I'm new to develop application to Facebook, we need a website page that shares on a Facebook page, only the admin of the page how can share on it, but i have undesired scenario that happened. what i made: 1- requesting code from Facebook at page load, then getting access token as this access token is expired after 2 h within those 2 h the user can log out from Facebook and try to share it will share, also if he logged in using another account that is not admin it will share on Facebook as the application still see a valid access token, i tried to fix it by getting a new access-token each time the share button is pressed but i get another undesired scenario which is at every click on share button it will refresh the page and get new code" as it doesn't used twice " and then get a new access token even if the user wants to make just multiple shares.
My question: their is a away to check if this access-token is valid to the current logged in user on Facebook?
Kinldy login your FB Account and go to develoeps.facebook.com . Click the tools->Graph Explorer and paste your access token in the Textbox.Click the debug button the validity of your code wiil be shown.Try to go with 60 days token.Then you can able to test your app continously with out changing accesstoken.Refer this link for further details.
https://developers.facebook.com/docs/facebook-login/access-tokens
Related
The Thing i want to do is , We have a user who is logged in a device .We have to restrict that user to login from other device.
To Login into Other device he should have to log out from the first device.
I have tried to create authentication token via web API.
Every time a user login ,a new oath token is generally passed in the request headers. (Token would be expire on logout.)
If Same User try to login from other device a new Oath token would be generated
is there anyway to check if a token is already assigned to that user then do not allow him to login
What if,
1.user close the working tab or browser
2.or He navigate to other web page by changing the URL
Are there other solutions to ensure one concurrent login per user ?
This should be simple enough to make sure a user have only one login at a time.
Steps to do would be (ASP.NET/ASP.NET MVC):
Step 1: As soon as user login, check if session for this user already exists.
Step 2: If Session already exists, delete the on going session (Here you can also prompt a message to user if he wants to stop currently going session and start a new one.)
Step 3: On User's action you may delete current session and start a new session for the user.
Step 4: If there is no current session going on, you can simply create a new one .
Update:
For ASP.NET WEB API
Here you have to use Authentication token.
On login you can provide authentication token to user.
On Relogin you can check if token is already issued for this user, and accordingly perform your action.
Hope this helps. Let me know if you have queries.
I assume you know how to code above, if not let me know.
I start to working with the Facebook graph API and I have question:
I make Facebook Authentication, so after user approve my application I got accessToken and the facebookUserID. note: The accessToken is expire after One hour(!!!).
Then, in another webpage "index.html", I want to show all the users who approved the application with their full name and profile picture taken from Facebook.
Now I don't understand.. if someone will enter the "index.html" page to see list of users who accepted the application - 5(!!) month after their authentication, when i will make the HTTP call to get thier fullname and profile picture, the accessToken is now expire(a lot time before) so the HTTP call will not succeed.
The last option is to save the full name just in the One hour between user accept the application and before the accesstoken expiration. but if the user will change his name sometime... I don't have the updated Name!
if its important - I'm usind the javascriptSDK with asp.net project.
Please help me to understand how to solve this situation.
It would appear that it is not possible to generate a long-lived token with the JS SDK directly, you will have to involve the server side, see this page for details.
I have implemented Google oauth2 server flow for web, the first time that user logins using his/her google account I have to use access_type=offline to get a refresh token and save it to database but after that access_type=online will be enough.
I have read that google issues limited number of refresh tokens per client (I think the limit is 25 from what I read while I was searching) so after I got the refresh token I just want to use access_type=online.
But before the user logs in how should I know if I have the account associated refresh token or not.
I don't want to rely on cookies as user may remove cookies, several people use the browser and cookie might not equal to the user I have its acount and ...
Any Ideas how to detect it with google oauth or something like that before showing the login button?
You can just continue to use access_type=offline. It just won't give you a new refresh token after the first time. This will work until the user revokes access for your client in which case you'll have to get a new one anyway.
I'm building WP7 application using DropNet.
I have successfully managed to log in and authorize the app (using WebBrowser control) and this works ok.
The problem is when user checks 'remember me' on the drop box login screen - an obvious thing to do. When I run this application again then browser redirects to a page saying something like 'you have already authorized this application'. Nothing happens until I click the Continue/OK button on the page. The token is not valid until I click this button.
Why is this happening this way? Shouldn't it authorize the token on entering the authorization page so it would support user-free loging in?
I have come across this issue; the problem was solved by setting
_dropNetClient.UseSandbox = true;
where _dropNetClient is an instance of DropNetClient
Normally, you only do the OAuth login/auth stuff the first time he/she uses your app. Once they are authorized, you'll have an "access token" that you should save somewhere.
The next time the user runs your application, don't do any of the OAuth steps. Just load up the access token (sometimes called the "user token" in the DropNet docs) and start making real API requests.
new DropNetClient(appKey, appSecret, accessToken, accessTokenSecret)
I want to authorize my users with Windows Live. I use the windows Live Connect 5.0 SDK for this. I am using a WPF WebBroser control to get a token but it always prompts for consent.
I let the webbrowser navigate to the following link:
https://oauth.live.com/authorize?client_id=CLIENT_ID&response_type=token&scope=wl.signin%20wl.basic&redirect_uri=https://oauth.live.com/desktop
with the client id as my application id. And I watch for navigation to the redirect url. I mostly don't need to login. But each time I need to give Consent for the two scopes.
The weird thing is, that when I look in to the app's I have given Consent both scopes are checked.
Also when I use another url for silent logging in:
https://oauth.live.com/authorize?client_id=CLIENT_ID&response_type=token&scope=wl.signin%20wl.basic&redirect_uri=https://oauth.live.com/desktop&display=none
I get an error that the user hasn't given consent for wl.signin and wl.basic.
Unlike Facebook's OAuth implementation checking the checkbox will not remember consent on the WL server, but rather give you long lived refresh token which you can exchange for access token.
Flow:
if have refresh token saved - try to get access token based on refresh one ( http://msdn.microsoft.com/en-us/library/ff752395.aspx ), otherwise:
show consent dialog
get access and refresh tokens ( http://msdn.microsoft.com/en-us/library/ff750952.aspx )
save refresh token securely on your server - the refresh token is close equialent of enencrypted user name+password. If you can't store securely you have to live with consent dialog.