is it possible to create my FB app in Fb iframe and on pay button it directs to Paypal for payment and returns back to my fb app for further processing without using Fb credits ?
In Facebook payment terms and policies i have read:
NOTE: Per the Facebook Credits Terms, all games on the Facebook Platform (including mobile web apps) must exclusively process payments through Facebook Credits.
Plus if you know any app on FB using payment method without FB credits please specify the names of the apps . thanks
What part of
All games on the Facebook Platform (including mobile web apps) must exclusively process payments through Facebook Credits
is unclear to you?
If the Facebook terms of use say you have to use facebook credits i don't think your app will be enabled if you don't respect that rule.
so even if it might be possible to use paypal directly, it will be a lot of work for nothing.
Related
I'm working on a Wix website where users can connect their social media accounts and have data from them displayed on their profile pages.
Currently, the form just asks them to input their social media URLs. Obviously, this is a problem, as there's no way for to verify that these accounts actually belong to them. How can I have them sign in to their social accounts to have them verify that they own the accounts from within the sign-up form?
Currently I'm having them connect their YouTube, Twitch, Instagram, and TikTok accounts. I imagine there's some kind of OAuth solution, but I just don’t know what. It is critical to the function of the site that we are 100% sure the connected accounts are correct.
You don't do it in Velo unless you have a very specific reason.
The Wix ADI natively supports it (refer to here).
And as for other things like TikTok, that can be done by writing Node.js backend code:
I'm implementing Auth0 in my SPA app, one of the requeriments is to have a custom UI, that also implies that i cannot use redirects to the Universal Login Page of Auth0.
After reading throught the Auth0 website, i found the Resource Owner grant type, which seems to solve my problem to handle a login directly using Auth0 API.
Is there any drawbacks of using this grant type?? (I read that is not very recommended, but i wanna hear opnions about this)
Also, is there any alternative to this grant type?? I mean, i'm stuck with this solution if Biz doesn't want redirections?? Thanks.
Resource Owner Password Grant
This can sometimes be a useful 'bridging solution', but it has some disadvantages as summarised in this article from a couple of years ago. These are perhaps the main downsides:
Single Sign On across apps won't work
Federated login options won't work (Integrated Windows / 2 Factor)
Security reviews may perform less well
Redirecting for Logins
It is very standard to redirect users to login, which signifies that you are externalising security to an expert provider. Most systems do this, including Gmail and Office 365:
You start at mail.google.com
For logins you are redirected to accounts.google.com
You then return to mail.google.com
My blog page shows the login redirect user experience for Web / Desktop / Mobile apps and there is an SPA there which you can run.
Of course, if your app is well coded there should be no down side to redirects. Eg the app should maintain the user location within your SPA, and also any data the user is editing.
I'm currently working on an AngularJS application. The application as it blatantly ignores whether or not you accepted any cookie consent and just places trackers. I am to remove all trackers until a user has accepted the cookie policy.
The application also requires the SDK from Facebook to import some user data (Facebook login required). However, the kit from Facebook that the app currently retrieves also places a Facebook Impression tracker (at least according to Ghostery). The policy allows any external code that is necessary for any functionality the application provides. I am not convinced however that this tracker falls within that range.
My question therefore is, is it possible to retrieve a version of the Facebook JavaScript SDK that does not also place a tracker?
I was planning to use Facebook Social Login in my Hybrid application ( HTML5/CSS/JS and Cordova) However on going to facebook developer I could not see an option for choosing cordova based app.
So shall I consider www , i.e. Javascript based SDK for implementing facebook social login?
From security point of view, is it good choice to choose JS SDK in hybrid application?
Thanks!
Yes, you can choose www for create app for hybrid platform and you just need to set the App id into application so if someone decompile your app they just get an App Id and nothing else, other all things are saved into your developer facebook account.
So you can create your app with this www without worrying about the security of an app.
Also you can create Facebook login with the simplest use of OpenFB,
You just need to create Facebook API from Facebook Developer Account
And Pass the App ID into javascript file of facebook login function.
I'm developing a site similar to blog. In that I would like to add a facebook notification feature.
For example, if I created one article it should send a notification to the subscribed facebook users.
I have done facebook share. But I don't know about this.
Note: I'm using asp.net and c# for the web development.
Is this possible. if possible, can someone say a way to achieve it.
First of all You will need to create a facebook application and add your web page as a "Web Page with Facebook login": You can find this setting in application settings. After you will need to log in your blog users via facebook and ask for some basic permissions (No special permission needed for sending notifications.) And after all these steps you will be able to send notifications to your users. Here are some resources that might help you.
https://developers.facebook.com/docs/games/notifications/
https://developers.facebook.com/docs/web/gettingstarted/
Here is the C# SDK resource.