I'm just starting to use Facebook SDK for Android and I'm wondering if there is a way to link it to the actual Facebook android app itself.
What I mean is when I'm logged in in Facebook official app, I would like Facebook.isSessionValid() to return true and not get into the login with password process.
Is that possible or am I dreaming of an unfeasible thing?
That's not possible. The Facebook SDK uses the app if it's installed for authentication. Otherwise it falls back to a WebView based one. This way you don't have to deal with usernames and passwords (and can't get them even if you wanted). It won't ask the user for credentials if he is already signed into the app though.
The user still has to confirm permissions and allow your app specifically for safety reasons.
It would be pretty bad if every app could abuse your Facebook account in the background without asking for permission first.
Related
I am using the cordova-plugin-facebook-connect plugin to launch the share dialogs from Facebook. iOS is working great, and Android is working great when the app is installed.
On Android, if the app is not installed, it tries to share with an embedded web browser. After entering my email and password, I get an error saying that logging into Facebook from an embedded browser is disabled. I am using the latest version of the plugin, which SHOULD mean the latest Facebook Android SDK
I have looked on our business dashboard and made sure that embedded login is allowed:
...but that mentions OAuth so maybe it's not relevant. I have uploaded the debug and production key hashes to the dashboard
I have found nothing on the Facebook docs and I haven't gotten an answer from the Facebook developer community.
To sum up:
If the app is installed, it is all good. Without the app, it uses the embedded browser, but Facebook is blocking the login. I would love to know WHY and how to enable it.
UPDATE: Using a Facebook generated test user worked
Cheers
As Recommended by Facebook please update Dependencies to
implementation 'com.facebook.android:facebook-android-sdk:[8,9)'
Ref :
https://developers.facebook.com/docs/android/componentsdks/
https://developers.facebook.com/blog/post/2021/06/28/deprecating-support-fb-login-authentication-android-embedded-browsers/
Facebook has let everyone know that they are deprecating support for FB Login on Android embedded browsers:
https://developers.facebook.com/blog/post/2021/06/28/deprecating-support-fb-login-authentication-android-embedded-browsers/
As of right now, they are blocking High Risk users with this error and will block everyone starting in August. Their suggestion is to use a later version of the SDK (8.2+) to avoid this
I can't comment (yet) so I'm creating this answer to ask you if you could try and remove all (!) local browser data, i.e. Cookies and local storage, etc. This is the first thing that came to my mind when I read "works with another login".
The issue is resolved if the user has enabled 2-factor authentication via facebook.
I have tested this with multiple real users now and for example enabling sms-2fa does enable the user to login into apps with an embedded browser. The login happens as usual if the user has the facebook app installed on the same device and already logged in on the facebook app with 2fa. Otherwise, facebook will request the 2fa when logging in but a login is possible again.
I have however found out that some apps seem to crash if they had been opened before 2fa had been activated on a phone with a facebook app and those apps need to restarted before trying to login on them again.
From this we can assume facebook blocks out embedded browsers due to their risk assessment. 2fa is specifically presented as an option to login via unsafe browsers within the security options of each user individually and sadly does not seem to be an issue on the side of who ever is using an embedded browser within their app.
This also happened to me but I've fixed it.
I just uninstalled my Facebook application and used my browser instead.
Try installing another browser, like Firefox, and set this the default browser, then login again with your Facebook credentials. It worked to me. I guess the problem is with chrome. For me, it worked when I set Firefox my default browser.
For your account security, logging in to Facebook from an embedded browser is disabled. You may be able to continue by updating the app you're logging in from and trying again.
I just implemented the login with Facebook SDK on a mobile app I developed for both Android and iOS, and was wondering if it's possible to have my users like my Facebook page as part of the login. In other words, can I have my users both login with Facebook and like my page with the same click?
That will be a violation of Facebook's platform policies. Another thing that might be worth noting is that 'liking' an object will probably require 'publish_actions' permission from the user which means you will have to submit your app for review.
There are many questions & answers related to the subject, but very few specific to Facebook's Android 4.x SDK.
What I want to do is, after I call LoginManager.getInstance().logOut(), I want the user to have to re-authenticate in order to create a new AccessToken.
I am seeing that after I call LoginManager.getInstance().logOut() I am not prompted for credentials the next time I call LoginManager.getInstance().logInWithReadPermissions(...).
Anyone know how to force LoginManager to have the user re-authenticate?
The Facebook process confused me for ages as it doesn't appear to be clearly explained, and as you point out, most of the questions are for SDK 3.
But as far as I can see the only way that the user needs to re-authenticate is if they go to
Facebook->Settings->Apps
and in App Settings click remove for the app.
If they have approved the App for login once then no matter what happens with the App on the Android device, provided that you follow the correct usage of LoginManager, it never prompts the use to re-authenticate.
How can I allow multiple users to log in via facebook SDK?
It seems that the sdk is using the local native facebook app, so the user currently logged in is who gets authorised, but I want to be able to authorise others.
Is there anyway to force it go through the web dialog view where maybe a user can log in?
I ask this as some users of my app will have a personal and work account and want to be able to access both.
Any help would be great
Checkout the SwitchUserSample that ships with the SDK.
This is kinda hard to explain. I'm building an application on android which is supposed to be used in a meeting in like a "stand" so people would submit some feedback after the meeting. Please notice there's a bunch of people who is going to use this application on the same device.
The application is gonna be used from different users on the same device and all of them are supposed to login with their Facebook account before continuing. For security reasons, I would love to have a way to distroy a Facebook session after a poll is submitted or simply, every time a new poll is issued, when the user is requiered to login on Facebook, I would like to force Facebook to prompt an authentication dialog (username and password again) even though there's an active session.
I've looked everywhere and I have found nothing. I know there's a way to request on Facebook a extensed permission to logout, but please notice this permission needs to be approved after logging in, so if a user, after logging in, just decide not to approve this permission, this session is going to be there until a browser is opened and a logout is performed from the Facebook site.
I've also thought on destroying a browser cookies but I don't know if is there such a permission on the android SDK to perform this.
Please, if any body has any idea on to get rid of this issue, I would really appreciate any suggestion or work around.
I believe you can do this with the Facebook SDK for Android 3.0 (beta).
You can turn off SSO (by using the SUPPRESS_SSO behavior) which should bring up a web dialog every time. And once the user is done interacting with your app, you can just call session.closeAndClearTokenInformation()
Cookies are not preserved when using the dialog login.