I am using the Facebook SDK to connect my native Android app to Facebook. I am able to show the login page and make users login into my application through their facebook account. But according to: https://developers.facebook.com/docs/mobile/android/build/#sso
I have to watch out for two activities, such as revoke of access and password change. The response parameter will return the following results:
User revoked access to your app:
{"error":{"type":"OAuthException","message":"Error validating access token: User 1053947411 has not authorized application 157111564357680."}}
OR when password changed:
{"error":{"type":"OAuthException","message":"Error validating access token: The session is invalid because the user logged out."}}
Now, my question is, how do I handle or catch the following errors? Thanks.
There's an official guide for that: Handling Invalid and Expired Access Tokens.
For android it states:
Android native applications
You may detect access token errors by inspecting the response
parameter of the onComplete method. In this case, you will again need
to call facebook.authorize() to re-authenticate the user and generate
a fresh access token.
Related
I was trying to get user home timeline with this request
`https://api.twitter.com/1.1/statuses/home_timeline.json?screen_name=zaheer6110&count=20`
but getting this error all the time "Your credentials do not allow access to this resource" I have successfully got user timeline by https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=zaheer6110&count=20 now don't know how to resolve this because in documentation there is no example to get Home timeline with screen name.
App only authentication allow you to access resources from your application context. Not from a specific user account context (not even the account owning the app).
As you can see statuses/user_timeline.json?screen_name=zaheer6110 specifies the screen_name of the user you want to access to.
But the statuses/home_timeline.json endpoint is account specific. What it means is that it returns the tweet of the authenticated account. But as you are using Application only credentials, Twitter does not have any account to run the request against.
If you want to get a home timeline, you will have to authenticate with some user credentials (Access Token and Access Token Secret).
The account specific endpoints are specified in the documentation under Resource Information > Requires authentication. They are marked as Yes (user context only). You can find the documentation of HomeTimeline here.
You can generate a set of Access Tokens keys for your account on https://apps.twitter.com/app/
I've installed an Android application. The first time I ran it
an OAuth2 window showed up asking me whether I wanted to grant
the application access to some scope within my user account.
However now I've gone to https://accounts.google.com/b/0/IssuedAuthSubTokens?hl=en
and revoked access, but my application still runs normally without asking me the
question of whether to allow it access to my account or not.
The application is the sample Auth activity that comes with Google Play extras.
What can I do to get the application to display the question in a popup window again?
I've tried uninstalling and reinstalling but I cannot get that window back and I need
it for testing purposes.
Thanks.
Try to programmatically revoke the token by making a request to - https://accounts.google.com/o/oauth2/revoke and include the token as a parameter. Something like this ::
curl https://accounts.google.com/o/oauth2/revoke?token={token}
The token can be an access token or a refresh token. If the token is an access token and it has a corresponding refresh token, the refresh token will also be revoked.
If the revocation is successfully processed, then the status code of
the response is 200. For error conditions, a status code 400 is
returned along with an error code.
The error code will give you an idea if the revocation was successful or not.
Is there anyway to store an access token to be used later?
IE:
user1 logs in to my app then logs in with Facebook Dialog Auth
app stores facebook access token
user1 logs out of my app
user2 logs in to my app then logs in with Facebook Dialog Auth
user2 logs out of my app
user1 logs back into my app and continues to use facebook with access token stored originally stored from the first login?
===
I should clarify a bit...
I'm trying to figure out to have multiple facebook accounts tied into my app. So that when different users login, they can access their individual facebook accounts.
Access tokens expire, over time. So you should check if it is valid when the user logs back in and handle expired access tokens when encountered in the way mentioned here.
If you are looking to use offline_access to extend the expiration date, that is soon going away. Now, you will have to renew the access token as mentioned here.
The offline_access permission was deprecated and removed December 5th, 2012
Hello I am using the facebook sdk for android on my android phone and using single sign on. It works fine when I logged into the facebook application, my application also signed in.
For logout I encountered a confusion.
The way I implemented was restore the access token and expired date from the user preferences of the application and check the validity of the session. If expired the application calls the facebook.authorized function and once authorized the access token and expired date will update again.
There are few things I find a bit confusion when dealing with the logout.
1) When I logged out from facebook application, my application still can get through and request the user details. Although, my saved access token on my application has no relationship with the facebook application, I thought it will at least giving me an error when requesting the data. But it hasn't given me the error.
Does it suppose to be actting like that. Signing out from facebook apps will not affect the access token I have stored on my application.
2) When I logged out from my application and not the facebook application, the facebook application won't automatically logout.
The Facebook access token and your app access token are separate and distinct, so it is entirely possible that one can be valid and allow access while the other is not valid and will require re-authorisation.
If the Facebook app is logged in but your app is not, then the Facebook SDK will use the existing Facebook app login to obtain a new access token for your app without authenticating, but this is still not linked to the Facebook app login token in any way.
If the Facebook app is not installed, or not logged in, then the Facebook SDK will take you to the Facebook website to do the initial authentication, but this does not log the Facebook app in because there is no connection between your access token and the Facebook access token.
So, in summary - your understanding is correct. There's no interaction between the two apps except for when your app tries to authenticate a user, then the Facebook app will act as a proxy, allowing you to gain access without authenticating so long as Facebook is logged in. After that, there is no further interaction and what you've observed is expected and intended behaviour.
I have the same problem. I'm thinking about creating a "isLogged" var and store it so that when someone logout and restart the app it will not even verify if the user is logged bypassing facebook's session verify.
In order for my application to connect to Facebook, they click on a connect to Facebook button. This button with authorize the user, and when they are authorized, i am able to get their access token by calling facebook.getAccessToken().
But is there a way for the application to remember their credentials so that they don't have to login every time they want to connect to Facebook (without storing their access token in some sort of database)?
You can find a good example of doing that in the FB SDK examples using SharedPreferences: https://github.com/facebook/facebook-android-sdk/tree/master/examples/simple/src/com/facebook/android
You can store the access token there, since it expires after an hour or what and the user needs to authenticate again.
If you are asking for offline permission, you can save the token and reuse it (until they either remove your app from their permissions list, or (I think) change their password).
See https://developers.facebook.com/docs/authentication/permissions/ for information on the permissions available (search for offline_access).