When a user logs out of my site, unless they also log out of their Facebook account, they remain logged in to my site.
I'd like to comply with point 6 of this policy, so how can I log my users out of my site and out of their Facebook accounts for security https://developers.facebook.com/policy/
I have the following code bound to my login button and it's not working - the user is still logged in to FB after clicking. My console shows that the var accessToken is not defined but I'm not sure why. I'm sure I'm doing something fundamentally wrong, would really appreciate some help!
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$(".logout").click(function () {
FB.init({appId : <?php echo $this->config->item('facebook_appid');?>,
status : true,
cookie : true,
oauth : true,
frictionlessRequests: true});
FB.login(function(response) {
if (response.authResponse) {
console.log(response.authResponse.accessToken);
var accessToken = response.authResponse.accessToken;
}
});
window.location.replace("https://www.facebook.com/logout.php?confirm=1&next=http://www.mysite.com&access_token="+accessToken+"");
});
});
</script>
<div id="fb-root"></div>
To log out of Facebook, you need to use the FB.logout() method.
If you have already called the FB.init() and the FB.login() methods, you don't need to call these again in your click function.
Related
We use Linkedin to have our members "Sign in" to access our back end. We only use the Javascript SDK as our website is very simple. We have many users that come back after 6-months and receive the following error instead of seeing the "Sign in with Linkedin" button:
[unauthorized]. Expired access token. Timestamp: 1501736450333
Since we don't have a backend to renew the tokens in batch prior to their 60 day expiration, a simple solution for our members is to Logout first, see the "Log in" button, and sign-in again -- that we know re validates the token.
Question: I don't know how to "catch" the error or identify when a user has an expired token with Linkenin's Javascript SDK.
<script type="text/javascript" src="//platform.linkedin.com/in.js">
api_key: XXXXXXXXXXXXX
onLoad: li_OnFrameworkLoad
authorize: true
</script>
...
<script type="text/javascript">
function li_OnFrameworkLoad() {
IN.Event.on(IN, "auth", li_OnAuth);
}
</script>
I have tried using the:
if (!IN.User.isAuthorized()) {
li_Logout();
}
method, but that doesn't work as
IN.Event.on(IN, "auth", li_OnAuth);
will trigger the "[unauthorized]..." message without first calling the "li_OnAuth" callback.
Reproducing: The worst part of this bug is that I can't seem to reproduce it on my local machine, if you know how to trigger an "[unauthorized]. Expired access token..." bug please do let me know.
Solution?: One possible recent solution is using:
<script type="text/javascript">
window.onerror = function(e) {
if (e == 'Script error.') {
console.log('There is a chace IN.init failed.');
}
}
</script>
But I am not very familiar with "window.onerror" and I am not sure if the Linkedin Javascript SDK will trigger an error if the token is expired, etc. Basically I just need to catch the error and call my "li_logout();" function to Log Out the user from Linkedin and refresh the page.
Thank you much, any wisdom would be highly appreciated.
I am using the Facebook JS SDK v3.2.0 for an OAuth2 authentication.
I use the following code:
For initialization:
FB.init({
appId: 'MY_APP_ID',
status: true,
xfbml: true,
version: 'v1.0'
});
As a (synchronous) response to a user click on a button:
FB.login(function(response) {
if(response.authResponse) {
console.log('success');
} else {
console.log('error');
}
});
Behavior:
Initially, the dialog popup opens, asking for the basic permissions. When clicking on the "Okay" button in the dialog, a request to facebook is made which returns with 200. Additionally, when using the FB.getLoginStatus(), I see that I am correctly logged in.
However, neither does the popup close nor is my callback function for the login call evoked.
Moreover, re-trying the whole process will result in a blank popup opening which can be resolved by removing my app manually from my list of authorized apps on Facebook's settings page.
I am new to facebook app development. I am trying to get access token from the facebook. For that, I am trying to check my login status using the following code
<html>
<body>
<fb:login-button></fb:login-button>
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script type="text/javascript">
window.fbAsyncInit = function() {
FB.init({appId: 'appId', status: true, cookie: true, xfbml: true});
alert('page 1');
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
alert('Page 2');
// connected
} else if (response.status === 'not_authorized') {
// not_authorized
} else {
// not_logged_in
}
});
}
</script>
</body>
</html>
When i executes the above code, it shows a login button where i can login sucessfully. I can get 'Page 1' alert but I cannot get 'Page 2' alert. I dont know what's wrong with this code.
Thanks.
Check if you have enabled Sanbox mode in your application. If yes, and if you're not currently logged in as a user that has admin or developer role for this application, this will happen. Try if it'll work after disabling Sandbox for a while. Check answer to this question - https://stackoverflow.com/a/8485361/1816426
Of course I'm assuming, that appId: 'appId' part is an example only and you have correct application ID in your code taken from application's settings.
A few tips to get you going:
1) Check if your appID is valid (I'm hoping you didn't literally write appId, and have actually inserted an appID which you registered)
FB.init({appId: 'appId', status: true, cookie: true, xfbml: true});
2) try looking at the actual response by doing:
alert(response);
*The details of the response are stated here: https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
But my guess is that your application isn't registered correctly, or that you haven't inserted a correct appID in your appID field. That is usually the case.
I'm playing with Facebook Javascript SDK in order to implement a Facebook Connect action. It's already working but the problem is that every time that I try to login again on my application the user has to reenter its facebook password.
I'm sure that there is an option to do this step without entering the password if you are already logged in in facebook (I have seen this in lots of web pages). But how? The documentation http://developers.facebook.com/docs/reference/javascript/FB.login/ and even the source code does not explain how to do this:
"#param opts {Object} (optional) Options to modify login behavior."
My implementation right now is like this:
function login(){
FB.login(function(response) {
if (response.authResponse) {
$(".fb_login").hide();
$(".fb_logout").show();
FB.api('/me', function(response) {
register_user(response.id, response.name);
});
} else {
alert('User cancelled login or did not fully authorize.');
}
});
}
And I call to FB.init like this:
FB.init({
appId : 'xxxxxxxxx', // App ID
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});
Maybe it has to be a change in the FB.init or some kind of option while calling to FB.login. Any ideas?
Thanks in advance,
Raimon Bosch.
There is a method FB.getLoginStatus which you can use to check if user is already loggedin:
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
var accessToken = response.authResponse.accessToken;
//you are loggedin
} else if (response.status === 'not_authorized') {
//loggedin but not authorized your app
} else {
// the user isn't logged in to Facebook.
}
});
Did you mean something like that
Check the
Force Web OAuth Reauthentication in your PP setting facebbok developer>Your App> facebook login > setting > set Force Web OAuth Reauthentication to NO
I was trying to implement facebook logout functionality for my django app. In my app, users can log in using app username or with FB username. Now i want to implement logout functionality also.
For doing that i put this code in my html page, but i am getting 'FB is not defined' error. Can somebody help me to solve this ?
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
FB.init({
appId : 'xxx',
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});
</script>
<script>
function logout(){
FB.getLoginStatus(handleFBSessionResponse);
location.href = '/user_sessions/new';
}
// handle a session response from any of the auth related calls
function handleFBSessionResponse(response) {
/*
//Check the facebook login status
alert("handleFBSessionResponse(), "
+ "\nresponse.status="+response.status
+" \nresponse.session="+response.session
+" \nresponse.perms="+response.perms);
*/
//if we do have a non-null response.session, call FB.logout(),
//the JS method will log the user out
//of Facebook and remove any authorization cookies
FB.logout(handleFBSessionResponse);
}
</script>
<a href="javascript:logout();">Logout</a >
i got it working with this
<a href="http://m.facebook.com/logout.php?confirm=1&next=http://10.1.0.90:8080/registrationForm" >Sign Out</a>