I am using the official Facebook SDK for Android in my app.
I have managed to log in successfully,
but the problem arises when I try to log in as another user:
I click on the link that says Logged in as [name]... Not you?
but my application proceeds anyway and posts to my wall...
(as if I have clicked "Allow")
I discovered that clicking on that link throws a facebook exception and retries the request,
so I tried putting a call to logout() in the catch clause.
That made it possible to log in as a new user,
but the next time I run the app,
again, the old user is logged-in...
(Logged in as [old_user]. Not you?)
My question is:
Why does the first user's login persist forever
and how to properly handle a click on "Not You" link?
My current solution is to always call logout() before authorize() method
but this forces the user to always have to enter his/her email/password
which is not acceptable either.
The facebook access token is saved by SessionStore.
When loggin into Facebook, it will try to restore the access token from SessionStore.
So, I think you can explicitly call facebook.logout and SessionStore.clear() when user exit your application.
Related
I call LoginManager's logout method. I see in logout() method's implementation that AccessToken was set to null, current profile is set to null, express login set to false. But what I noticed, by setting break points inside the Facebook SDK is that it wants to do a local broadcast of the token and profile having changed, but then I set a breakpoint where it should have received the broadcast and the breakpoint never trips.
I followed the instruction on how to setup the Manifest. I don't believe I've done anything incorrectly. I see a lot of old comment talking about calling FacebookSDK.SDKInitialize() but that's old documentation as sdkInitialize is deprecated and should be automatically called for you by the SDK already.
It seems that using GraphRequest to take away permssion by DELETE of /me/permission get me to the point where on next launch of the app, facebook will ask if user wants to login as . You have to go to the device's Account in Settings to delete the facebook account before it'll let you login as another user.
I have an Android app, which the user can link to Spotify, with :
AuthenticationClient.openLoginActivity(getActivity(), SPOTIFY_REQUEST_CODE, request);
The problem is that I want the user to change his Spotify account so I want to logout the user from Spotify to log with another account. But the data of the connection are saved in the cache and when I use this line again :
"AuthenticationClient.openLoginActivity(getActivity(), SPOTIFY_REQUEST_CODE, request);", it does not show the connection dialog because the user is already connected.
In the doc, it says :
"To log out and clear all stored tokens, use the AuthenticationClient#clearCookies method. Both Spotify and Facebook tokens will be removed."
But the method clearCookies does not exist anymore. What can I do to logout the user and allow him to connect on another account ?
I've searched on the net and seems that this code
AuthenticationRequest.Builder builder = new AuthenticationRequest.Builder(CLIENT_ID, type, redirectUri)
.setShowDialog(true)
.setScopes(scopes).build();
took from this post it's your only choice to try to logout a user.
I can't test it, so you should try it yourself and see if works.
The documentation on the Spotify Android SDK is outdated and is not reflecting the new Spotify auth library on GitHub.
Spotify's Android SDK documentation is definitely outdated. My observation is that when you call
AuthorizationClient.clearCookies(context)
directly before starting Spotify's auth activity, it just works fine. But if you call it once and then expect that the user is logged out, when you start the activity later in the future, cached credentials keep messing around.
I do not prefer
builder.setScopes(arrayOf("")).setShowDialog(false).build()
as it shows you a "not you? Click to log out" option. So basically you need to log out on the Spotify UI, cannot do it from code.
In my case, the application saves the logged in user's email (I need that to show on the UI, anyway). When I want to log the user out programmatically, I just delete the saved email from the app and call
clearCookies()
when I start Spotify's Activity if the variable is empty.
A bit late, but you can use this AuthorizationClient.clearCookies(this) as
AuthenticationClient no longer exists
How to remove all application data on react native?
Not only AsyncStorage.clear().
I mean deleting application data like through settings > application.
I have faced EUNSPECIFIED error code with react-native-fbsdk.
First I logged in with my facebook account,
Second I logged out from it,
Third I relogin with this account (It works well)
And then I logged out again,
And I tried to log in with another facebook account,
But I faced EUNSPECIFIED error.
But after deleting all app data (not uninstall) through settings > application,
I can login with another facebook account.
I have to delete all applilcation data when logged out from my react native application.
OR
I have to fix this react-native-fbsdk's bug (or I guess fbsdk is caching some data....)
Already I put AsyncStorage.clear() when logout, No changes..
Appreciate for your help...
I had this problem with FBSDK as well and the problem is that when you login with facebook, the SDK creates an AccessToken linked to the old user. Therefore, when you try to login with another account, it throws this weird error message.
What you have to do is to logout the user on the fbAPI. The code below is how you do it:
// Remove FbAccessToken when the user logout.
logoutFromFB(){
if (AccessToken.getCurrentAccessToken() != null) {
LoginManager.logOut()
}
}
I hope it helps!
I am trying Facebook Login in Android with LoginManager class. I want read and write permissions during login only. The issue I am facing is , If I try with
LoginManager.getInstance().loginWithReadPermissions();
LoginManager.getInstance().loginWithPublishPermissions();
If Facebook App is not installed, Facebook WebView loads up, I enter credentials, I see two permissions screen (One for Read and One for write) and then again Login Screen.Which basically, creates bad user experience.
It happens because, both loginWithxxxPermissions() methods,starts a new login flow.But actually, It should not show Login Screen for already logged in user.
I am not able to find any method to pass the accessToken to let me the method know that, the new permission query is for already logged in user.
Anyone, Please help me out or suggest some other alternative, But the requirement is clear. I need Read/Write permissions without showing Login screen twice.
Please help!
Short question:
I try to login ParseUser with session token like this:
ParseUser.becomeInBackground(token);
It always goes ok on first login. But it always fails when I retry. I get "invalid session token" error. Session stays the same. Any other info on token is hidden.
Detailed question
I'am building app for parents and kids. It is suggested that 2 users start app on their (different) devices using one account (one ParseUser for various devices logged in at one time).
First a parent signs in on his devices. Then he generates QR-code with session token.
String token = ParseUser.getCurrentUser().getSessionToken();
Bitmap bitmap = encodeAsBitmap(token);
qrView.setImageBitmap(bitmap);
Kid's device reads this QR and logs in.
This procedure goes fine at first time. But if I log out kid's device and try to login by QR for the second time it fails with "invalid session token". It also fails when i try to login second kid's device.
When I delete session manually in parse-dashboard, I can log in kid's device with QR again but only for once.
I tried my best to find some solution here and on the other internet but I didn't succeed.
Dear expert-level developers, help me on this issue.
It seems that I figured it out.
Short answer:
In Parse.com dashboard go to Settings tab. On General tab go to "User Sessions" section. Switch off "Require revocable sessions" toggle.
Details:
Since march 2015 Parse.com started using revocable sessions. It means that when user logs out or session expires it becomes useless. So you have to log out and log in back to use your app as usual.
This is an important security issue. But in case like mine consider switching it off.
I think you problem has to do with Parse.com now using revocable session tokens, see http://blog.parse.com/announcements/announcing-new-enhanced-sessions/
Others are having similar issues here: https://groups.google.com/forum/#!topic/parse-developers/Knxl_MBVlLY
This means that the token is only valid during a session, that is, while the user is logged on the device. Once the user logs out, the session is destroyed together with the token.
Perhaps this could be considered a 'feature' in your app, as the parents can pose control over their kids access to the app. If they log out, so is their child(ren).
If this is too far from the intended usage scenario, you could consider adding third party login such as Auth0 or OAuth
https://auth0.com/docs/scenarios/parse
https://parse.com/tutorials/adding-third-party-authentication-to-your-web-app