Facebook: webpage working as an app and a page - authentication

I want to make a webpage, that works as an APP (in facebook, iframe) and as a usual webpage too.
How can I accomplish this in a proper way?
Right now, I'm connecting to facebook as an APP with the PHP SDK: getLoginUrl(), then redirect the user to this url, blabla. Works fine if I'm in facebook, and using it as an app.
Problem is if the session is outdated, and I'm not looking this on facebook, this redirecting gets annoying, also: very unprofessional in my opinion...
Thanks in advance!
SOLVED: here's the solution for my specific problem:
It took me 1 change of line in the code, which is the following:
$canvaseurl = ($_SERVER['HTTP_REFERER'] == "https://apps.facebook.com/APPNAME/") ? "https://apps.facebook.com/APPNAME/": "https://MYWEBPAGE.hu/app/";
So I simply redirect to the url, where the user came from.
Pretty simple. :)

Once the person authorizes the application, you will be able to use either the iframe or the website, just so long as you don't force it to go back to the application page. I have used the Facebook PHP SDK and noticed that if you enter the actual location that is loading into the iframe it will stay on that page outside of the apps.facebook.com. However this is dependant on the settings you use. Try experimenting with it and see if that helps you.

Related

Disable Twitter Universal Deep Links

Update: It appears Twitter has fixed this issue. Clicking the authorize button now works! Thank you all for the responses.
I have a UIWebView that opens and directs to Twitters Oauth/Authorize webpage. The user signs in with there Twitter details and authenticates the use of our application with there Twitter account. This process worked perfect before the release of Twitter 6.37 iOS application. What happens now is when the WebView detects https://twitter.com/oauth/authorize?oauth_token instead of staying in the WebView it opens the native Twitter application and dies. If you uninstall the Twitter application everything works as usually it staying within the WebView. How can I prevent this from happening? I want to stay within my UIWebView and not automatically open deep links. I have been reading about the new URL deep link changes in iOS 9, but not sure of how to stop them from my application to other native applications. Thanks for any help!
As a workaround, in twitter authentication screen we can use the Go button on iOS typing keypad instead of using the sign in button on web view until twitter fixes.
Please refer the attached screenshot link for clarity.
Screenshot for the workaround
I ran into this issue as well and figured out it was because my authorize endpoint was set to https://twitter.com/oauth/authorize?oauth_token="+oauthToken (I believe this was in the original documentation). If you add api as the subdomain: https://api.twitter.com/oauth/authorize?oauth_token="+oauthToken, it will no longer trigger the deep linking and load the twitter app.
My answer to this via a Xamarin question:
Unless Twitter removes/updates the apps section of "https://www.twitter.com/apple-app-site-association" to allow a bypass or a secondary oauth that is not in the apple-app-site-association file I do not see how you would do it. These files are signed and iOS handles them at an OS level.
I have not played around very much with the continueUserActivity delegate and the NSUserActivity object that is passed to apps launched from UNI links, but I do not see a way for the launched app (i.e. Twitter) to return control to the original app, and at that point the oauth call-chain would be broken anyway....
Unique. Unlike custom URL schemes, universal links can’t be claimed by other apps, because they use standard HTTP or HTTPS links to your website.
Secure. When users install your app, iOS checks a file that you’ve uploaded to your web server to make sure that your website allows your app to open URLs on its behalf. Only you can create and upload this file, so the association of your website with your app is secure.
Via: https://developer.apple.com/library/prerelease/ios/documentation/General/Conceptual/AppSearch/UniversalLinks.html
I would report as an issue (bug?) to Twitter's Dev forum: https://twittercommunity.com

iOS App URL is not being detected

I have created a custom App URL for my iOS app. The URL format is similar to this:
myappname://texttobeparsed
This works fine when I paste the URL in safari, My App opens and correctly handles the URL. The problem is that other apps such as iMessage or Notes do not recognize this as a URL.
Why isn't this URL scheme being recognized as a URL? Could it have to do with how I set it up in my info.plist file or something else?
Or, does the URL need to be in a different format to be recognized?
I know it's possible to have the system recognize it as a URL in apps other than web-browsers because I've seen it before with other apps (ex. iTunes: itms://itunes.com/apps/appname or Twitter: twitter:// or Facebook: fb://).
There's nothing you can do about this. If the link isn't explicit (e.g. in an HTML email), these apps can just recognize a built-in set of standard URL schemes. itms:// is one of Apple's own schemes (for the iTunes Store), so it makes sense that it is supported in addition to the standard mailto://, http://, tel://... schemes.
Edit: I would guess that the information that is used to determine what constitutes a valid URL in text views etc. is cached somehow. Contrary to what I initially guessed, it seems that app-specific URLs do work in Notes, etc. I've tested this with tweetbot:// for example (which I have installed) and twitter:// (which I don't have installed) to verify that it doesn't just check for a pattern like *://, but actually uses information about the installed apps.
I'd suggest that you try to restart your device. If it's an issue with some cache, that might help and I don't think there's much else you could do if your URL scheme already works in Safari.
Update: I've installed the official Twitter app to test this, the twitter:// scheme wasn't immediately recognized in Notes, but after killing and restarting the Notes app, it worked.
Update 2: I've done a minimal test app with myappname:// as a custom URL scheme. Again, like with the Twitter app, it worked after restarting the Notes app, so it doesn't seem related to the popularity of the app or whether it's been submitted or not.
I can't answer as to why it's not working (beyond guessing that the link interpreter is hard-coded to only recognize certain URL schemes), but I can say that the typical way around this is to link to a web page, and have the web page redirect to your custom scheme.
It's slightly less elegant, because the user will see Safari open up briefly before being forwarded to your app, but it's also more robust because the web page can provide a link to the app store to install the app if it is not installed on the user's phone.

Modifying Google OAuth2 login page

Is it possible to modify or show a more iOS friendly login page from googles oauth2 services? I'm not sure if I have seen a modified on before but i can't find any information on it. Any help would be appreciated.
I think the only change you can do is to provide your own logo as described here: https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Register
To make the login process more like a part of your application it is possible to open the login page in an embedded browser instead of open it in Safari, but you will not be able to change how it looks.

How could I make sure that facebook reject my request for authentication plugin

About 2 weeks ago, the fb login button on my site was not working. At that time, my site was attacking by some robots.
Is that the reason why my login button was not working anymore?
How could I make sure?
Is there any way like email or some form page to contact with the fb manager?
Thanks a lot.
Pokey
if the bots attacking your website didn't affect the content of your page (the Page you store the javascript calling for the Login for Facebook). it wouldn't make sense not to work. Because the login button access the facebook server, if the javascript part on your page of the Facebook Login is correct, even with attacks it would work perfectly. So maybe it's something else. You need to give more details!

Facebook Connect button not showing up in Safari/Chrome

My implementation of Facebook Connect (just a simple login button, fb:login-button) works perfectly on Firefox and IE.
But the same button is not showing up in Safari/Chrome (Webkit).
Here's what's ironic. In my debugging effort, I saved the page (that contains fb:login-button) up as a static page and then load it in Safari. And the button shows up, everything works!
The exact same page (with the exact same HTML source) rendered by my PHP has no way for bringing up the button.
I'm trying hard to support Webkit here but I'm close to giving up. Can anybody help?
I found one more way this can occur (the blame-myself-for-being-stupid way); it's probably not common, but in the event is saves anyone else the hassle, here it is:
This symptom can also be caused by various security tools blocking facebook resources.
In my case, I'd installed Facebook Disconnect ages ago in Chrome as a plugin and forgotten all about it being installed. I also had a second installation of Chrome that was seemingly identical (but did not have Facebook Disconnect). The first would properly load the fb:login-button, and the other would not; took me ages before I looked at the plugins, because Facebook Disconnect didn't have an icon and so its presence was pretty easy for me to miss.
Here's what you'll see if some sort of security plugin is preventing facebook resources from loading. Just look at the html that renders in the browser using developer tools.
In a normal chrome session you'll end up with something like this:
<fb:login-button><a class="fb_button fb_button_medium"><span class="fb_button_text">Your text here</span></a></fb:login-button>
But in the version with facebook's resources disabled you'll end up with this:
<fb:login-button>Your text here</fb:login-button>
Like I said, pretty obvious in retrospect.
Had the same problem but it was not related to anything like a plugin or malformed content. It seems if you enable country filtering on your facebook page it has an issue with the like button, this should be fairly obvious. Facebook gets your location from your profile and not your IP address.
Make sure to disable country locking if you plan on using the social plugins.
This can be due to having ClickToFlash installed. Either disable it, or check "Automatically load invisible Flash views" in the ClickToFlash settings.
What we found out is that Safari (and maybe some older versions of Chrome or other WebKIT browsers) have a problem with Facebook's code using the innerHTML JS function if your page arrives with an XHTML response header (application/xhtml+xml).
Using text/html solves the issue.
In case of JSF2, which we use, the implementing the fix was as simple as wrapping the FB button like this:
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:fb="http://www.facebook.com/2008/fbml"
xmlns:f="http://java.sun.com/jsf/core">
...
<f:view contentType="text/html">
<fb:login-button>Login using Facebook</fb:login-button>
</f:view>
Facebook bug report here:
http://bugs.developers.facebook.net/show_bug.cgi?id=5545
I had this problem with the Facebook button not showing at all and it took me forever to figure out what it was. Luckily after days of hair pulling I will now share the answer with everyone. In my situation I simply didn't have xfbml enabled. In my FB.init I had it set to false:
FB.init({
appId : 'app_id', // App ID
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : false, // parse XFBML
oauth : true // enable OAuth 2.0
});
I changed this to "true" (xfbml) and the login buttons works great now! :P Good luck!
This happened when I had the wrong domain in callback_url in config/facebooker.yml. Apparently it uses that to load the js files.
I had the same problem but I resolved it by making sure the URL in my app settings was exactly the same as the one for my site (i.e. it didn't work when I accessed my site without the www.).
I have tried every suggested solution here and it didn't work for me. But now I finally found the solution.
Facebook requires now a secured (https) for Canvas (Secure Canvas URL). The unsecured one will be deprecated soon.
Here is the main difference, Chrome doesn't like https connections with invalid certifications. On a localhost, it is very likely you have stunnel installed to allow https connection for the localhost. Firefox is ok with the self created SSL certificate and allows you to add an exception when trying to access that site. Chrome doesn't allow it out of the box.
When I load my app in Chrome the page is blank and I dont see any login button.
Click F12 and click the Netwrok tab in Chrome:
You see that the post request to your localhost is cancelled. DOUBLE Click on it.
Now you would see that chrome is blocking the localhost because of the certificate:
click on proceed anyway.
Now to back to your other tab and reload the page:
Chrome works now like Firefox and shows the login button.