I am curious about Facebook Login, does Facebook collect user data from my app/my users after they login using Facebook Login? I know I can apply to receive user data from Facebook (ie: user demographic data, or user friends, etc), but does Facebook collect any data from my app/site in return? I feel like I have read the facebook login dev support pages a few times and can't seem to find an answer to this question. Thanks!
Related
I am building a basic social media web application and I would like my only login point to be via facebook login. After doing a fare amount of research, I have seen multiple third party authorization frameworks that plug in with facebook, but I was wondering if there were any opinions on what the best foot forward would be.
Additionally, how would I go about still being able to use sessions/cookies within Django if I use fb login?
All answers are appreciated!
You can use SocialAuth (https://github.com/python-social-auth/social-app-django), this app allows you to let users log in via many common SocialMedia-accounts, e.g. facebook. Upon login, the app will create a user in your database, which you can then use as if the user logged in with a local account. Therefore, the session will still be handled by django, fb only sends you some information about the user (e.g. first- and lastname, email, etc. [configurable in your settings.py])
I'm in the draft stage of designing a charity site for a friend of mine, and we'd like to be able to display photos of people who donate (they would have the choice of turning their photo on or off).
I'm used to logging people into another app of mine via Facebook, and retrieving their basic data.
What I'm wondering is - since the person viewing the site would be the only one logged into it, is it even possible to display photos of Facebook users who have donated ie can you retrieve a FB user photo if they aren't logged in?
If not, are you allowed, with the user's permission, to store their Facebook photo?
Thanks for your time and help.
Have a look at
https://developers.facebook.com/docs/graph-api/reference/v2.2/user/picture/
It's stating
Because profile pictures are always public on Facebook, this call does not require any access token.
This means as long as you requested the public_profile permission upon Facebook Login, and stored the app-scoped user_id in your database somewhere, you can use this app-scoped user_id to generate the profile picture image sources as follows:
<img src="https://graph.facebook.com/{app_scoped_user_id}/picture?type=large&redirect=true"/>
and replace {app_scoped_user_id} by the real app-scoped user_ids in some kind of loop.
I have some questions about facebook pages and their access tokens.
Right now i am trying to build a mobile app for my band and i want to have a function in it that allows users to either take a picture or choose from the phone gallery and upload it to our fanpage on Facebook.
What i have understand when reading about this is that i can make an fb app and set the extended permission to manage_pages and then get the page access token from the page that i am admin for.
Well, every user of the mobile app wont be admin over our fanpage......
So i wonder if there is some way to get the fanpage access token and let user upload pics to our fanpage.
OR if you have any other way of doing it let me know.
I am building with appcelerator Titanium so i use javascript.
If you have an answer for this please explain like i am 6 years old.
I am implementing "login with facebook" feature using php sdk, i am able to grab user profile details. But after that user remains logged in. Suppose user is accessing my site and after using "login with facebook" features he leaves immediately, then next person sitting there can use(misuse) previous persons account.
1)How can i automatically logout user after fetching what i needed (I dont want to show user "facebook logout" button).
2) Is there any way i can only logout user from my app and not facebook logout ? (i mean if user is already using facebook in another tab then it should only logout users facebook session from my app.)
Assuming all the usual security measures are in place (session timeouts apply to FB logins, doesn't leak FB data across distinct PHP sessions, logging out of your site clears FB session data or moves to a login/front page with no FB access), websites with Facebook integration generally don't bother securing their FB integration on a per-request basis. It's the user's own fault if they leave a browser window open and logged into your website, there's not a lot you can or really should do about that kind of mistake.
All that being said, you can call getLogoutUrl and then redirect the user to that URL to log them user out of the current session, OR you can use the JavaScript SDK's FB.logout(). Both options are mentioned here.
I have a website which users can sign up to using Facebook Connect (with the new OAuth 2.0 stuff). Now when a user logs out of Facebook they remain logged-in on my site.
I'm not using the JavaScript SDK as I don't like the "magic behind the curtains". So what should I do when a user logs out of Facebook? Should I care at all? I get the feeling I should try to catch this somehow and log them out of my site as well.
I'm using Django with a custom authentication backend for this.
Don't do anything. You are using facebook as means of authentication. The fact that the user logged out of facebook means nothing for that matter - He's stil the same user.
Do the users think of your site as a part of facebook? I guess not (assuming its not a facebook app, just a login via facebook). Then it would be surprising and counterintuitive from the user's perspective to find he's also logged out of your site when he only logged out of facebook.