We Keep Coding

Authenticate user with external url, Ember Simple Auth after callback with token

I use an external service for authentication Stamplay ..
To authenticate with username and password, I have to make a post in ${config.host}/auth/v1/local/login
The callback for this post contain the token, so I created a custom authenticator to handle it
Custom Authenticator
export default Base.extend({
tokenEndpoint: `${config.host}/auth/v1/local/login`,
// ... Omited
authenticate(options) {
return new Ember.RSVP.Promise((resolve, reject) => {
Ember.$.ajax({
url: this.tokenEndpoint,
type: 'POST',
data: JSON.stringify({
email: options.email,
password: options.password
}),
contentType: 'application/json;charset=utf-8',
dataType: 'json'
}).then(function (response, status, xhr) {
Ember.run(function () {
resolve({
token: xhr.getResponseHeader('x-stamplay-jwt')
});
});
}, function (xhr) {
Ember.run(function () {
reject(xhr.responseJSON.error);
});
});
});
},
invalidate(data) {
return Ember.RSVP.Promise.resolve(data);
}
});
And everything works fine.. but ...
My problem
For social logins, I need to redirect the user to https://MYAPP.stamplayapp.com/auth/v1/EXTERNAL_SERVICE/connect
EXTERNAL_SERVICE can be.. github, twitter, facebook...
Then, the user is redirect to service page, and after login, the callback will be http://myapp.com/callback?jwt=XYZ
So, how can I capture the token and login the user with this token?

Tell me if I'm wrong, but I think that for Facebook you can use Torii which is working well with simple-auth. Twitter is using Oauth1.0, so it's a bit more complicated in my opinion. But Facebook / Google should be fine.
Basically, Ember will request an AuthorizationCode from Facebook API, then send it to your server. Your server will then ask Facebook API an access_token, and use it to get the user information. Finally, you can load/register your user, generate a JWT token and send it to your Ember app.
But I'm interested to know if you have found a solution for Twitter.

Facebook api friends list

I'm using Facebook's javascript SDK to inspect the friends list of users registered in my application.
I have this call:
FB.getLoginStatus(function (response) {
if (response.status == 'connected') {
FB.api('me/friends', { fields: 'id, first_name, picture', limit: 6 },function(response){
MY CODE TO VIEW FRIENDS PICTURE
});
}
else{
CODE TO GET ACCESS_TOKEN
}
});
but in most of cases I get an api error like this:
response.error = {
message: unkown error,
code: undefined,
type: http,
subcode: undefined
}
I tested it with my account and it works fine, even if I change privacy permission as friend's sharing.
There is something wrong in my code?

FB.api('me/friends', { fields: 'id, first_name,picture', limit: 6 },function(response){
console.log(response);
});
For more detail information use Facebook's graph API explore :Facebook Graph aPI

Why don't you use an fql query with FB.api? It offers a great control.
The following FQL return (User ID, First Name and Picture of a friend who is using the application)
FB.api(
{
method: 'fql.query',
query: 'SELECT uid,first_name,pic FROM user WHERE uid IN (SELECT uid2 FROM friend WHERE uid1 = me()) and is_app_user limit 6',
access_token: token
}
Note: You would better use this condition
if (response && response.authResponse) {
Instead of:
if (response.status == 'connected') {
Regards,

Automated facebook post to wall with Javascript

I have a facebook application in which the user is authenticated with PHP and grants permissions to the app, including publish_stream.
During the application, the user is going through several screens.
On the last screen, the is user chooses if they want to share a post on their wall.
If they do, an automated and formatted post should be posted on their wall.
I've tried to do it with Javascript but it didn't work. Can you see what's wrong?
Thanks!
Here's my code:
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({
appId : 'MY APP ID',
status : true,
cookie : true,
xfbml : true
});
};
(function() {
var e = document.createElement('script');
e.src = 'http://connect.facebook.net/en_US/all.js';
e.async = true;
document.getElementById('fb-root').appendChild(e);
}());
</script>
<script>
function postToFacebook() {
var body = '';
var params = {};
params['message'] = 'MESSAGE';
params['name'] = 'NAME';
params['description'] = '';
params['link'] = '';
params['picture'] = 'https://www.URL.com/pic.jpg';
params['caption'] = 'CAPTION';
FB.api('/me/feed', 'post', params, function(response) {
if (!response || response.error) {
// alert('Error occured');
} else {
// alert('Post ID: ' + response);
}
});
}
</script>

From reading your question and the various comments it seems to me that the users session information is not persisting into the JavaScript SDK - this assumes that there is a valid user session being maintained serverside.
First of all you should check that you are using the most up to date PHP SDK. To double check download and install the latest version from GitHub.
I think this should solve your problem as the cookies containing the authorised users session data should be passed between the PHP and JavaScript SDKs.
If that doesn't work I have a suspicion that the user is not being authenticated correctly serverside. In which case you could try the following.
Before you postToFacebook() you should check the users the users logged in status and log them in if necessary. For example:
FB.getLoginStatus(function(response) {
if (response.authResponse) {
// logged in and connected user, someone you know
postToFacebook();
} else {
// no user session available, someone you dont know
FB.login(function(response) {
if (response.authResponse) {
// logged in and connected user
postToFacebook();
} else {
// User cancelled login or did not fully authorize
}
}, {scope: 'YOUR,REQUIRED,PERMISSIONS'});
}
});

You are not calling the function postToFacebook()!
window.fbAsyncInit = function() {
FB.init({
appId : 'MY APP ID',
status : true,
cookie : true,
xfbml : true
});
postToFacebook();
};

When you attempt to do this:
FB.api('/me/feed', 'post', params, function(response) { .. });
You need to pass the access token along with the call. I assume you have it on the php/server side, so then:
FB.api('/me/feed/access_token='[INSERT_ACCESS_TOKEN], 'post', params, function(response) { .. });

pages.isFan returns incorrect signature

I am working on a Facebook canvas iFrame application, and I`m going insane.
I am trying to check if a user is a fan of the page where the app is located, so that I can allow or disallow voting.
I use the following code:
function CheckFan() {
FB.init({
appId: 'xxxxxxxxxxxxxxxxxxxxxxxxxx',
status: true, // check login status
cookie: true, // enable cookies to allow the server to access the session
xfbml: true // parse XFBML
});
FB.api({ method: 'pages.isFan', page_id: '145116742177104' }
, function(resp) {
if (resp) { $('#main_frame').show(); $('#non_fan').hide(); }
else { $('#main_frame').hide(); $('#non_fan').show(); }
});
}
This JS SDK is driving me up the wall, while calling the documentation "incomplete" is an insult to incompleteness.
Any input will be appriciated.
Thank you!
-Elad

This has been deprecated by Facebook.
A new Graph API alternative will hopfuly be available by the time we need to deploy the app.
For now I use FQL:
FB.api({ method: 'fql.query', query: 'SELECT uid FROM page_fan WHERE uid= ' + user_id + ' AND page_id=145116742177104' },
function(result) {
if (result.length)
{ $('.main_frame').show(); $('#non_fan').hide(); } else { $('.main_frame').hide(); $('#non_fan').show(); }
});

facebook application API check if user is application admin in facebook

i have:
user facebook data (
https://graph.facebook.com/btaylor )
facebook application data (
https://graph.facebook.com/2439131959
)
Is somehow possible to get if user is application administrator in facebook with this in my hands?

To get this kind of information you can use FQL:
protected function authorizeByFb(){
$result = $this->fb->api(array(
'method' => 'fql.query',
'query' => "SELECT developer_id FROM developer WHERE application_id='{$appId}' AND developer_id='{$fbUserId}'",
));
if(count($result)==1){
return true;
}
return false;
}

if your developed application is checking the role of the logged in facebook user or simply your application wants to recognize it's owner or admin,
then
http://developers.facebook.com/tools/explorer/?method=GET&path=me%2Faccounts should have that application id listed
api call:
FB.api('/me/accounts', 'get', {"access_token":access_token}, function(response){
//loop through response to check any application id matches current application id
});
response sample:
{
"name": "app_name",
"access_token": "current_token_here",
"category": "Application",
"id": "your_owned_app_id"
},
{
"name": "app_name1",
"access_token": "current_token_here",
"category": "Application",
"id": "your_owned_app1_id"
},

I just got this to work using the Facebook JS API:
FB.api({ method: 'pages.isAdmin', page_id : fbAppId }, function(response){
if(response){
alert('the user is an admin');
}else{
alert('the user is not an admin')
}
});
It's using the FB.api method to access the old REST API. This assumes that you've already called FB.init, so make sure that this comes after your init code.
Cheers,
Jeremy

You can get the signed_request and then check if page_admin = 1
<?php
$signed_request = $facebook->getSignedRequest();
$page_admin = $signed_request["page"]["admin"];
if ( $page_admin == 1 ){
echo 'Welcome Admin!';
}
?>

I tried to attempted javascript form above and found this method to work as an alternative now that the old restful api is depreciated.
function checkAdmin(fbUID, fbAppID){
FB.api({
method: 'fql.query',
query: 'SELECT role FROM app_role WHERE developer_id ='+fbUID+' AND application_id = '+fbAppID
},
function(response) {
if(response.length){
alert('User is an Admin');
}
else{
alert('User is not an Admin')
}
});
}