I had registered a facebook app for my website. And my problem is that I use single sign on for my website.
User must login with their facebook account in www.site1.com, then they will be redirected to www.site2.com.
How can i use the same register app Id on 2 sites for future functions. I want to use facebook javascript sdk to some stuff on www.site2.com
Thanks for your help. Nice day !
single sign-on:
SSO is simply logging a user with facebook and maintaining a site-wide session on your server and cookie on user's machine. This session shall remain valid for all pages on your website.
1) http://blog.mixu.net/2010/12/27/implementing-facebook-login-single-sign-on-part-1/
2) http://blog.mixu.net/2011/01/03/implementing-facebook-login-part-2/
3) http://blog.mixu.net/2011/01/09/implementing-facebook-login-part-3/
Related
Facebook JavaScript SDK guide contains an example code to integrate Facebook login and authorization for a specific application. The only information provided to this script is the App ID.
Let's say an user authorizes my application to access his private data. Now, what prevents someone else to put a Facebook login form on his own application using my App ID and JavaScript to make it look like it came from my domain and access this user's private data?
Do browsers provide enough security on this subject?
Now, what prevents someone else to put a Facebook login form on his own application using my App ID and JavaScript to make it look like it came from my domain and access this user's private data?
Do browsers provide enough security on this subject?
Nothing to do with the browser, really. Facebook will only pass data back to a domain that's in your whitelisted set of app domains in the developer console.
When the SDK redirects user to Facebook, Facebook's servers redirects back to your site. The redirect URL is set by you in the App Settings of Facebook Developer Center. If someone steals your App Id and puts it in his site, all of his users would be redirected to your site.
I am develop a plugin for wordpress where I want a simple way to check if a guest of a page is login with facebook or not.
I tried with the javascript SDK, but for this error:
Given URL is not allowed by the Application configuration: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains.
Would be a crazy that every user of the plugin will must create her own Facebook app.
There is a simplest way to check if a visitor of a page is logged with facebook or not than JavaScript SDK?
Maybe with the facebook cookie name? or other flow?
Not really, there is no officially supported way to check if a person is logged into Facebook except using the SDKs. Even if you could fine one, they might break as soon as Facebook changes the slightest thing so you would be better off using the official SDKs provided.
I have created a Facebook app, added it to a Facebook Fan page and I want to detect whether the user visiting the app tab is an administrator of the actual Fan Page (not the app). Is this possible through FB's JS SDK?
If the user has authorised your app and you have the manage_pages permission from them, yes.
Otherwise, no, you'll need to do this server side by parsing the signed_request
The scenario is: User sign up to site with facebook_account_1, (he garant accessing to the site so site store his UID in DB so he won't have to give site access right each time he tries to log in ), now he can click on "invite friends" link that will popup nice JS pretybox with his friends. So far so good. Now in new tab he manage to logout from facebook_account_1 and logs in to facebook_account_2 (while he is still using the same account on our site), ... now when he clicks on the "invite friends" link he can invite friends from that second account.
the issue is that this JS popup isn't dealing with my db stored access token (witch is logical) however I'm looking for solution how to restrict that popup to display warning message "you are already using different FB account than is your stored UID", but the way that JS -> FB communication is done I cannot just replace Requested UID, with the stored UID.
the only solution we manage to think up is just kinda compare stored FB cookie UID with the the users UID in DB, but you cannot do that because of the browser restrictions (witch is also logical)
these are things I have to keep on site:
1 site now can store only 1 FB access token (UID)
2 for now I'm not allowed to refactor the JS popup to custom interface where I can deal this problem
any ideas ?
BTW sorry for the long title of question,couldn't think it shorter
How he managed to logout from the popup?
I would suggest you to use the standard dialogs given by the facebook, in that the url will be disabled and other things are automatically handled by fb.
The dialog can be found at http://developers.facebook.com/docs/reference/dialogs/requests/
I want to implement something similar to what Digg has done.
When the user logs in for the first time, I want it to force them to create an account on my site.
More importantly I want to know how to log a user into my site when they login with facebook connect. If they login with facebook connect, they still haven't provided me the password to their account on my site, so I can't use username/password to log them into my site. How do they do this on Digg or sites similar to this?
Facebook's process flow can definitely be a bit confusing. Take a step back from the details and the API, and look at the overall flow here:
Facebook Connect will tell you that a user is logged into Facebook, and give you their Facebook ID. You can validate that ID against Facebook using Facebook Connect to make sure it is properly logged in. Once this is done, you don't need a user name and password. As long as you trust that Facebook has authenticated the person properly, they are the only ones that can come to your site using that Facebook ID. That is enough information to start an authenticated session based around a local account that is associated with that ID.
The process you should follow is like this:
User logs in to your site with
Facebook Connect for the first time
You notice that you don't have a local account associated with that
Facebook ID, and prompt them to
enter local account information
You save that information along with their Facebook ID
The next time you see that Facebook ID (and validate that it is
logged into Facebook using the
Facebook API), you can start up a
local session using the associated
account.
Basically you end up with two separate methods of authentication: a Facebook Connect ID check, or the regular username/password login on your site. Either one should have the end result of starting a local authenticated session.
Hope that helps.