Is it possible to request both read and write facebook permissions from the user through a single dialogue window? I read that facebook consider it bad practice to request both read and write permissions from the user at the same time, but in our situation I find it optimal. I have been through their requesting and revoking page.
We are currently developing an endless runner game for mobile using Unity 3D in which we integrate facebook using the Unity SDK provided by facebook themselves.
At the end of the run, the user is asked to connect to facebook to compete against friends. In this case read permission is needed to get scores / friend profile pictures while write permission is necessary to upload the user's score. Having to prompt the user twice in this situation seems like a bad user experience.
When we implemented the Facebook API it simple would not work if we did not follow the facebook guidelines of first getting read permissions and the write permissions and I am also pretty sure that their documentation states it, even though I can't find the exact passage at the moment.
I would consider using the Prime31 facebook plugin, thats what we used and it has (atleast had) method calls for handling this double prompt as smoothly as possible. (its called Social Network plugin here: https://prime31.com/plugins)
You could consider giving the user a nice currency reward for doing it so it does not seem as that much of a hassle for the user.
Related
According to this documentation adding a publish permission to my android application, it uses Session class which is deprecated now. Can anyone tell me what is the updated way to achieve this? I want to post something on the user's wall with my app. And I found this is the way to post something on user's wall, to simply make a POST call on this url:
graph.facebook.com
/{user-id}/feed?
message={message}&
access_token={access-token}
Is this the correct way or is this somehow deprecated too?
I don't see the word "Session" occur on the page you are referring to.
Regardless, you can read the "Sharing on Android" docs page to learn how you can publish content from Android devices.
The recommended way of doing this is by using the share dialog, because that does not require users to grant any publishing permissions. Since you have to include the SDK anyway in order to implement Facebook login, you might as well make use of this feature.
This past week I've inundated myself with links and led myself in too many circles to count, so I thought I'd pose the question here. I have an Android app that displays webviews pointing to urls which the user must be signed in with their Google account to see (the backend is built in Google App Engine). Since the end user is likely to be signed into their Google account on their Android anyway, I'd like the sign-in process to be automatic. Currently, on the first webview the user opens up they are presented with the Google sign-in form and a really ugly subsequent page asking "would you like to allow example.appspot.com to use your Google account?"
That process is dreadful for user experience. I've seen precious few resources here and there concerning auto-login, but I'm frankly lost in the sea of almost-what-I-want-but-not-quite to be able to discern the direction I ought to be going.
I read through Nick's tutorial on authenticating an app with App Engine, but just having the token doesn't get me the uniquely-assigned user ID associated with every Google account on the backend. On top of that, prior experience has taught me the hard way that an app's webview session is incongruous with the app's HTTPClient session. So even if I could log in with Nick's method it wouldn't help me sign into the webviews.
Then I came across this tutorial, which actually seems really promising, but so far I haven't been able to adapt his code to work with my own.
I also found this SO link which suggests that all I need to do is pass the auth token (which I could presumably obtain via Nick's method) into every webview I load as a cookie.
And that's about it. They are all rather different approaches, so I'm wondering if any of them are actually what I want. Or, if somewhere out there a reasonably simple approach actually exists. I'd really appreciate it if someone knows of a straightforward answer on this one. Thank you!
For security reasons WebViews do not have access to the phone's cache, cookie store etc, it is instead recommended you use the new Chrome Custom Tabs which can auto log in your users.
Concerning the "would you like to allow example.appspot.com to use your Google account?" screen; this is the standard OAuth process and requires that the User sign in and allow your app to access their account information.
In your 'example.appspot.com' App Engine app, if you are using an API that requires user information, like the Google Calendar API, it is required that you specifically request the User for their approval to access this information.
Once you have their approval, you can then save the access and refresh tokens to make future API calls on their behalf without the need for repeated user consent. You can see how the entire Oauth flow works in the OAuth 2.0 Playground.
Even if you automatically logged your user in, they will still see the approval page requesting for your app to have access to their information. To develop a hack to forcefully approve the access to a User's information on their behalf is a major security violation.
You can take a look at the new Firebase Authentication flow to easily manage your user's Oauth experience in your App Engine application.
Normally using the feed dialog does not require any publish permissions. However, if I don't ask for any publish permissions (which I'd really rather not), posts made using the feed dialog are visible to "Only Me". There is no way to change the visibility on the mobile platform in the feed dialog itself.
Note: With the new Facebook SDK (3.5) and the Facebook app installed (on Android device) the app actually defaults to whatever defaultAudience I request in my open request. If Facebook app is NOT installed it is just "Only Me" no matter what is in my open request.
It wasn't always like this, and it has actually kind of broken an existing app. Old apps suddenly have the default audience of "Only Me" and the only way the user can change it is by digging through his account settings and finding the app (if he even notices, because it is not shown anywhere but the tiny icon by the post after it is made).
My question is: What am I supposed to do now? Am I forced to request the "publish_actions" permission just to make posts made with the feed dialog visible to a users friends? Seems kind of silly that a user would make posts to his stream that he can only see himself.
Could it be a newly introduced bug in facebook?
I found the answers to the questions myself:
Yes, it is a bug. It is being looked at: Facebook bug report
Until it is fixed: Yes, it is required to ask for publish permissions if you want to make sure feed dialog posts have a visibility that makes sense.
I just integrated Twitter with OAuth into my Android application, and now I wanted to change the rigths of my application. Instead of all the listed rights in my screenshot, I just want my app to publish tweets at the timeline. (don't want to scare people of, because I don't want to have access to their profile...)
But I'm a bit lost with the twitter-API and the only thing I found so far, is in the Application settings to change the Application Type to 'Read',Read & Write or Read & Write and Access direct messages.
So question is: How can I limit the permissions of my application?
//f.e. Integration Facebook SDK: here you can set different types,like
// "only allow application to post something in your name"...
.setPublishPermissions(Arrays.asList("publish_stream"))
I'm searching for a tutorial or an explanation on how to remove advertisement in my application with in-app purchase?
I will put some ads with ad-mob in my app but I also want, that the user can disable the ads when he pays a little donation. Do you know a site or tutorial where I can find a step-by-step explanation how to do this?
Or do I need to publish 2 versions of my app? One with ads and one without ads for paying?
Don't use the SharedPreferences method because if the user flushes the app data or uninstalls/reinstalls your app their ad-free status will be lost.
A couple of ideas:
If your app has any kind of web based login or authorization, you can flag the user as having bought the ad free version by updating the web database's customer data and then disable ads in code following login and verification. This has the added benefit of following the user to new devices.
Use one of the several ways to get a unique device id, and store that in a web server database. On startup, query the DB to see if the device is ad-free. See Android Unique Device ID. This will only work for that particular device though.
The two apps approach is simple enough to get the job done too. :)
This presentation seems to explain an example and includes a link to source code at github:
http://gotocon.com/dl/2011/GeekNights/Tjen_penge_p%C3%A5_Android_ARH.pdf .
It stores the purchased upgrade at a sharedpreference.
However, I'm still looking for a more secure and robust solution that works out the use-case explained here:
http://vlingo-en.custhelp.com/app/answers/detail/a_id/1785/~/moving-in-app-purchase-(ad-removal)-to-new-android-phone/p/180