Is it possible to have login levels with the facebook authentication? Also, is it possible to only give permission to login in my website if you meet certain requirements, like for example being in a facebook group, or liking a page?
I have a students website, and I want them to be able to login using facebook but not every one can access the information only students form my course. So is it possible to check if they are in the course closed group before letting them login?
Thanks for the help...
No, you cannot do that prior to the login. However, immediately after the login you can validate, by their facebook id, if they're on your list of approved people, and redirect away others who are not. Google for Facebook fan gate examples, there's alot of them out and about.
Related
Is it possible to use Google+ login page to allow users to login as pages to the site?
Otherwise, is there an API to get information about a logged in user pages? Or do I need to request access to Pages API?
In some cases, this is possible. However, the user would need to register a password on their page, which, according to the help topic, "is currently not available to pages owned by Google Apps accounts or users under the age of 18". I don't believe most people have this set up. You could request having such people set this up, but if they fall under that group they would be out of luck.
As such, I would recommend that you look for another way of doing this.
Is it possible to use the Google+ API to check if a user is a member of another users particular circle?
Example use case:
User Joe adds User Bill to "Joes Friends" Google+ Circle
User Joe is also a user on my website "videos-from-my-weekend.com"
Joe Picks a particular video from my site, then grants access to that video to anyone in his "Joes Friends" Google+ Circle.
User Bill logs in to my website, and is able to watch Joe's videos.
Nefarious Steve tries to watch Bill's videos, but fails the Google+ api check since he's not a member of the "Joes Friends" Google+ Circle.
I hope I explained that clearly enough.
This is really a code independant question.
If you're trying to check a particular circle, then no you can't do that.
If you're trying to check that the viewing user exists in any circle, then the following conditions must be met:
Users must have authorized your app to request their friends list by requesting the auth scope https://www.googleapis.com/auth/plus.login, which is included by using Google+ Sign-In or you can just do a straight OAuth 2.0 flow with it.
When the user authorizes your app, they have a choice of whether to allow your app to know about all, some, or none of their circles. The a flat list of people from any circles they allow your app to see would be available with people.list.
After they authorize your app, you make requests and get both of their friend's lists and store those in your DB for checking nefarious Steve against later.
i am currently working on an app, that requires people to use their facebook profile to sign in. My question is: is there any way for non-individuals to be able to sign in? I mean group pages, business pages etc, because i need to import their profile picture and their names. Maybe any other way/idea to import them.
That would really help my case.
No. All Facebook accounts are supposed to belong to users. Users can be admins of groups and business pages, but there is no way to directly login to one of these without first logging in to their user account.
Businesses and groups sometimes incorrectly register themselves as users. There is no way to filter these out.
That said, if you make a call to https://graph.facebook.com/ID?fields=name,picture where ID is from a user, group or business page, all of these return a name and profile picture.
I'm getting started with a mix of Facebook Registration and Facebook Connect and wondering if there's a problem with my existing users foo#bar.com and bar#foo.com both connecting their accounts on my site to the same Facebook UID.
I can guess that if foo#bar.com connects to Facebook through my application, then bar#foo.com might have to re-authenticate because my application would use a different token for the same Facebook UID the second time. Would Facebook somehow reject the use of multiple tokens from my application?
To be clear - I know I can control whether or not the uniqueness is a problem in my database, I'm mostly trying to anticipate how Facebook will treat multiple different requests from the same application and if there might be any problems in how the application behaves.
Your question is so fogy. What you actually want to do? When you want to connect with facebook, it means you allow users to login in your system with their facebook accounts. So authentication will be done at facebook end. I am unable to understand your double ID phenomenon. What do you mean by two different ID's?
So I'm in the midst of creating a Facebook Connect enabled site. The site in question will leverage your social graph - as defined by your facebook account - to do social things (what is really not important here). Here's the big question I have:
Are people still rolling their own authentication heuristic when using something like Facebook Connect? That is, are newer (FBConnect) sites today providing only FBConnect as an authentication strategy, or are they pairing it with other auth strategies (such as Google Auth, Open ID, etc)? What do you think is the best way to go? With Facebook having over 300,000,000 users now, is having 1 authentication strategy (FBConnect) enough? Or is it proper netiquette to provide users other means?
Some of the references I have been looking at today:
http://www.kenburbary.com/2009/08/five-reasons-companies-should-be-integrating-social-media-with-facebook-connect/
Increased Registration - Data from Facebook states that sites that use Facebook Conect as an alternate to account registration have seen a 30-300% increase in registration on their sites.
• Citysearch.com – Daily site registrations have tripled in the 4 months since Facebook Connect testing began
• Huffingtonpost.com – Since integrating with Facebook Connect, more than 33% of their new commentor registrations come through Facebook
• Cbsinsider.com – Over 85% of all new user registrations are coming from Facebook Connect
http://www.simtechnologies.net/facebook-connect-integration.php
"according to the current statistics using facebook connect increases 30-40% user traffic as compared to non-facebook connect websites."
http://wiki.developers.facebook.com/index.php/Connect/Authentication_and_Authorization
Our research has shown that sites that implement Facebook Connect see user registration rates increase by 30 - 200%.
No Need to Create Separate Accounts
In general, it's not a good practice to force a new user to create a separate account when registering on your site with Facebook Connect. You'll have the user's Facebook account information, and can create a unique identifier on your system for that user.
Just make sure you understand what Facebook user data you can store, or simply cache for 24 hours. See Storable Information for details.
If the user ever deactivates his or her Facebook account, you have a chance to contact the user to request the user create a new account on your site. When a user deactivates his or her account, we ping your account reclamation URL to notify you of the deactivation. Then Facebook sends the user an email regarding the deactivation. If the user has connected accounts with any Facebook Connect sites, and if your site has specified an account reclamation URL, the email will contain a section with your application logo, name, and reclamation link, in addition to an explanation about the link's purpose. For more information, see Reclaiming Accounts.
http://www.chrisbrogan.com/how-facebook-connect-points-the-way-towards-velvet-rope-networks/
The Drawbacks
Though there are advantages to using Facebook Connect for integration, there are some drawbacks, mostly from the marketer’s point of view. If you build out a social network project using Facebook Connect, Facebook gets all the information and you get none. You don’t get a database of users. You don’t get a way to message people participating in your event, except for “in stream,” the way everyone else is using the app. You don’t have any sense of demographics, nor any control abilities to block trolls or other unwanted types.
Crystal Beasley "All of the FB Connect sites we have built so far have incorporated "standard" accounts as well, even with the added complexity of supporting dual login methods."
There are still people who use mySpace (myself not included), and I know a several people coming out of college that have completely deleted their FB accounts to get rid of information of them they don't want potential employers to find (I know, there are a lot easier ways of doing this). If there are people who for whatever reason do not want to have a FB account, at least give them the option of creating a private google account.
Using ONLY Facebook as the register/login-method seems pretty dangerous to me. If you had a regular user management system, with Facebook Connect to speed up the process from a user-perspective is a good idea.
The Problem is somewhere else
if you really want to leverage the social graph only facebook brings "pure" data
the graphs people build at e.g. myspace arent telling much about that person and its social env. - at google neither
if you are just heading for viral spreading prefer the plattforms that share the best (just facebook again)