The facebook login have mang types: web login,android login and ios login. All of them can get a userid. My question is: when people login with the same facebook account, can get the same userid? even login in different login type.
User IDs are scoped by App, so they would get the same ID.
Related
Our app uses google Oauth for app user to sign in. We only request 3 basic scopes: profile, email and openid. We didn't request contact scope. But when user sign it, it ask user to allow this app to see and download contacts. Any help?
I am new to work with wso2.
I am using Facebook or Gmail identity provider to get authenticate using travelocity application.
At First time wso2 redirect to Facebook login page or Gmail login page by which i want to login.
But at second time wso2 do not redirect to Facebook or Gmail login page direct shows home.jsp page with profile information of Facebook or Gmail.
My question is: What should i do if i logout then try to login then wso2 redirect us Facebook or Gmail login page.
This basically happens when you have the previous session stored in the browser and SAML logout has not happened properly.
Have you tried the logout button in the Travelocity app? Where did you find this smaple. Better to build and take the app from here https://github.com/wso2/product-is/tree/master/modules/samples/sso/sso-agent-sample
Futhermore, we do have two more SAML samples if you want to try. You can find them here https://github.com/wso2/samples-is/tree/master/sso-samples/saml2-sso-sample
I'm trying to understand the basic organizations and login flow between social logins on a mobile app and how that app requests resources from a backend flask api.
If the user logins into the app through Facebook, how does the backend api provide resources based on that login? Because it seems the backend doesn't know the user has logged in with Facebook.
Does facebook need to send a token to the app that the backend api then validates with facebook?
I suggest you to first read about single sign-on mechanisms:
https://en.wikipedia.org/wiki/Single_sign-on
Then you can read about OAuth2 which is used by Facebook for SSO from here
https://oauth.net/2/
https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
Simply you are correct, when user signs-in on Facebook, the backend will get token from Facebook that is used for authentication/ authorization of that user.
This is happening when a Facebook/Google log in is clicked on an XYZ website.
XYZ website redirects to Facebook login page together with an XYZclientID(XYZ should be already registered under Facebook as a developer)
Facebook identifies that XYZ(using XYZclientID) wants to authenticate ABC person
ABC person log in to facebook.
Facebook issues an authorisation code(for ABC+XYX combination) and redirects back to XYZ website.
XYZ uses this authorisation code + XYZclientID + XYZclientSecret to get a bearer token
Facebook validates the secret and issues a bearer token(linked to ABC person)
XYZ uses this bearer token to retrieve details of ABC person. (It cannot be used to retrieve data of DEG person)
Facebook give the email & other personal details of ABC to XYZ and XYZ shows that ABC is logged in.
More elaborated here : https://www.scienceabc.com/innovation/oauth-how-does-login-with-facebook-google-work.html
Is there a way for this cordova-plugin-facebook4 plugin to re-ask permission? I'm trying to connect my app to an API that requires the user's email. In my case, if users uncheck the email in my app and continues to login Facebook, when I check the Facebook account that I used to login, it is in my apps. So is there a way to :
re-ask permission in Facebook login?
or if that isn't happening
stop users from getting logged in Facebook if the user refuses to give his email?
I would like to do this to test the whole use-case in my app of which a user would submit the authorization code. How can I do this for a test user created by my app? Thanks.
Click the button to log-in as the test user, or use the login_url parameter when you access the test user in the API (see https://developers.facebook.com/docs/test_users/ ) - once logged in to facebook, use your app as normal