Is there any graph API available to logout a user from facebook? My application is able to succesfully retrieve user information and post on a user's wall. The problem is after authorization the facebook user is left in logged-in state and control goes back to my application. I want to logout the user after authprization is over and before the control comes back to my application. I want to use graph API and do it at the back end being implemented in Java.
Thanks.
Facebook PHP SDK uses a function like this:
public function getLogoutUrl($params=array()) {
return $this->getUrl(
'www',
'logout.php',
array_merge(array(
'next' => $this->getCurrentUrl(),
'access_token' => $this->getAccessToken(),
), $params)
);
}
Which creates a URL like:
https://www.facebook.com/logout.php?next={YOUR_ENCODED_URL}&access_token={YOUR_ACCESS_TOKEN}
I believe the encoded URL must be owned by the application to whom the access_token belong.
If you get that URL right, it'll work (just tried for one of my applications)
No, you cannot log-out a user programatically via Java. You should create a logout link or button on the page instead.
you can use below code for logout from app
$logoutUrl = $facebook->getLogoutUrl();
echo 'Logout';
replace above code in
try{
//above code
} catch {
//other code
}
Related
In my api, I have a /users endpoint which currently shows (eg address) details of all users currently registered. This needs to be accessed by the (Ember) application (eg to view a user shipping address) but for obvious reasons I can't allow anyone to be able to view the data (whether that be via the browsable api or as plain JSON if we restrict a view to just use the JSONRenderer). I don't think I can use authentication and permissions, since the application needs to log a user in from the front end app (I am using token based authentication) in the first instance. If I use authentication on the user view in Django for instance, I am unable to login from Ember.
Am I missing something?
UPDATE
Hi, I wanted to come back on this.
For authentication on the Ember side I'm using Ember Simple Auth and token based authentication in Django. All is working fine - I can log into the Ember app, and have access to the token.
What I need to be able to do is to access the user; for this I followed the code sample here https://github.com/simplabs/ember-simple-auth/blob/master/guides/managing-current-user.md
I have tested the token based authentication in Postman, using the token for my logged in user - and can access the /users endpoint. (This is returning all users - what I want is for only the user for whom I have the token to be returned but that's for later!).
The question is how to do I pass the (token) header in any Ember requests, eg
this.store.findAll('user') .... etc
This is clearly not happening currently, and I'm not sure how to fix this.
UPDATE
Fixed it. Turns out that the authorize function in my application adapter was not setting the headers, so have changed the code to set the headers explicitly:
authorize(xhr) {
let { access_token } = this.get('session.data.authenticated');
if (isPresent(access_token)) {
xhr.setRequestHeader('Authorization', `Token ${access_token}`);
}
},
headers: computed('session.data.authenticated.token', function () {
const headers = {};
if (this.session.isAuthenticated) {
headers['Authorization'] = `Token ${this.session.data.authenticated.token}`
}
return headers;
})
Ember is framework for creating SPAs. These run in the browser. So for Ember to get the data, you have to send the data to the browser.
The browser is completely under the control of the user. The browser is software that works for them, not for the owner of the website.
Any data you send to the browser, the user can access. Full stop.
If you want to limit which bits of the data the user can read from the API, then you need to write the logic to apply those limits server-side and not depend on the client-side Ember code to filter out the bits you don't want the user to see.
I don't think I can use authentication and permissions, since the application needs to log a user in from the front end app (I am using token based authentication) in the first instance. If I use authentication on the user view in Django for instance, I am unable to login from Ember.
This doesn't really make sense.
Generally, this should happen:
The user enters some credentials into the Ember app
The ember app sends them to an authentication endpoint on the server
The server returns a token
The ember app stores the token
The ember app sends the token when it makes the request for data from the API
The server uses the token to determine which data to send back from the API
Through Facebook's PHP SDK getting started guide it takes you through the process of initializing your app, creating a Login URL and then handling the call back data and doing a simple query.
In the documentation it says you can skip the initializing process providing an access token from 'some other means'.
$session = new FacebookSession('access token here');
Due to the lack of documentation I'm struggling on how I would define a scope before creating the login URL and then use the call back data to extract the access token.
This tutorial will help you get started with using the Facebook PHP SDK to log a user in.
Basically, you need to setup your application first and use the FacebookRedirectLoginHelper to create the login URL:
FacebookSession::setDefaultApplication( 'xxx','yyy' );
// login helper with redirect_uri
$helper = new FacebookRedirectLoginHelper( 'http://yourwebsite.com/app/' );
// show login url, scope is array of permissions
echo 'Login';
Recently I am experiencing this problem.
When I click to register with facebook and I am logged in as a user, I can see my information correctly. But staying on the same page, if I log out from facebook in some other tab and click Register with facebook on my own site, I see this person profile picture. The url of this image is:
http://graph.facebook.com/undefined/picture?type=large
I am accessing graph API using APP
Kindly advise me the solution to the problem
Accessing a users data requires an access token, with out this token your call is getting undefined returned as a user, and with out the access token appended to the picture url it returns emphamous Unknown User.
refer to: http://developers.facebook.com/docs/facebook-login/access-tokens/
for requesting access tokens, and usage.
Example Only: https://graph.facebook.com/ShawnsSpace/picture?type=large&return_ssl_resources=1&access_token=users_access_token
My script cannot access FB script without Access token
FB.login(function(response)
{
//If the user is succesfully authenticated, we execute some code to handle the freshly
//logged in user, if not, we do nothing
if (response.authResponse)
{
FB.api('/me', function(response) {}
}
{scope:'email,user_events,friends_photos,user_about_me,user_birthday,user_hometown,user_location,user_location,user_relationships'}); });//fbclick
So, I think access token condition is already satisfied.
I am working with facebook graph api rsvp_event. I am using javascript SDK. Everything works great when the user is logged in. But when the user is not logged in, it gives an error.
I need information about who is attending a public event. I now understand that I would need an access token to retrieve this information. So, my question is how do I get the access token if no user is logged in? Is it impossible or is there a workaround? Could it be done server side using app_id and client_secret?
I am developing a ColdFusion page, but I can use PHP if needed. I have support for both.
I have heard the term *offline_access_permission*. They have removed this feature. Could it be done when it was still available?
EDIT:
Could this be achieved by test user? Say, on server side I login via test user, get the event information (Just a "get" request to read who is attending an event) and then log off. On the client side I do the rest ( user login, rsvp to an event).
I don't know much about "test user" or its purpose. Can anyone confirm whether this can be achieved or not?
Thanks in advance.
Are you sure you actually need the user's access token? According to documentation here you may need:
- a generic access_token for public events (those whose privacy is set to OPEN)
- a user access_token for a user who can see the event for non-public events
- an app access_token (for non-public events, must be the app that created the event)
- a page access_token (for non-public events, must be the page that created the event)
You can get info on how to get those tokens here https://developers.facebook.com/docs/concepts/login/access-tokens-and-types/
A good idea could be to store the attending users (in the DB) when you have access to the event - when some user is logged in.
UPDATE for getting the data from FileContent.
I don't know what API response exactly you are referring to, but from my experience they are returning data:
- serialized using JSON - you need to use DeserializeJSON(), for example like this:
local.returnStruct = DeserializeJSON( local.requestResult.FileContent );
or
local.returnStruct = DeserializeJSON( local.requestResult.FileContent.toString() );
send as something similar to URI. I'm using a function to get that data:
function getStructFromQueryString( queryString ) {
var ret = StructNew();
var i = 0;
var key = '';
for(i=1; i LTE ListLen(arguments.queryString,'&'); i++) {
key = ListGetAt(arguments.queryString, i, '&');
ret[ListFirst(key,'=')] = URLDecode(ListLast(key,"="));
}
return ret;
}
Basically what you want is a refresh token that can get access tokens when the user is offline, unfortunately facebook does not provide them anymore as far as i know.
To learn more about oauth2 pleas play around with https://developers.google.com/oauthplayground/ its a very nice tool to understand the oauth2 process.
i'm working with the facebook sdk for php and want the users to sit on my own database but still to get permissions of them.
my very basic use of the
i want to register users to my site via facebook, but i still want to be able to post to thier wall. i thought about only using the facebook login method but then i have no way to ask my customers (Via registration) what is their phone number and the phone number is the most important part i need from the people who register.
i tried to add the scope params to my <fb:registration tag but it seems to ignore it. when i only use the login method via <fb:login-button the permissions issue seems to work.
this is my exact flow:
first, i call the fb:login-button to determine if the client is already reistered:
<fb:login-button scope="publish_stream,user_checkins,email" registration-url="/register" /></fb:login-button>
then, on the registration page i have this code:
<fb:registration
fields='[{"name":"name"},{"name":"gender"},{"name":"email"},{"name":"birthday"},{"name":"location"},{"name":"phone2","description":"mobile phone","type":"text"}]'
redirect-uri="XXXXXX"
fb_only="true"
scope="read_stream,publish_stream"
width="530">
when the user comes back from facebook i use this code:
require_once('facebook-sdk/src/facebook.php');
$facebook = new Facebook(array( 'appId' => $GLOBALS['facebookAppID'], 'secret' => $GLOBALS['facebookAppSecret']));
$customerArray = $facebook->getSignedRequest();
that's works great and create the customer record on my database. but - it does not give the permission i need to post on my user wall.
You can't ask for user permissions in registration using this plugin, but you can do a work around asking for permissions before showing the form. You can make a call to FB.login popup and after the user gives you permissions in the callback function you can show the registration form (which could be hidden while the user accept the permissions).