I'm developing a Facebook authentication system using the Graph Api v2.8.
The website that makes the request requires the user's email.
Problem: the app is added on the user's Facebook regardless he unchecks or not the email permission option.
Is there any way of preventing the app being added on the user's facebook when he refuses to share his email?
If not, how can I remove the app from the user's facebook?
Thks in advance.
Here is one possible solution that solved the problem, by removing the app from the user's Facebook:
$response = $fb->get('/me?fields=first_name,last_name,email');
$userNode = $response->getGraphUser();
if (!isset($userNode['email']) || (isset($userNode['email']) && !$userNode['email'])) {
$fb->delete($userNode['id'] . '/permissions');
}
The line:
$fb->delete($userNode['id'] . '/permissions');
deletes the user app.
Related
I am receiving the Facebook Message Dialog with the message:
Facebook Login is currently unavailable for this app, since we are updating additional details for this app
In the facebook developers console for your app, go to App Review-> Permissions and Features. Set the public_profile and email to have advanced access. This will allow all facebook users to have access and these two settings are auto granted. Ensure the Access Level indicates Advanced Access
enter image description here
first app mode live and then give advance permission in email and profileimage
tap again again for advance permission and app mode live
If you dont know already find the Email associated with your facebook account :
facebook.com > Setting > Apps > GOG > (getEmail)
Using the email use Reset password in GOG login.
Follow the reset password instructions and log in using your email and new password.
I am creating a flutter android app which uses google sign in. Once logged in, I recieve accesstoken and idtoken. I want to use this token to authenticate my backend which uses django social auth and
Login and return the authoken, if the user has already signed up, or
Register the user , login and return the user id and authtoken.
Is this possible ? If so please suggest any documents online or please explain how should I approach this.
Over the years of doing this again and again, I found the solution below works well for me. It creates clear understanding of who is doing what.
Basically, you need:
Django Rest framework-backed token authentication for normal API requests. Mostly your app works on this. Link: https://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication
Google or Facebook or any other login to issue an auth token in 1. Thus effectively FB/ Google shortcuts the process of typing in username and password.
This is achieved via the flow below:
New user comes in and signs in via FB/ Google
You get Fb/Google token and send it to your backend
You verify the validity of the token. Re-obtain user name and email from G/FB from the backend. Use these details to create a user account in your backend. DO NOT USE email provided from front-end for account creation (assuming email is your primary unique user identifier)
NOTE: Don't forget to check if account already exists. If it does, this is a returning user/ login and not a new user. In this case, validate and return valid Django Rest Token
Once 3 is complete, issue a Django REST framework Token in response to the request made in 3.
After 4, you have a token in your app. Use this token for normal requests.
Happy coding! Happy to answer follow-up questions.
it is possible,first you have to create your api using django Rest Framework,the link below can help you to create your backend and set a token for every user:
https://dev.to/amartyadev/flutter-app-authentication-with-django-backend-1-21cp
then you have to add social authentication to your backend,you can write it yourself or using link below to use library :
https://github.com/RealmTeam/django-rest-framework-social-oauth2
after this approach you have to create your flutter app,the below link is a useful resource to connect your backend and your flutter app :
https://www.asapdevelopers.com/flutter-login-app-with-python-backend/
I am hitting a wall while developing seamless integration of a Facebook page with my bot.
Essentially I want to achieve same integration than Chatfuel or Manychat have, where being logged in with your Facebook account lets you to just choose what page you are connecting to them and you are good to go.
The problem I am facing is generating the proper token in order to bind the selected page to my app (bot). As per Facebook documentation:
When you create a subscribed_apps edge, the page-id you use in endpoint must match the page ID of the page access token used in the API call. The app that the access token is for is installed for the page.
Given the call has no other parameter than the access token, this access token has to be enough for Facebook to:
Authorize the action on the page.
Identify what app is being subscribed to the page.
This is confirmed while using the Facebook Graph API Explorer, where one selects the page and the app to bind and a proper access token is generated:
This token properly works using cURL in the terminal:
$ curl -X POST 'https://graph.facebook.com/v3.0/<MY_APP_ID_HERE>/subscribed_apps?access_token=<TOKEN_PASTED_FROM_GRAPH_API_EXPLORER>'
{"success":true}
With the Facebook Access token debugger (info icon on the left of the access token, then open in Access token tool), it is confirmed that the token knows about both the page and the app that have to be connected.
The question is, how are these page-app related token programmatically produced? I can't seem to find the proper API call in Facebook documentation and it is by all means possible, as Chatfuel and Manychat are doing this.
Thanks in advance for your support Lars Schwarz and community!
Adding some detail to Alex's answer, for it to be more complete.
When subscribing an app to a page, Facebook needs to:
Know what app you are talking about.
Know what page you are talking about.
Know that you have permissions on that page to subscribe an app.
How does Facebook know it all?
1 comes from the fact that Facebook login happens in the context of a page, actually, the Javascript code for Facebook contains your appId:
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.0&appId=<YOUR_APP_ID_IS_HERE>&autoLogAppEvents=1';
2 Comes from the page_id in the URL used to subscribe apps to pages:
https://graph.facebook.com/v3.0/YOUR_APP_ID_HERE/subscribed_apps?access_token=YOUR_ACCESS_TOKEN_HERE
3 Comes from the access token, obtained in the context of an APP through Facebook login, that is passed as parameter in the URL used to subscribe apps to pages:
https://graph.facebook.com/v3.0/YOUR_APP_ID_HERE/subscribed_apps?access_token=YOUR_ACCESS_TOKEN_HERE
To do this, you need to put FB Login on your site/customer portal and request pages_messaging and manage_pages permissions. The person that logs in must be a Page Admin.
Once your app has been granted that permission for the page, you can generate a page access token as described here:
https://developers.facebook.com/docs/pages/access-tokens
I am referring tutorials to implement django social-auth, I hace successfully implemented it for Twitter and Google+ . But, in case of facebook , I am not seeing "Valid OAuth redirect URIs" which has to provided for facebook. I assume that the new developer console of facebook has this new field.
By leaving the field empty, I am still able to login but I am not getting relevent details from FB. It might be because of this "redirect URI".
I followed below tutorials
Tutorial 1
Tutorial 2
I guessed that "http://localhost:8000/oauth/complete/facebook/" could be the URI looking at google+ and twitter pattern but I am still not getting email ID of user.
Can someone please confirm the redirect URI that has been used by them for Facebook in their Django App
The problem is that Django sends a redirect_state parameter which is not allowed by Facebook redirect URI policy.
Here's a simple solution:
Create a new backend for Facebook OAuth that don't pass redirect_state:
from social_core.backends.facebook import FacebookOAuth2
class CustomFacebookOauth(FacebookOAuth2):
REDIRECT_STATE = False
change social_core.backends.facebook.FacebookOAuth2 on your CustomFacebookOauth in AUTHENTICATION_BACKENDS of settings.py.
After hours of headache I finally found out that it was
https://{your_website_name}/social-auth/complete/facebook/
e.g. https://www.instagram.com/social-auth/complete/facebook/
Note that https is made mandatory by facebook.
I am using Facebook login integration on my asp.net site. What I want is that when a user logs off the site, I want him to also log off the FB application, but not Facebook itself. If I call FB.logout(), it logs off FB as well as the app.
I guess what I want is to lose the acess_token cookie for the app, but I can't figure it out.
FB.api({ method: 'Auth.revokeAuthorization' });
I dont think that is possible as the login for both the application and FB is done using FB credentials..
In case you want to de-authorize the user from your application you can issue an HTTP DELETE request to /PROFILE_ID/permissions to revoke authorization for an app.
I'm not sure this is a good idea. Even if you removed the session for your website, if they are still logged into facebook, they may as well still be logged into your website. They are essentially the same thing. You need to log them out of facebook to ensure their security on your site, otherwise it just takes someone sharing the pc or cookie sniffing, to get access to their account on your site
edit: also, if you just want to delete the cookie, you can simply do this with javascript.