Hello I am using the facebook sdk for android on my android phone and using single sign on. It works fine when I logged into the facebook application, my application also signed in.
For logout I encountered a confusion.
The way I implemented was restore the access token and expired date from the user preferences of the application and check the validity of the session. If expired the application calls the facebook.authorized function and once authorized the access token and expired date will update again.
There are few things I find a bit confusion when dealing with the logout.
1) When I logged out from facebook application, my application still can get through and request the user details. Although, my saved access token on my application has no relationship with the facebook application, I thought it will at least giving me an error when requesting the data. But it hasn't given me the error.
Does it suppose to be actting like that. Signing out from facebook apps will not affect the access token I have stored on my application.
2) When I logged out from my application and not the facebook application, the facebook application won't automatically logout.
The Facebook access token and your app access token are separate and distinct, so it is entirely possible that one can be valid and allow access while the other is not valid and will require re-authorisation.
If the Facebook app is logged in but your app is not, then the Facebook SDK will use the existing Facebook app login to obtain a new access token for your app without authenticating, but this is still not linked to the Facebook app login token in any way.
If the Facebook app is not installed, or not logged in, then the Facebook SDK will take you to the Facebook website to do the initial authentication, but this does not log the Facebook app in because there is no connection between your access token and the Facebook access token.
So, in summary - your understanding is correct. There's no interaction between the two apps except for when your app tries to authenticate a user, then the Facebook app will act as a proxy, allowing you to gain access without authenticating so long as Facebook is logged in. After that, there is no further interaction and what you've observed is expected and intended behaviour.
I have the same problem. I'm thinking about creating a "isLogged" var and store it so that when someone logout and restart the app it will not even verify if the user is logged bypassing facebook's session verify.
Related
I'm using Facebook access token to get user info for our mobile game. The Android app gets the token from Facebook, the respective Facebook app is installed on user's Facebook account. My problem is that the Facebook access token is changed every single time when i uninstall/reinstall the Android app. How to get a consistent access token? Thanks in advance.
I am using the Facebook SDK to connect my native Android app to Facebook. I am able to show the login page and make users login into my application through their facebook account. But according to: https://developers.facebook.com/docs/mobile/android/build/#sso
I have to watch out for two activities, such as revoke of access and password change. The response parameter will return the following results:
User revoked access to your app:
{"error":{"type":"OAuthException","message":"Error validating access token: User 1053947411 has not authorized application 157111564357680."}}
OR when password changed:
{"error":{"type":"OAuthException","message":"Error validating access token: The session is invalid because the user logged out."}}
Now, my question is, how do I handle or catch the following errors? Thanks.
There's an official guide for that: Handling Invalid and Expired Access Tokens.
For android it states:
Android native applications
You may detect access token errors by inspecting the response
parameter of the onComplete method. In this case, you will again need
to call facebook.authorize() to re-authenticate the user and generate
a fresh access token.
Is there anyway to access the native Facebook application (on iOS or Android) to retrieve login authentication on a mobile website that has permissions already?
The cache and data of browser has been emptied.
User hits http://example.com/
example.com checks to see if there is a token in browser to identify the user and see if user is logged into Facebook. this fails
example.com accesses the Facebook app and gets user token?
User is logged onto the site automatically.
I know this is more then likely impossible however I thought I would check with the experts.
Note that this is for Android...
You can use the Facebook SDK to do single sign on (SSO) - and in fact this is the default for authorize().
If you call authorize() with SSO / default, the Facebook SDK will detect whether the Facebook App is installed, and attempt to login via the Faceook App. If the Facebook App is present and logged in, then the SDK will retrieve the access token from the Facebook App, will not do a separate browser login, and will use the access token on subsequent Facebook requests.
Does that do what you need?
I'm using Facebook's Android API and everything works as expected with one exception. When I leave the Facebook app installed on the device (this is the stand-alone app, that has nothing to do with either the API or my app), and I call logout() on my Facebook object, it correctly voids the Facebook object but the next time I fire up the object it goes and retrieves the login data from the Facebook app and the login persists.
If I don't have the Facebook app installed on the device, everything works perfectly.
I'm curious if there's some mechanism I'm overlooking for forcing the Facebook app to not hold onto the login, or am I stuck having to tell my client (this is a custom app for a client, never going to market) that when they run this they will have to make sure to uninstall the Facebook app from the devices that they're running this on?
When you say the Facebook Android API, do you mean the Facebook Android SDK?
If so, when you call authorize, you have the option of specifying whether that is a single sign on (SSO) or a OAuth 2.0 dialog authorization. The default is SSO. If you authorize with SSO, and the Facebook app is present and logged in, then the authorize succeeds without going anywhere near the Facebook server.
If you do not use SSO, and use OAuth 2.0 dialog authorization, the user initially sees a login dialog plus an app authorization dialog, and after a successful login/authorization, the SDK keeps hold of an access token for subsequent authorizes.
Unfortunately, the SDK logout does not take account of SSO. It does a OAuth 2.0 expiresession and clears the access token, but it does not tell the Facebook app that the user has logged out. So that means when you do the next authorize (assuming it is an SSO) the Facebook app is still logged in, then the authorize succeeds without going anywhere near the Facebook server.
One way forward would be to not use SSO and require a OAuth 2.0 dialog authorization (using authorize(FORCE_DIALOG_AUTH)). That would require the user to login even if the Facebook app is present and logged in, but it would prevent the login persisting.
I want to use the facebook sdk and be able to automatically login after the app has already logged in once.
Currently from what I can gather if you use the facebook api and you have the facebook app installed and you have signed in with the facebook app then you don't have to login and you will be automatically logged in.
But if you don't have the facebook app then this automatic login will not happen. -----------I want to handle this case and be still able to automatically log in after the user has logged in with my app once.-------------. From my understanding the facebook sdk requires you to login if the facebook app is not there.
Also if the user has logged in once with my app, I will have the access token then as long as the access token has not expired then you don't need to log in again. But if the access token expires then you have to log in again.
Any help will be appreciated. Thanks.
The functionality you're describing is called single sign on. Facebook has an entire article dedicated to describing how it works and how to implement it. Enjoy:
http://developers.facebook.com/docs/guides/mobile/android_sso/