The website I am developing requires authentication before you can access anything, but I want to allow users to share information with facebook once they have logged in. When I use the standard facebook sharer.php link it pulls up the data from the login page, not the page with the data the user would want to share.
http://www.facebook.com/sharer.php?u=<url to share>&t=<title of content>
Is there any way to allow Facebook to see the data behind the authentication?
I found a temporary work around:
[http://forum.developers.facebook.net/viewtopic.php?pid=178614]
In the last post on this page the user talks about how he used static pages with redirects so that the facebook sharer would find the proper data, and the user would be redirected to the page they expected. Doesn't seem to be the best way, but it works for now.
Related
I have a page with some sensitive content on a page and I want to restrict access to that page by asking the visitors to check their real ages.
I was thinking that the best way was to create a facebook app with age restrictions, and ask them to like the page (on facebook) or something... But I have no clue on how to implement this (besides creating the app) on wordpress.
Just to clear things out: My blog doesn't have register or login enabled.
Can someone give-me an hint?
1st you can use a membership plugin for restricted a page from guest user. So, only logged in user can view this page.
2nd now setup/enable login with facebook in your wordpress site using a plugin.
That's it. I think its work for you.
Search here your plugin: http://wordpress.org/plugins/
I have a wordpress site, and I want to put a link on that site so that users are redirected to another PHP site.
But here the problem is that the other php site uses authentication, i.e. users need to give username and password before they can enter.
I want to develop a link that users can simply click on and get to the other site directly.
I can give the username and password for the php site, but the requirement is that the user users are not asked for username and password.
you have to make a new php file(in the 'php site') that assign the session variable to the linked users, and then it redirect them to the main page of the 'php site'
U have to write an authentication function on the other php site.. when the user clicks on the link of the wordpress site redirect him to that authentication function, along with his credentials, where the users will get logged in automatically and get redirected to your php site.
if i get you right, i think the best way is to generate the link in wordpress site with a parameter : http://www.linktophpsite.com/?autologin=true
Then at php site you could get the element and if it is set to true, you can log the user to your site. If you want single sign-on on both sites, that's totally different. I recommend you to read articles about single sgn-on on php
If you have no control over the target site, then your options are very limited. You can't just provide access to material that requires login credentials without providing those login credentials.
Your best, and most secure, bet is to include the target site's login fields directly from their site in an iframe. The user logs into the other site, you track the iframe onload event to see that it changed, and then redirect the user to the page in question. This is better because it keeps you from handling the login details directly on your site.
I cannot guarantee that this works as simple as that, I haven't tried it and this page seems to indicate that at least some of the possibilities with cross-domain iframes are no longer relevant with modern browsers (I didn't read the page in detail, just trying to give a starting point).
I have a fair amount of Facebook development experience, but this had made me pull my hair. It must be something very small, but I can't get it. I recently saw some Facebook pages with welcome tabs that show user's name "Welcome [YOUR NAME]" who visits their page. Example is here:
https://www.facebook.com/Tony.Samaha.Official.Page
As per my knowledge, we cannot get the user id without the permissions by the user. After the permissions we are able to get the user id in the signed request. How do I get the Facebook user id or name, something similar to the above example? How is this working? Can this be achieved?
FYI: I am using iframe tab.
Check out the documentation on signed_requests. When a user visits your application there will be a signed_request posted to your URL. The documentation states :
A signed_request is passed to Apps on Facebook.com when they are
loaded into the Facebook environment
A signed_request is passed to any
app that has registered an Deauthorized Callback in the Developer App
whenever a given user removes the app using the App Dashboard
A signed_request is passed to apps that use the Registration Plugin
whenever a user successfully registers with their app
You will have to decode this request (see the link above for details) and from there you will be able to extract the user_id of the visiting user. Then all you have to do is query the Graph API like this :
https://graph.facebook.com/USER_ID and you will get back the public information for that user which should include the users name.
The user is still using the old static FBML application, so most likely they are using the fb:name tag. Though, I believe this is now deprecated. So really, the page you linked to needs to be updated.
I've developed a Facebook app (with iframe) using CakePHP. I get some Facebook user info when the app opens and display a form to send SMS free.
So, the user must be authenticated in Facebook before continuing in the app.
I'm using the Facebook SDK php (Copyright 2004-2008 Facebook. All Rights Reserved.)
How could I avoid Facebook to redirect to my own site when the user has lost the auth session?
Are you having the user use the FB login popups, and the FB authorization code?
Not sure if this will work for your situation, but on the loginURL code, you can pass in a redirect_uri that could point to a page that you want them forwarded to after they complete the login and the authentication procedure.
$url = $facebook->getLoginUrl(array('scope'=>'offline_access,publish_stream,email',
'redirect_uri'=>'https://www.mysite.com/mysite/'));
Hope that's what you were looking for.
I understand everything in the question except the last line. What do you mean by:
How could I avoid Facebook to redirect to my own site when the user has lost the auth session?
If you are using facebook for login credentials, then you are required to redirect to your own site. This is a facebook security rule and you can imagine why it exists.
For anything fancy, you'll want to use the facebook "server-side" flow. It's fairly straight forward:
http://developers.facebook.com/docs/authentication/
I am using the oauth method in order to allow a user to sign into my website with Twitter and Facebook. I also plan to add Yahoo! and Google as well such as Stack Overflow does. Once the user logs in with Twitter successfully they have the option of logging out.
I want to make it to where when the 'Log out' button or link is selected, the user is logged out of my site AND TWITTER. I need it to log out of Twitter also in the case that the user is accessing my website and not Twitters. How do I do this?
Demo and example at: develop.f12media.com
The user clicks on 'Login' at the top of the page to log in with their Twitter account.
Redirecting the user to http://twitter.com/logout will probably work.
But don't do it. OAuth isn't meant to behave that way. Just log the user out of YOUR site.
Logging in to your site via OAuth doesn't necessarily log them in at Twitter, so logging out via your site shouldn't log them out either.
In Facebook it can be done easily because facebook provides logout.php and it takes next=sendBackURL as param.
so when user clicks on Logout button of your application, we can just invoke above logout URL, which will log out the user and smart facebook URL next=sendBackURL will send to your application login page.
But the above seems difficult in twitter, but I think if I do the same, then user will be on Twitter site but he will be logged out of both ur application and twitter.
so it can be by sending authorize?force_login=true, it will be called or will get redirection just after your application logs out user from your site, and user will be directed to Twitter again, I have tested it logs out user from twitter, although it will ask twitter credentials again, but no issue, user can just ignore that.
If Twitter can also provide some logout url, which takes next URL, it will be easy.
Whether or not the user is authenticated on the Twitter site is between the user and the Twitter site. You don't have access or control to that. You only have control over your auth token for that user on your site. You could expire the user's auth token when they log out of your site, but that only affects their Twitter authentication through your site. All that would accomplish is making it so they have to authenticate with Twitter again the next time they log into your site.
I think you're trying to accomplish something you don't need to here. This is the expected flow of OAuth and you shouldn't be worrying about logging the person out of a 3rd party site.