Request Facebook permissions without user leaving my website - php

Is it possible to get permission to access a Facebook user's User ID without having them leave your webpage? Is an iframe with the permission dialog the only true way to accomplish this?

You can use the Javascript API to Extend Permissions.
Lets say that you have already request the Email permission,
If you pass a new permission to the login button, the User must approve the new perm also.
example Login Button:
<fb:login-button perms="friend_likes"></fb:login-button>
example FB.login()
function fbAuth() {
FB.login(function(response) {
if (response.authResponse) {
alert('User fully authorize the app.');
} else {
alert('User canceled login or did not fully authorize the app.');
}
}, { scope: 'friend_likes' });
}
then you can call it with an onclick event or any other method you want:
Login

Related

Facebook login using AJAX to get access token

I'm working on a facebook app that will allow users to login and will retrieve there photos. I've got Facebook Login to work with a redirect to get the access token, but I'd actually like to make my app a little bit better and use ajax to get the access token.
I'm using the Facebook JS SDK to login into my app. I'm using the Facebook PHP SDK for the rest of it, like retrieving user albums and photos.
I'm confused about getting the access code using ajax from the login.php page. I see that that page sets the access token and can return that value from this page.
My loginWithFacebook function looks like this:
// REQUIRED - using the facebook js to login
logInWithFacebook = function() {
FB.login(function(response) {
if (response.authResponse) {
// alert('You are logged in & cookie set!');
// Now you can redirect the user or do an AJAX request to
// a PHP script that grabs the signed request from the cookie.
// Redirect Way
window.location.href = 'app5.1.js-login.php';
} else {
alert('User cancelled login or did not fully authorize.');
}
}, {scope: 'public_profile,email,user_photos'}
);
return false;
};
As you can see I'm doing a redirect. I wanna change that part to pull in the access token with ajax, but I'm not exactly how to do that part and also how to keep it communicating with the rest of the app.
Access tokens have been decoupled from SDK v.4.0. Check out the following link:
https://www.sammyk.me/access-token-handling-best-practices-in-facebook-php-sdk-v4
Also check out:
https://developers.facebook.com/docs/facebook-login/access-tokens#pagetokens
Hope this helps

Facebook: Redirect after login, user session is empty?

I am trying to authenticate (login) a user into facebook while requesting some permissions inside an iframe app.
I am using the JS SDK in conjunction with the PHP SDK. So, first I check if the user is logged in and everything is ok using PHP $facebook->getUser(), when that fails I redirect the user to a page where this JS is run:
FB.getLoginStatus(function(response) {
if (response.status === "connected") {
// Ok, go home
} else {
FB.login(function(response) {
if (response.authResponse) {
// Ok, go home
} else {
// Cancelled, go home
}
}, {scope: '<?php echo implode(',', $this->permissions); ?>'});
}
});
This would then create a login dialog asking for permissions. As you can see there are cases for when the user has authenticated/authorized properly and for when the dialog was canceled. In any of those cases I need to do a single thing: redirect back to the root of my application.
So, the dialog pops, the user logs in and then he is redirected back home, where I use PHP to getUser().
The problem here is that, the first time the user is logged in and redirected, getUser() is always empty, there is no user session. If I refresh the facebook page holding my app's iframe, then there is session and permissions are properly set, indicating that the dialog has done it's job.
Any ideas of why would the first redirect not work?
I found similar issues, but non gives me a specific, working solution.
If anyone else has the same issue, here's what I've learned:
Facebook claims to supply the session cookie to PHP after it's set with JS, but this is NOT true, at least not at all times!
The only solution to this (at least the only one I could think of) is to manually pass the access token whenever you login with JS to your backend (PHP). Store it in a session there, and whenever avaialable use it instead of the access token the Facebook API is trying to use. Just call $api->setAccessToken($yourNewToken);
You can keep on testing to see when exactly will the token be available, but for me it is usually available right after the second api call.

Add Facebook login to existing login syste

I have problem! Im trying add Facebook login on my website but some stuff in my script is encoded. Problem is that in facebook login for detect user is logged in or not use this code:
if ($user)
{
/* Some code for logged in user
}
And on myy website I using this code:
if(User::isLoggedIn())
{
/* some code
}
My question is how can I change this to dont need change every file where is User::isLoggedIn()
into your User class, isLoggedIn method, add
public function isLoggedIn() {
global $user
return $user;
}
What I do is link the user Facebook account whith the user login account adding a field in my db user table, and then, when the user is logged via facebook, I check if his id is associated with a user account in my db.
If so, I init the user class with logged in activated.

Creating a Facebook App Tab for Admins

I need to pass in user information (ie: userID, email address) from my portal into a Facebook app so that their profile shows on their Facebook tab when they grant access to use the application.
So far, I decided to create an admin landing page/dashboard on Facebook, so that they can enter their email and password. I can then retrieve their userID to add to the Facebook tab, and it will load all of their information.
Right now, I need Facebook to know that I am passing in that value, and load it to the users Facebook Like page.
I am not sure if this is the proper method to use, or where I should begin.
If I understand your question correctly you want to know a general pattern for admin pages in Facebook apps.
What I usually do is identify whether or not the person viewing your page is an admin, and if so output a secure link to your editing page, which would then connect via Facebook and verify the user again before showing whatever forms you need to perform the administration tasks.
To determine if a user is an admin of the page: When you parse the signed request data, you should see a page.admin value. If you don't get any signed request data you can safely assume the user isn't an admin. You can use the PHP SDK to parse the signed request data or write your own stuff. I wrote my own library because I found the PHP SDK a bit hard to use. https://bitbucket.org/tlack/xfb
Once you know if they are an admin, output a link to your admin page. On that page do the typical FB Connect stuff with the JS SDK. Here's a little example I use in my Domain Trip Facebook app to request and store an offline access token that I use to manipulate the page later:
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script type="text/javascript">
FB.init({
appId : '<?= $app_id; ?>',
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
oauth : true // enable OAuth 2.0
});
function login() {
var callback = function(response) {
if (response.authResponse) {
console.log('Welcome! Fetching your information.... ');
FB.api('/<?= $_REQUEST['id']; ?>?fields=access_token',
function(response) {
if (response.access_token) {
document.location = 'edit_permission.php?id=<?= $_REQUEST['id']; ?>&at='+response.access_token;
} else {
alert("Could not get permission to access page. Please contact help#domaintrip.com");
}
}
);
} else {
document.location = '<?= get_my_url(); ?>&f=1';
}
};
FB.login(callback, {scope: 'offline_access,manage_pages'});
}
</script>
<p>
We need permission to interact with your Facebook page.
</p>
<p>
<button onclick="login(); return false;">Login Now</a>
</p>
If you want to get really fancy, you could have the admin editing UI in the main page itself, unfolding when a button is clicked.

facebook log out

i have made one site in which i have given functionality called 'connect with facebook'. it works fine for login..
but now i want to implement functionality when i click on logout, it should be logged out from facebook as well...
can any one tell me from where i should start..?
When you implement facebook logout using FB.logout, make sure its not redirecting before completing the logout action. I have done something like this.
$('#logout-link').click(function(){
var loc = $(this).attr('href')
FB.logout(function(response){
location.href = loc;
})
return false;
})
FB Logout says that calling FB.logout will log out the user.
Use <fb:login-button perms='email' autologoutlink='true'></fb:login-button>. And then capture the logout event and simply redirect user to some where you can also logout from your system.
When user will click the fb:logout you can capture that event at this function
FB.Event.subscribe("auth.logout", function(response)
{
// redirect user to that page where you logout from your system
});
simple ;-)

Categories