I am successful in implementing Facebook API and Google+ API. I don't haven any issues with login or logout. Even when page is refreshed information is working fine.
But when user logs into Google+ and Facebook in different tabs and he provided access to the app by login with both accounts then I am seeing both images.
How can I avoid this. On page load, I would like to see only either Facebook or Google+ but not both.
If Facebook login then show only Facebook
If Google+ Login then show only Google
If he is logged in to both then show only one of them.
This just out, how to do both:
One of the key parts is the concept of identities vs users. A user represents a human, an identity represents a human logging in with a particular social network. Data security is done on users, showing photos and whatnot is done on identities.
The first code snippet shows some pretty simple logic for deciding which login provider to use if a user is logged in with both.
https://developers.google.com/+/best-practices/facebook#separating_social_and_business_logic
Only allow them to associate their Google+ or Facebook accounts, not both. If one is associated, then do not allow the other.
Related
I've been working with the Facebook JavaScript SDK recently for user signups, I've noticed if I use the system to login to an existing Facebook account it works fine but if I have to create a Facebook account it fails. I realise I'm a bit sparse on details here but I noticed it also fails on the Spotify website, is it even possible to use the JavaScript SDK for signups if the user doesn't have a Facebook account and has to create one? I realise if you don't have a Facebook account already you're unlikely to want to use that functionality but just wanted to see if it really doesn't work in that scenario? Or if it's just me and Spotify not implementing it right.
You can create the Facebook account then click the signup button on my website again and login with your now existing Facebook account and that will work fine, it just involved having to click the button a second time.
I want to create a web application that allows the users to upload videos to a specific YouTube account. The users do not have gmail accounts and they have to access YouTube via one login. Is there a way for me to achieve this without having the users to login to the Google account.
I have tried the samples provided by the YouTube API. These first show the Google+ log in screen for the users to enter the credentials. What i want, is for the application to login, without the users knowing it. Is it possible to implement a way for the application to signin to the account without its users realizing it. Please provide me with a soution. So far I have tried the YouTube JavaScript API.
Thank you in advance!
YouTube is dependent on gmail emails now. They switched a while back.
You should be able to have them login once, and then your application could remember their login.
YouTube's authentication is going to need them to login so the OAuth token can be handed off.
I am new to stackoverflow, so I hope that I ask the question correctly.
For a website that I am working on, I have to implement login in using your facebook account. I have this working for the biggest part, since the user is able to login with using facebook and I'm able to retrieve the information I want.
But the problem is, whenever the user logs in with their facebook account, he automatically gets logged in into facebook itself. And whenever the user presses the log out button, facebook logs him out too. For the facebook login, I am using the javascript sdk from facebook.
This can be quit anoying for the user, since it must be possible for a random user to login my website using their facebook account, even when someone else is logged into facebook itself on the same computer.
So my question is: is it possible to login with facebook, without the user actually login into facebook, like just let facebook verify the account and send the requested information back? Using the facebook js sdk off course.
That is not possible. You cannot have 2 different Facebook sessions in one browser and you need to login to Facebook in order to login to your App.
The scenario is: User sign up to site with facebook_account_1, (he garant accessing to the site so site store his UID in DB so he won't have to give site access right each time he tries to log in ), now he can click on "invite friends" link that will popup nice JS pretybox with his friends. So far so good. Now in new tab he manage to logout from facebook_account_1 and logs in to facebook_account_2 (while he is still using the same account on our site), ... now when he clicks on the "invite friends" link he can invite friends from that second account.
the issue is that this JS popup isn't dealing with my db stored access token (witch is logical) however I'm looking for solution how to restrict that popup to display warning message "you are already using different FB account than is your stored UID", but the way that JS -> FB communication is done I cannot just replace Requested UID, with the stored UID.
the only solution we manage to think up is just kinda compare stored FB cookie UID with the the users UID in DB, but you cannot do that because of the browser restrictions (witch is also logical)
these are things I have to keep on site:
1 site now can store only 1 FB access token (UID)
2 for now I'm not allowed to refactor the JS popup to custom interface where I can deal this problem
any ideas ?
BTW sorry for the long title of question,couldn't think it shorter
How he managed to logout from the popup?
I would suggest you to use the standard dialogs given by the facebook, in that the url will be disabled and other things are automatically handled by fb.
The dialog can be found at http://developers.facebook.com/docs/reference/dialogs/requests/
I want to implement something similar to what Digg has done.
When the user logs in for the first time, I want it to force them to create an account on my site.
More importantly I want to know how to log a user into my site when they login with facebook connect. If they login with facebook connect, they still haven't provided me the password to their account on my site, so I can't use username/password to log them into my site. How do they do this on Digg or sites similar to this?
Facebook's process flow can definitely be a bit confusing. Take a step back from the details and the API, and look at the overall flow here:
Facebook Connect will tell you that a user is logged into Facebook, and give you their Facebook ID. You can validate that ID against Facebook using Facebook Connect to make sure it is properly logged in. Once this is done, you don't need a user name and password. As long as you trust that Facebook has authenticated the person properly, they are the only ones that can come to your site using that Facebook ID. That is enough information to start an authenticated session based around a local account that is associated with that ID.
The process you should follow is like this:
User logs in to your site with
Facebook Connect for the first time
You notice that you don't have a local account associated with that
Facebook ID, and prompt them to
enter local account information
You save that information along with their Facebook ID
The next time you see that Facebook ID (and validate that it is
logged into Facebook using the
Facebook API), you can start up a
local session using the associated
account.
Basically you end up with two separate methods of authentication: a Facebook Connect ID check, or the regular username/password login on your site. Either one should have the end result of starting a local authenticated session.
Hope that helps.