FB.logout() only from the application using javaScript SDK - facebook-javascript-sdk

I get a user's data using the Facebook JavaScript SDK like this:
FB.login(function(response){
// some code here
userid = response.authResponse.userId;
});
If the user id is odd (undesired one), then I call:
FB.logout();
This will make the user logout from my application and their Facebook account as well.
I want it to only log out the user out from my application. They should not be logged out from their Facebook account.
Below is the code I use to initialize the FB variable:
FB.init({appId: 'XXXXXXXXXXXXX', cookie: true, status: true, xfbml : true});
If a user logs in to my application then I get the response. The response has the status, access_token and user_id.
Which variable should I use to achieve only logging them out of my application and not Facebook?

I am also having the same problem, looks like we need to use both PHP and Javascript SDK to get and maintain the state for App only logout. You can check out the tutorial here, I am just looking into this, so I have not actually checked if it works.

Related

Firebase Facebook oAuth missing scopes in Facebook Popup Login

Facebook is ignoring our scope parameters that are being requested from our app. We're using Firebase authentication which provides an SDK that allows us to request a series of permission scopes from Facebook.
Here is an example of what this looks like:
import firebase from 'firebase/app';
// instantiate new Facebook provider
export const fbProviderRedirect = new firebase.auth.FacebookAuthProvider();
// add business_manager scope to access user's business manager data
fbProviderRedirect.addScope('business_management');
fbProviderRedirect.addScope('public_profile');
fbProviderRedirect.addScope('email');
fbProviderRedirect.addScope('ads_read');
fbProviderRedirect.addScope('ads_management');
fbProviderRedirect.setCustomParameters({ auth_type: 'reauthenticate' });
We then call our auth function and pass in the 'fbProviderRedirect instance as an arg
const linkToProvider = (provider) => {
return auth.currentUser.linkWithRedirect(provider);
};
Once a user selects our btn, they are redirected to the facebook dialog screen and are presented with a request to grant our app access. However, here is the part that we cannot figure out.
While testing, when we use our FB app admin account, when we select the btn two dialog screens appear. First screen contains permissions: public_profile and email, and the second dialog screen covers all of the remaining permissions.
When regular users attempt this, they only see the first screen, not the second. They are then given an access token which does NOT contain any of the explicitly set permissions from firebase.
Our app within facebook was reviewed and approved via advanced access for the following permissions:
pages_show_list, business_management, ads_read, pages_read_engagement, ads_management
Additionally, our app was also verified as a business. So we've been both approved and verified by facebook for our app and business.
We cannot figure out what we're missing or doing wrong. Any suggestions on how to proceed?
oAuth screen:
Review approved:
Business Verified:
You have to press 'Continue As _____' and the scopes that you are asking for will be shown in the next few dialogs.

Google+ JavaScript API: How to detect user sign in status?

I have deployed Google+ Sign-in Button, now I have to provide Sign-Out Button, before that, I need to know whether the user is still signed in, by which I can then show or hide this button.
I found this documentation: gapi.auth.checkSessionState(sessionParams, callback):
https://developers.google.com/+/web/api/javascript?hl=en#gapiauthchecksessionstatesessionparams_callback
Could someone demo how to use it ?
Many thanks.
gapi.auth2.getAuthInstance().isSignedIn.get()
This returns boolean
You don't need to use a separate function call to determine the user's signed in state if you've already added the sign-in button. The sign-in button's callback is going to trigger either on sign-in, when the page loads, or any time that the user's signed-in status changes. The page load trigger (immediate mode), will also help to indicate if the user is a Google signed-in user or not.
See monitoring the user's signed in status, which shows the different status fields that you can check (Google signed in, app signed in, or signed out).
From Google dev docs :
If you pass null to sessionParams.session_state, you can check if the user is signed in to Google, whether or not they have previously authorized your app.
So your code will be like this:
gapi.auth.checkSessionState({session_state: null}, function(isUserNotLoggedIn){
if (isUserNotLoggedIn) {
// do some stuff
}
});
This is an example of how to use it:
gapi.auth.checkSessionState({client_id:'99999999999.apps.googleusercontent.com'}, signinCallback);
where client_id is the id of your project on g+ console. and siginCallback is a function i created to check the state.
IT'S VERY IMPORTANT to notice that the official api documentation says:
If the argument is true, the supplied session_state is still valid. If the argument is false, it is no longer valid and the application should perform a new re-authorization flow with immediate set to true to get an up-to-date access token or detect a non-authorized or nonexistent Google sign-in session.
But when i recive the response of checkSessionState i get true value when im signed off and false when im signed in. I Dont know if there was an error on the documentation but you can try it by yourself.
Hope this has been helpful for you.
PD: excuses for my awful english
Adapted from Tom Anthony's Blog
One simple way you can use without the use of an API to see if a user is logged into Google + (Or Google/Facebook/Twitter) is to try to access a resource which they would only be able to access if logged in. The code below attempts to load an image resource for which the user needs to be authenticated to access. By default html <img> tags run onload() if an image is successfully returned, but onerror() otherwise.
<img style="display:none;"
onload="function(){document.getElementById('signOutButton').style.visibility = 'hidden';}"
onerror="function(){document.getElementById('signOutButton').style.visibility = 'visible';}"
src="https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0"
/>

Google plus login requires permission on every login

I have implemented a Facebook, Twitter and Google plus login to my website. For Facebook and Twitter the user needs to give permission to the app one time, unless i make a change in the required information.
Google Plus however asks for permission for my app every single time. And I can not find anywhere to configure the app in only requesting this once.
You need to set the 'approvalprompt' to 'auto'
function render() {
gapi.signin.render('customBtn', {
//'callback': 'signinCallback',
'clientid': '841077041629.apps.googleusercontent.com',
'cookiepolicy': 'single_host_origin',
'requestvisibleactions': 'http://schemas.google.com/AddActivity',
'scope': 'https://www.googleapis.com/auth/plus.login'
'approvalprompt': 'auto'
});
}
Remove the approvalprompt parameter from your sign-in code. I assume you copied from one of the examples that uses this parameter to ensure that the example is always in a new state.

How to use the Facebook JavaScript SDK with the sorcery gem

I followed the guide provided here by Sorcery about handling user logins with Facebook.
# callback method called by Facebook after getting the authorization by the user
if user = login_from(provider) # provider == "facebook"
redirect_to root_path #, :notice => "Logged in from #{provider.titleize}!"
else
begin
user = create_from(provider)
...
However it only requires that my users leave my site to go to the Facebook page and then get redirected here.
What I would like to achieve is what I see when using the Facebook JavaScript SDK which is a clean popup right in my page. To achieve this I followed a tutorial on Railscasts:
$('#sign_in').click (e) ->
e.preventDefault()
FB.login (response) ->
window.location = '/auth/facebook/callback' if response.authResponse
However, the authResponse only contains an accessToken and a signedRequest and a userid while Sorcery requires a code.
Is there anyway to do this properly (or get the code using the accessToken?).
However, the authResponse only contains an accessToken and a signedRequest and a userid while Sorcery requires a code.
Is there anyway to do this properly (or get the code using the accessToken?).
In the server-side flow, the code is just an intermediate step in getting the access token – app gets code, and exchanges code for an access token.
Since in the client-side flow you already get an access token when it’s finished – it does not get any more “proper” than that.
So you have two options:
either refactor your Sorcery-thingie, so that it skips the step where it gets a code and exchanges that for an access token, and directly “set” the access token yourself after getting it (wherever Sorcery might want it to be set); or
stick to the server-side flow, but open that yourself in a popup window. Then you’ll still get the code, but you’ll get it inside the popup window. So you’d have to close the popup window and maybe reload your original window yourself afterwards.

Facebook Connect: User has logged in and given permissions, now what?

So i've been trying to get FB Connect working on my site, simply for login and authentication, using the Javascript SDK and following the code at:
https://developers.facebook.com/docs/guides/web/
So the button appears, i click it, a dialog pops up, i click that, presumably my site now has permission to know who i am...
Then what? The guide goes on to saying all the stuff I can access through the Facebook API, all the cool things about permissions, but presumably i need the user's ID or access token or something to get at this stuff. How is that given to me? left as a attribute on one of the elements? Left in a Javascript variable somewhere? Given as an argument to some callback? Thrown high into the heavens for me to receive via satellite downlink?
This is probably incredibly simple, but for the life of me i have not been able to figure it out. Facebook's tutorials have failed me, and so has Google. I want to get this in the Javascript, so I can immediately fill in form-data using the user's Facebook name, put a picture, etc. etc., and presumably send this all back to the server so the server can validate with Facebook that the data is real.
I'm assuming you're using the Login button? https://developers.facebook.com/docs/reference/plugins/login/
If you simply want form info, check out the registration plugin - https://developers.facebook.com/docs/plugins/registration/
However, to answer your question, make an API call to /me. For example:
FB.api('/me', function(user) {
if(user != null) {
// The user object now contains info about the logged in user
}
});
You should subscribe to the auth.login event and wrap the above API call in the successful response, i.e.:
FB.Event.subscribe('auth.login', function() {
// JS to run if when the user logs in, for example, the code snippet above
});