how to check that user is logged in to facebook - php sdk - authentication

How I can determine that user is logged in to facebook but not authenticated my facebook web application using php sdk. I know we have $user = $facebook->getUser(); but this only check that user authenticated the app or not. I want something like FB.getLoginStatus
the user is logged into Facebook and has authenticated your application (connected)
the user is logged into Facebook but has not authenticated your application (not_authorized)
the user is not logged into Facebook at this time and so we don't know if they've authenticated your application or not (unknown)
Want to determine second condition using php sdk i.e. of not_authorized but logged in to facebook

The PHP SDK on it’s own has no way of knowing that.
The JS SDK can make cross-domain calls to have Facebook check if there is an active session under their domain. From server-side alone there is no way of doing something similar.
I want something like FB.getLoginStatus
And why not use just that, and pass the info on to the server? (Cookie, AJAX, …)

Related

Get long access token from instagram mobile app

I'm using `
https://api.instagram.com/oauth/authorize?client_id={{ instagramAppId }}&redirect_uri={{ redirectUrl }}&scope=user_media,user_profile&response_type=code
` url to verify user via instagram api.
Is it possible to get access token from instagram mobile app? The web view with insta login needs credentials to login, even though user is logged in mobile app.
Thanks!
Webviews keep their own cookie jars, so you have to log in separately. You can't use the mobile app's tokens. You can open the login page in a browser instead of a web view. Then, if the user is already logged in to Instagram in this given browser, you will instantly get a response from the authorization endpoint. Still, the user needs to be logged in in the concrete browser, being logged in in the app won't help.

Facebook Login for Web

According to this link Facebook Login for the Web, I can let my users login with facebook accounts (after logging to my facebook app).
now, all the work is done here in javascript which is a client-based code, it means it is insecure and a hacker could easily trespass my login step.
I know i should be using PHP SDK (for example) to secure the login process, but my question is why would I use this method ????

How do I get logged out from social site in securesocial 2.1.3?

In my play 2.2.4 application, using securesocial 2.1.3 module for authenticating the user via social login(google, facebook,linkedIn). Finally I want to logout the user from social site. For logout I use the following call.
GET /logout securesocial.controllers.LoginPage.logout
But the social site is not get logged out.
what is this the correct way of doing logout?
You can't log out from an external provider. That is not supported and I would advise against it. Your users won't expect to be logged out from Facebook for example if they decide to log out from your app.

The use of FacebookAuthProvider in apps

I've been working with ServiceStack for quite some time now and i love it. But there is one thing i can't figure out.
How are app's (ios, android etc.) that are using my servicestack endpoints, suppose to use the facebook endpoint "/auth/facebook"?
When using this url "/auth/facebook" from the browser it works fine, but the response is html, and not an AuthResponse og something serializable.
Is this endpoint only to be used from websites with servicestack in the same solution?
The way that stuff works is by redirecting the user to Facebook with an API key that matches your app. The user then tells Facebook that your app is ok, and Facebook redirects them back. This can only be done via a browser. You really have two options to work around this:
Make the user authenticate with Facebook using a website and then authenticate your user with credentials from the app.
Use the built in iOS Facebook stuff and send the resulting auth tokens to an endpoint on your app, where you can save them for later use.
Edit, a bit more clarification:
Option 1
User Goes to your website
User Clicks on your Auth With Facebook button
User is sent your your Facebook endpoint set up in Service Stack
User is redirected by Service Stack to Facebook
User is redirected back to Service Stack from Facebook, with a token in the url
You save the token in your database and tell the user they can now user your app with Facebook.
Option 1.5
The same as Option 1 but instead of making the user go through their browser you create a UIWebView control and point it to your Facebook Auth endpoint. Then you listen for a response from your site that says the user is authenticated. I'm not a objective c, so I can't really get more detailed on how to do that.
Option 2
Use the iOS Facebook API and handle authentication as seen here.
POST the credentials to Service Stack via a Custom Endpoint
Save credentials in the db, and use them in the future to make calls on behalf of the user.
Facebook Login requires a browser of some sort, because Facebook's cookies must be passed along with a request to authorize your website. That is how Facebook knows which of it's users wants to authorize your site, and that they are the ones making the request.

Devise force logout if logged out from facebook

I have the following scenario:
User logs in with Facebook connect (devise, omniauth)
User starts browsing around the site
User logs out from Facebook
User can still browse around. <-- how can I prevent this from happening?
I basically want to redirect the user to the login page if he is logged out from Facebook
I'm using Rails 3.1 with devise, omniauth.
I think you have a misconception here. Once the user has granted your app privileges to access the Facebook profile--either by virtue of being logged into Facebook in another browser tab, or by explicitly logging into Facebook when redirected--then the OAuth handshake it done and your user is authenticated. The authentication state is now kept locally with your app; you presumably have a session cookie with the user_id, which Devise will handle for you.
The Facebook login on the browser is only necessary to log in, not to authenticate each single request.
You could presumably run the OAuth handshake on every single request, but that would be a lot of performance overhead, and also Facebook may rate limit you.
What is the business case for this scenario? Why do you think you want this?