Facebook Connect: User has logged in and given permissions, now what? - authentication

So i've been trying to get FB Connect working on my site, simply for login and authentication, using the Javascript SDK and following the code at:
https://developers.facebook.com/docs/guides/web/
So the button appears, i click it, a dialog pops up, i click that, presumably my site now has permission to know who i am...
Then what? The guide goes on to saying all the stuff I can access through the Facebook API, all the cool things about permissions, but presumably i need the user's ID or access token or something to get at this stuff. How is that given to me? left as a attribute on one of the elements? Left in a Javascript variable somewhere? Given as an argument to some callback? Thrown high into the heavens for me to receive via satellite downlink?
This is probably incredibly simple, but for the life of me i have not been able to figure it out. Facebook's tutorials have failed me, and so has Google. I want to get this in the Javascript, so I can immediately fill in form-data using the user's Facebook name, put a picture, etc. etc., and presumably send this all back to the server so the server can validate with Facebook that the data is real.

I'm assuming you're using the Login button? https://developers.facebook.com/docs/reference/plugins/login/
If you simply want form info, check out the registration plugin - https://developers.facebook.com/docs/plugins/registration/
However, to answer your question, make an API call to /me. For example:
FB.api('/me', function(user) {
if(user != null) {
// The user object now contains info about the logged in user
}
});
You should subscribe to the auth.login event and wrap the above API call in the successful response, i.e.:
FB.Event.subscribe('auth.login', function() {
// JS to run if when the user logs in, for example, the code snippet above
});

Related

Teams Email of connected user into message extension teams, message extension continue after login

I've one trouble with my teams custom app. I'm making a custom app that return sign-in action to unlogged user when he try to use a search message extension. Now, my problem is:
How can I resume the query after the user logged?
I return to the user an auth composeExtension type that point to one route of my spa. The user make authentication and correctly return the accesstoken, but then it doesn't continue the search. I've already try call :
microsoftTeams.authentication.notifySuccess({ accesToken: oResponse.accessToken })
but it only close the opened popUp.
Please, help me. Thanks.

Google+ JavaScript API: How to detect user sign in status?

I have deployed Google+ Sign-in Button, now I have to provide Sign-Out Button, before that, I need to know whether the user is still signed in, by which I can then show or hide this button.
I found this documentation: gapi.auth.checkSessionState(sessionParams, callback):
https://developers.google.com/+/web/api/javascript?hl=en#gapiauthchecksessionstatesessionparams_callback
Could someone demo how to use it ?
Many thanks.
gapi.auth2.getAuthInstance().isSignedIn.get()
This returns boolean
You don't need to use a separate function call to determine the user's signed in state if you've already added the sign-in button. The sign-in button's callback is going to trigger either on sign-in, when the page loads, or any time that the user's signed-in status changes. The page load trigger (immediate mode), will also help to indicate if the user is a Google signed-in user or not.
See monitoring the user's signed in status, which shows the different status fields that you can check (Google signed in, app signed in, or signed out).
From Google dev docs :
If you pass null to sessionParams.session_state, you can check if the user is signed in to Google, whether or not they have previously authorized your app.
So your code will be like this:
gapi.auth.checkSessionState({session_state: null}, function(isUserNotLoggedIn){
if (isUserNotLoggedIn) {
// do some stuff
}
});
This is an example of how to use it:
gapi.auth.checkSessionState({client_id:'99999999999.apps.googleusercontent.com'}, signinCallback);
where client_id is the id of your project on g+ console. and siginCallback is a function i created to check the state.
IT'S VERY IMPORTANT to notice that the official api documentation says:
If the argument is true, the supplied session_state is still valid. If the argument is false, it is no longer valid and the application should perform a new re-authorization flow with immediate set to true to get an up-to-date access token or detect a non-authorized or nonexistent Google sign-in session.
But when i recive the response of checkSessionState i get true value when im signed off and false when im signed in. I Dont know if there was an error on the documentation but you can try it by yourself.
Hope this has been helpful for you.
PD: excuses for my awful english
Adapted from Tom Anthony's Blog
One simple way you can use without the use of an API to see if a user is logged into Google + (Or Google/Facebook/Twitter) is to try to access a resource which they would only be able to access if logged in. The code below attempts to load an image resource for which the user needs to be authenticated to access. By default html <img> tags run onload() if an image is successfully returned, but onerror() otherwise.
<img style="display:none;"
onload="function(){document.getElementById('signOutButton').style.visibility = 'hidden';}"
onerror="function(){document.getElementById('signOutButton').style.visibility = 'visible';}"
src="https://plus.google.com/up/?continue=https://www.google.com/intl/en/images/logos/accounts_logo.png&type=st&gpsrc=ogpy0"
/>

OAuth access_token request -> forbidden

Yesterday I wanted to get an access_token from my account, tried several websites, every time I tried it I got a white page with "Forbidden".
Does Instagram lock the API Access from User?
Thanks
I didn't have any problem, using oauth.io with a simple Instagram connect:
OAuth.popup("instagram", function(e,r) {
if (e) {
$('#results').html('error: ' + JSON.stringify(e));
return
}
$('#results').html('result from instragram: ' + JSON.stringify(r));
});
You can try directly on http://jsfiddle.net/bumpmann/4Ef8p/ and it should reply something like:
{"access_token":"...","user": {"username":"...","bio":"...","website":"...","profile_picture":"http://images.ak.instagram.com/profiles/...","full_name":"...","id":"123456789"}}
If you don't get that, you have most likely a problem with your Instagram account (or your environment if it works on another device)
here is the solution
login to your instagram account from pc browser
go to Edit Profile
change some of your profile info. example: add or delete some text to Bio
Click submit. a new screen will apear which show you a security picture type the text from picture.
after that you will be able to get access token.
You got "forbidden" because of new instagram "captcha" feature. I cannot still find any official information about it, but if user passes captcha on his mobile, authorization will work again.
For the people those don't understand.
Just go to instagram and reset your password than you will see the captcha.
After filling this in you can retreve the acces token with your application

How to use the Facebook JavaScript SDK with the sorcery gem

I followed the guide provided here by Sorcery about handling user logins with Facebook.
# callback method called by Facebook after getting the authorization by the user
if user = login_from(provider) # provider == "facebook"
redirect_to root_path #, :notice => "Logged in from #{provider.titleize}!"
else
begin
user = create_from(provider)
...
However it only requires that my users leave my site to go to the Facebook page and then get redirected here.
What I would like to achieve is what I see when using the Facebook JavaScript SDK which is a clean popup right in my page. To achieve this I followed a tutorial on Railscasts:
$('#sign_in').click (e) ->
e.preventDefault()
FB.login (response) ->
window.location = '/auth/facebook/callback' if response.authResponse
However, the authResponse only contains an accessToken and a signedRequest and a userid while Sorcery requires a code.
Is there anyway to do this properly (or get the code using the accessToken?).
However, the authResponse only contains an accessToken and a signedRequest and a userid while Sorcery requires a code.
Is there anyway to do this properly (or get the code using the accessToken?).
In the server-side flow, the code is just an intermediate step in getting the access token – app gets code, and exchanges code for an access token.
Since in the client-side flow you already get an access token when it’s finished – it does not get any more “proper” than that.
So you have two options:
either refactor your Sorcery-thingie, so that it skips the step where it gets a code and exchanges that for an access token, and directly “set” the access token yourself after getting it (wherever Sorcery might want it to be set); or
stick to the server-side flow, but open that yourself in a popup window. Then you’ll still get the code, but you’ll get it inside the popup window. So you’d have to close the popup window and maybe reload your original window yourself afterwards.

Can I "add friend" with Facebook's API?

Does their API allow my Facebook-connected user to add a friend?
No. Adding friends is not possible through the API.
However you can direct users to http://www.facebook.com/addfriend.php?id=[USER UID]
Where [USER UID] is a valid facebook user id.
Good luck!
I spent a great deal of time looking, and finally came accross a very simple solution.
Using the Facebook Javascript API you can do a friend request with:
<script>
FB.ui(
{
method: 'friends.add',
id: fbid // assuming you set this variable previously...
},
function(param){
console.log(param);
// If they cancel params will show:
// {action:false, ...}
// and if they send the friend request it'll have:
// {action:true, ...}
// and if they closed the pop-up window then:
// param is undefined
}
);
</script>
The callback script can then simply performs an ajax call to your server where
you save info about the action, if needed.
You can test this by using the javascript console app on Facebook:
http://developers.facebook.com/tools/console
Paste in the script above, including the tags, or click the "Examples"
button on the bottom of the text area and find the "fb.ui — friends.add" example.
https://developers.facebook.com/docs/reference/dialogs/friends/
Here is a Wiki list of the API methods available to you http://wiki.developers.facebook.com/index.php/API#Administrative_Methods
Doesn't look like you can add friends via the API. Note the iPhone facebook app also doesn't have an add friends function, it was written via the API, so that lends more weight to the idea that you can't