I'm developing a web-app that at the start connect to facebook, but before asking user credentials I'd like to try to retrieve these credentials from official Facebook Application (Android, IOS or MAC app).
Is this possible?
The user must accept the applications permissions BEFORE anything is displayed.
The easiest way is just printing their details from them to view once they're signed in, but following Facebook's Guidelines, you can't view a user's profile information without.
Related
I'm working on a Wix website where users can connect their social media accounts and have data from them displayed on their profile pages.
Currently, the form just asks them to input their social media URLs. Obviously, this is a problem, as there's no way for to verify that these accounts actually belong to them. How can I have them sign in to their social accounts to have them verify that they own the accounts from within the sign-up form?
Currently I'm having them connect their YouTube, Twitch, Instagram, and TikTok accounts. I imagine there's some kind of OAuth solution, but I just don’t know what. It is critical to the function of the site that we are 100% sure the connected accounts are correct.
You don't do it in Velo unless you have a very specific reason.
The Wix ADI natively supports it (refer to here).
And as for other things like TikTok, that can be done by writing Node.js backend code:
By using the API navigator.bluetooth.requestDevice(), a web page could ask a user for his permission to pair and establish connection with a bluetooth device. After approving the request, assume the user reloads the web page. Is there a way for the web to connect to that paired device without asking for permission again?
I know we can do that in web-usb with API navigator.usb.getDevices(), but I can not find a way to do that in web-bluetooth. Anyone please help.
Thanks
The Web Bluetooth specification mentions that the navigator.permissions.query() method can be used to request BluetoothDevice objects for which permission was granted prior to a page reload.
However, Chrome does not currently implement persistent Web Bluetooth permissions the way that is done for WebUSB nor does it implement querying Web Bluetooth permissions through the navigator.permission API. Both of these tasks are tracked by issue 577953.
Facebook JavaScript SDK guide contains an example code to integrate Facebook login and authorization for a specific application. The only information provided to this script is the App ID.
Let's say an user authorizes my application to access his private data. Now, what prevents someone else to put a Facebook login form on his own application using my App ID and JavaScript to make it look like it came from my domain and access this user's private data?
Do browsers provide enough security on this subject?
Now, what prevents someone else to put a Facebook login form on his own application using my App ID and JavaScript to make it look like it came from my domain and access this user's private data?
Do browsers provide enough security on this subject?
Nothing to do with the browser, really. Facebook will only pass data back to a domain that's in your whitelisted set of app domains in the developer console.
When the SDK redirects user to Facebook, Facebook's servers redirects back to your site. The redirect URL is set by you in the App Settings of Facebook Developer Center. If someone steals your App Id and puts it in his site, all of his users would be redirected to your site.
I was planning to use Facebook Social Login in my Hybrid application ( HTML5/CSS/JS and Cordova) However on going to facebook developer I could not see an option for choosing cordova based app.
So shall I consider www , i.e. Javascript based SDK for implementing facebook social login?
From security point of view, is it good choice to choose JS SDK in hybrid application?
Thanks!
Yes, you can choose www for create app for hybrid platform and you just need to set the App id into application so if someone decompile your app they just get an App Id and nothing else, other all things are saved into your developer facebook account.
So you can create your app with this www without worrying about the security of an app.
Also you can create Facebook login with the simplest use of OpenFB,
You just need to create Facebook API from Facebook Developer Account
And Pass the App ID into javascript file of facebook login function.
I have created a Facebook app, added it to a Facebook Fan page and I want to detect whether the user visiting the app tab is an administrator of the actual Fan Page (not the app). Is this possible through FB's JS SDK?
If the user has authorised your app and you have the manage_pages permission from them, yes.
Otherwise, no, you'll need to do this server side by parsing the signed_request