool, and possibly know your email address, that people can logged on to the app easily by sending all the data to the server.
ALSO, I'm thinking of implementing the same method with Twitter, but it seems that email cannot be retrieved using Twitter API.
Any work-around on using Twitter API?
Thank you very much for your answer.
I'm building a web app for a client where members of general public can create an account. Client would like to be able to use my app to send Facebook messages to those members.
Note that my app is a standard LAMP site and NOT a facebook application, nor is there the desire to create one; delivering messages to members' FB inbox is the only goal.
Is this possible, using the FB API or any other way?
In short the answer is no. Facebook do not give you the ability to do this to prevent spam. You could post to all of your user's feeds however?
What you would need to do is:
Register facebook app to get access to FB API. You don't need to have actual facebook app, just use received API key on your standalone site.
Create authentication process on your site so users would be able to connect with your site through facebook.
Ask users for additional extended permissions during authentication to access their email, as it is not something that could be accessed without user's explicit permission.
That's the bare minimum for this task.