I am working on first Fb App, when I visit my App , it first shows the Dialog of Goto App screen shot 1. When I click GotoApp, it already adds application in App Settings.Then it shows Permission Dialog, given here. Now even if I click Cancel then it does not remove Application at all.
COde snippet is here
I don't want to add Application Unless and Untill User ALLOW it.
I am in Sandbox Mode
Pls help it
Facebook changed the authentication dialog to include 2 steps, the first for "user and friends permissions" and the second for "extended permissions" (if asked at all). You can read all about it Auth Dialog document.
The permissions your app asks for in the 2nd step (the extended permissions) are optional and the user can choose not to grant some or all of them. There's no way to force a user to grant you all permissions, here's what you can do:
Once the user finished the authentication process check for the permissions he granted the app, you can do it with a simple graph call to: https://graph.facebook.com/me/permissions, this will get you the permissions the app has for that user.
If the user hasn't granted you with all the permissions that you must have then you have two options:
Show him a page telling him that those permissions are mandatory and that he has to accept them all if he wants to use the app
Redirect the user to the auth dialog again, in a loop, until he either accepts all permissions or just gives up and stop trying to use your app.
Just keep in mind that the more permissions you ask for (and insist on), the less users will be inclined to use your app.
Related
I'm trying to create an intranet site where, if possible, all parts of it should be SSO in a way that a user who is logged into his Active Directory account in Windows would immediately be signed on with that same account in all pages of my site through LDAP.
Now the main component of this site is built with a CMS and from there the user should be able to click the links on this site to get to the other tools we're using, like for example the ticket system.
The CMS and the ticket-system software both are able to connect through LDAP themselves but I want a SSO solution for this.
So I searched and found this for the apache server: mod_authnz_sspi
This apparently lets you use $_SERVER['REMOTE_USER'] in PHP to get the windows user signed on right now.
Now I'm stuck since I'm not really sure how to use this to automatically log the user into the sites.
What do I have to do with this to get the SSO solution that I want?
I thought about creating a simple HTML form with the same fields like the one from the ticket-system form I'm trying to log into. I would then try to send the POST-data to the form of the ticket-system and log the user in automatically. For the username I would send $_SERVER['PHP_AUTH_USER'] and for the password $_SERVER['PHP_AUTH_PW']. However, the ticket system is protected with a CSRF-Token which I would have to include into the sent POST-data but can't know in advance since it is generated in the moment of accessing the page.
So it would be really helpful if someone could tell me how to get a SSO working with the mod_authnz_sspi tool (or another).
If there isn't any other way than through using a HTML-form that sends the POST data like I tried, then it would be helpful if someone knew a workaround to the CSRF-Token problem!
You can create an AUTH application that administrate your users (details, permissions, etc.). When an user access other application if it are not logged in redirect it to the AUTH application. AUTH application check user credentials, generate an access_token and redirect user back to the application that try to access. More info you find here https://www.mutuallyhuman.com/blog/choosing-an-sso-strategy-saml-vs-oauth2/
I ran an application that to have access, the user needs to log in, this application has multi levels of authentication, this application is a PWA too.
The problem is that when the user downloads the APP to the home screen it always opens on the login screen, but as it can be offline it will not be able to log in.
How can I do to keep it logged in? that is, when the user is offline or online go directly to their dashboard.
I read some answers about sessions and cookies, is it really the best way?
No react or angular or vue was used.
It took me a while to post the answer here, but it came.
Actually it was quite simple, just put in manifest.json to open the URL already logged in and solved my problem, of course it will only load if the user has ever accessed this URL according to my cache rules in the service worker, I suggest you try the same, if it doesn't work you can contact me that i can help.
I have a Messenger bot hosted on Dropbox, and deployed on Heroku.
It worked fine.
I renamed it on Heroku, then also renamed it (to match that change) on developers.facebook.com
It is no longer working (doesn't reply to any command, while it did reply to commands when it worked).
What other setting should I update or check?
I can post the code, but there was no code change at all - from when it worked, until it broke - so that probably won't help.
Edit:
When trying to generate a new token, I get:
Invalid Scopes: manage_pages, pages_messaging, pages_messaging_phone_number, pages_messaging_subscriptions. This message is only shown to developers. Users of your app will ignore these permissions if present. Please read the documentation for valid permissions at: https://developers.facebook.com/docs/facebook-login/permissions
Edit:
Making the bot private ("developer mode") allowed me to generate a new token. I pushed the new token to Dropbox and Heroku, and the bot started responding to commands again (working), but making it public broke it again.
Edit:
I now see that under the Bot's page, in Messenger > Settings, it says that I need permission to use the "API Send (pages_messaging)". I've sent a request for that...
Are such permissions always required for a Bot to work?
I'm not trying to access any user info (not that I know of), and the docs said that one can immediately make a bot public, unless it needs to access private info. All my bot does is reply certain messages to certain commands.
Notes:
I never tested it with an account other then mine (the developer account for the bot), so it can be that it never "worked" while public. It is newly made.
By now, the title of this post maybe should change to "bot broken after making it public", but I'm not sure about that being the case just yet.
TL;DR
Renaming shouldn't be an issue, provided you rename it in all necessary locations (including but not necessarily limited to: developers.facebook.com, Heroku).
In long:
It turns out I never tested the bot from an account other than the admin, so it never "stopped working", rather was never published yet. Renaming is not a problem (as long as you also rename it on developers.facebook.com)
In order to have it work for other accounts (I.E. make it public), you need to request permission to use pages_messaging. Scrolling down on the "Messenger" page (on developers.facebook.com), you can initiate the request, and it will prompt you to fill any required information, such as your app's privacy policy, icon, as well as temporarily add several accounts as testers for your app (these accounts will be provided to you in that prompt), plus adding those same accounts as editors of the Facebook page you want to use the bot on.
Notes:
I'm not sure if pages_messaging is required for a Facebook bot altogether, or only if one also wants the bot to be available on the Messenger platform, but because that's what I wanted for my bot, I selected that feature when setting up the bot to be public and initiate the request.
Initiating a request will toggle your bot back to "private" (invisible to non-admin accounts).
A useful sanity check (which helped me a few times) if things break and you are not sure why, is generating a new token by "selecting" your page again under the App's settings (don't forget to actually use that token and push changes).
I'm trying to upgrade an integration with the Facebook Graph API from version 1 to version 2.0, but I'm facing a problem: The permission publish_actions is not being shown in the dialog for granting.
I'm doing it manually (without the JS SDK).
PHP code:
header('Location: https://www.facebook.com/v2.0/dialog/oauth?client_id='.$appID.'&redirect_uri='.urlencode($callBackUrl).'&scope=publish_actions,offline_access');
exit(0);
Does anyone know what is happening? I've been looking for a solution for hours. As I already said, I had a working app at the Facebook from the previous version, and the Facebook API didn't show me any alert.
I assume that all configurations are correct, or at least they seem to be.
Currently, the Facebook requests reviewing your app when it uses non-basic permissions like "publish_action". If you need to use these permissions, you will need to submit your app to be reviewed by Facebook's team. Only after that the permission will be shown to your app users.
For submit your app, access your app at https://developers.facebook.com/apps/, and after clicking at your app button, click at the button "Status & Review" at the left menu, fill the form and submit it. Within 5 business days you will be notified about the reviewing result.
Another thing that has changed is that non-basic permissions are only shown to the user after he approves the basic permissions.
Furthermore it's allowed to use your own user to test the app (with all permissions, including non-basic's) before submit it.
I'm developing a facebook application and everything is going fine with log in and comments etc.
I came across the issue of 'reauthorizing' users. One of my users 'accidentally' pressed 'don't allow' when it asked them for access to their information and now they cannot sign in.
Does anyone know how I can reauthorize them?
Thanks in advance.
Edit:
It turns out that once I officially published the application the users' error disappeared. I'm pretty sure you aren't supposed to have work-in-progress published apps but that certainly solved my problem.
It should ask for permissions automatically. Try to tell him to do this:
Go to My account > Privacy settings
(I don't know the exact text of the
option because mine is in spanish).
Then, in the footer menu, select
Applications and Web sites
Next to Applications that you use,
click on Edit settings
Search your app and delete it.
Re-enter in your app and permissions dialog should appear.
As explained by manuelpedrera previously, after the user remove the application from their facebook account, he / she has to re-access your website and retry to login to your website using their facebook account. Once they choose to allow the permission, your app will again be added under their facebook account and everything should be back to normal. good luck mate :-)