I am building an app with the functionality to publish
messages to users walls while specific actions runs on
my website.
What I have done is (briefly):
Registered my own app on Facebook
Added a login button on my website with permission
to publish:
Log in on Facebook
Downloaded facebook-php-sdk library
It is now I start having problems. I do not know how
to do what I want to do now.
What I want to do:
When a user logs on to facebook via my website. I want
a file on my site to be called, where I can update the
user's data in my own database as well.
Because that is not what the canvas url is meant to do? How it
is no, seems no file at all is called on my site when
I click on Login.
Since you are using the Facebook PHP-SDK you noticed that there are two options for the users to login:
Using the XFBML button, which will:
Open a login dialog (pop-up) asking for permissions..etc
When a successful authentication/authorization is complete the dialog will close, the auth.login event will be triggered and based on that the page will get reloaded window.location.reload();
The PHP in the top of the page will get into business and $session = $facebook->getSession(); will actually retrieve a session! $user = $facebook->getUser(); will retrieve the current user
Using the Login URL generated by the Library $loginUrl = $facebook->getLoginUrl(); this URL will get you through the same flow and if you noticed there's a next redirect_uri parameter which will redirect you back after a successful process to that URL (mainly the same URL you are at), where you can change that parameter if you like.
The canvas URL is the URL Facebook uses when it displays your application from within Facebook. You would use this functionality if you expect users to use your application while in Facebook itself.
When authenticating using Facebook's API (assuming graph API usage here), you provide a redirect_uri as part of the authentication URL. Once Facebook has authorized your application, it will redirect the user's web browser to the URI you specified. This URI can be any link you desire on your site. You should use the link as the determination of when the user is logged in successfully, e.g., https://mywebsite/facebook/loggedin.
Related
I'm currently blackbox testing a React SPA (the login page is located at the root of the url, e.g. https://myapp.com). The Webapp authenticates with Firebase and the session token is stored in the Indexed DB of the application.
The React app routes the request based to the authenticated section based on whether the session token is present in this part of the storage or not.
Now I try to scan the authenticated section of the Webapp.
I've tried creating multiple authentication scripts for this problem. My first approach was to record a ZEST script. While it recorded the post requests to get the tokens just fine, I still couldn't scan the authenticated part.
Then I found this google forum where a user had a similar problem. I created a new login script which entered the login details and clicked the login button as described. While testing, I correctly launched a browser, logged in and got redirected to the correct page. When trying to use this method with an ajax spider, for every crawled URL a browser was launched, which logged in correctly, but in the background the spider still only crawled the non authenticated website and didn't use the authenticated site that was presented after the script has run.
As far as I understood I would need to extract the session token and then I can include this token in all my authenticated http requests. Unfortunately I still cannot access the restricted part of the webapp, as the ajax spider does not know that it has to put the session token in the local storage of the app.
How can I achieve this or is it somehow possible to spawn a browser which logs in with the script and then uses this spawned browser to continue with an ajax spider?
I am trying to create a sample test application that authenticates a user wearing Google Glass.
I have read the following page
https://developers.google.com/glass/develop/gdk/authentication
I need to know how will the authentication actually work. Now lets say I have an app "XYZ" uploaded onto MyGlass. User turns on the app via MyGlass and then automatically gets redirected to a web page say, for example,
http://www.example.com/glass/authenticate.html
In this web page, he has to sign in using a username and password. Once he clicks submit will he be redirected to another webpage on the browser or will the Glass application get activated. Where will the userToken be obtained. Will it be on Glass?
I am really confused. Please can someone help me out.
What exactly is the flow for authentication on Glass?
Assuming you're doing 3rd part authentication (i.e. your own users, not google accounts).
Once you click Submit on your login page:
Server-side: If the user is valid, call the Mirror API to insert the account, including your authToken and the userToken. The userToken will be a query parameter added to your login url by the glassware store.
Close the page using window.close(). The Glassware will then be installed on the user's device.
When the user launches your glassware, retrieve the account from the Mirror API, and then retrieve the authToken that you inserted in step 1. for that particular account.
While implementing the Facebook Connect to a web application , its possible to show Facebook Sign up page in a pop up and once logging in and Granting permissions are complete, its possible to Authenticate Again in PHP and to get the necessary details of the user, - id, email etc.
I believe, thats secure because, the User Insertion is not based on the Ajax Request Parameters.
Is it possible to do the same with Google Plus Login also ?
Means - Logging in to Google - Using Javascript SDK, asking permissions, Authenticating all done in a Pop Up Window. and then, Creating a new user with the Help of google-api-php-client ??
Yes, what you're trying to do is outlined with https://developers.google.com/+/web/signin/server-side-flow which includes some PHP code samples to help you do this. In general, the steps at authentication time are:
User clicks the "Sign in with Google" button which may pop-up a new window at Google prompting them to log in and authorize your webapp.
After they do so, a one-time code is sent to a JavaScript callback you specify.
Your Javascript method sends this code to your PHP server.
Your PHP server uses the client library to contact Google's server and exchange this one-time code for an access token and refresh token, which you keep and use to perform actions on the user's behalf.
I've been working with ServiceStack for quite some time now and i love it. But there is one thing i can't figure out.
How are app's (ios, android etc.) that are using my servicestack endpoints, suppose to use the facebook endpoint "/auth/facebook"?
When using this url "/auth/facebook" from the browser it works fine, but the response is html, and not an AuthResponse og something serializable.
Is this endpoint only to be used from websites with servicestack in the same solution?
The way that stuff works is by redirecting the user to Facebook with an API key that matches your app. The user then tells Facebook that your app is ok, and Facebook redirects them back. This can only be done via a browser. You really have two options to work around this:
Make the user authenticate with Facebook using a website and then authenticate your user with credentials from the app.
Use the built in iOS Facebook stuff and send the resulting auth tokens to an endpoint on your app, where you can save them for later use.
Edit, a bit more clarification:
Option 1
User Goes to your website
User Clicks on your Auth With Facebook button
User is sent your your Facebook endpoint set up in Service Stack
User is redirected by Service Stack to Facebook
User is redirected back to Service Stack from Facebook, with a token in the url
You save the token in your database and tell the user they can now user your app with Facebook.
Option 1.5
The same as Option 1 but instead of making the user go through their browser you create a UIWebView control and point it to your Facebook Auth endpoint. Then you listen for a response from your site that says the user is authenticated. I'm not a objective c, so I can't really get more detailed on how to do that.
Option 2
Use the iOS Facebook API and handle authentication as seen here.
POST the credentials to Service Stack via a Custom Endpoint
Save credentials in the db, and use them in the future to make calls on behalf of the user.
Facebook Login requires a browser of some sort, because Facebook's cookies must be passed along with a request to authorize your website. That is how Facebook knows which of it's users wants to authorize your site, and that they are the ones making the request.
I have a Facebook app that can't be used before a user log in via Facebook (OAuth). Some pages (e.g. example.com/books/2) should be accessible for Open Graph requests (when they have been liked). Currently, Facebook isn't able to retrieve those pages since authentication is required (redirect). How can I determine if an incoming request is coming from Facebook or not? Or should I take another approch?
Thank you!
Just add an exception so that Facebook's crawler can reach the page, The user agent is currently facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
(but the version number may increment someday)