I can't believe I'm asking this, since it apparently should be very simple.
I'm building a website, where I'd like my own user database to be able to "connect"/merge with a facebook profile.
That means, both users with and without facebook is allowed.
But I cannot for the life of me, figure out, how I join existing users in my database with facebook profile?
I've seen the flowchart on developers.facebook which is exactly what I need, but I can't figure out what to do to merge. What do I need to do in my database? and how do I capture the information I need from the registration plugin to merge?
I've read a lot here:
http://developers.facebook.com/docs/plugins/registration/
But I can't see the connection.
When people register via Facebook they are doing 2 things - they are connecting to your Facebook App (the one you created to get an App Id and App Secret) and they are registering on your site.
If they have registered on your site but not connected via Facebook, Facebook doesn't have any way of knowing that so it falls on you to figure it out. They'll go through the registration process as if they were a new user, but when you get the data you should check and see if you have a user that matches already. How you do that is up to you. Maybe they were already logged in normally and so you have their user id or something internal like that. Maybe they weren't and you have to see if the email address used is already in the database. How you then create their account or add any extra data you just gained from Facebook is up to you.
To get the data you'll have to process the signed_request POST variable which will have all the data on it. This is when you look at the email address or whatever fields you want to use to determine if the user already exists or not.
You should also be creating the new user in your database at this time. How you do that is again up to you.
Remember, Facebook is making the collecting of data easier as it imports things like name, email, birthday, etc for you so users don't have to type it all in. It's still up to you to create the user and do whatever you do on your end.
Connecting through Facebook will connect them with your app but you'll still need to create an account for them.
Related
I have android game done in unity. I have server rest API made in .Net, which is using Microsoft SQL Database.
I would like to do some registration - creating new account and Authentication like modern games are using. They during the login screen determine if user existed or not and if user existed the user data are served to the client. If user do not exist the new account is created.
I dont want use password and username. Also want be able to access my game account in any device which is owned by my. (using same google account)
I would like to have authentication like modern android games. E.g Clash Royale, Clash of Clans, Modern Strike, Fire Age, Candy Crash Saga etc.
my questions are: What are best practices for android game registration/authentication ?
Where is starting point I should start learn ? Any links would help.
I know how to create client, web api, also work with database, understanding hashing. What I am missing is best practice, how to do it properly. Or how to merge stuff i know to do it properly.
Also I did my homework: Searched that there is something like OAuth2, which used to login using 3rd party identity, which might be my google account ? But not sure if thats the way.
Egid
In registration on server make a unique guid for each user and send it to client. Client should save the id to use it for next logins. Now you can sync user game account with google account by saving the id of user in google savedgame. When user wants to login from another device he can sync with google and client get the saved id from google savedgame and use it to login.
Users never see the guid and it only save and restore from google account
ASP.NET newbie question. I'm starting with ASP.NET's Starter Site that comes with a set of built-in registration, authentication pages, and membership DB.
Now my question is, how can I restrict registration to my site? This site is for a patient practice and only patients need access.
I have read about roles, but assigning roles means the user has already registered. I don't want users created in the DB without being authorized either by email or other credentials that an admin will enter prior to registration.
Please let me know the best way to achieve this modification to the starter site template.
Thanks in advance.
As siva.k mentioned in a comment you can remove the registration process from public access, that means users will not be able to register by themselves, an administrator must be in charge of creating users. This implies that you will need user security roles...at least if you don't want your patients to have access to administrative areas such as user management.
Another approach which will require a bit of more effort is to "send email invitations to your patients". Someone perhaps an administrator simply need to enter (at least) an email address and the system would trigger an email inviting the user to register. Obviously, this will require to have a registration page/view to be publicly accessible, but protected to only users who have been sent out an invitation. Determining whether the user is genuine or not it's quite simple. At the time the system sends out the invitation, it logs an entry in a database record...say an email address, a random unique code and perhaps an expiry date to validate the invitation. The random unique code could be whatever you want but must be unique within the system and most importantly NON-SEQUENTIAL (as in incremental integers or something like that). This code can be sent to the invited patient in the form of a url query string parameter, this url is the link to the registration page. Then, the registration page will extract this code from the url, validate it against the database record, deletes the record and then serves the registration page. If the validation fails you can easily respond with a 403 or 404 http code.
As I said, it requires a bit of effort on your side but you could make it a robust solution you can report on.
I am implementing the Facebook Login widget inside my ASP.NET 4.5 C# web application. When I clicked the login button I eventually get the accessToken. My question is regarding making the user persistant in my application.
There is data that is associated with the specific facebook user. when the user log off and log in back (assuming that the cookie might be deleted), I want to be able to recognize him again to display the relevant information.
I know that I need to use the database, but what is the best practice to do so. Should I use the user ID or email address as a unique user identification string?
I am using MySQL as the backend.
I have been working on a similar application which uses either Facebook (OAuth), Google (OpenId) or a manual registration login approach.
My prefered solution was to ask the user for their email address, you will need to request extended permissions on the email field from Facebook as it is not offered up by default.
http://developers.facebook.com/docs/authentication/permissions
My table structure looks like this.
User
Id (int)
Email (nvarchar(256))
FacebookToken (nvarchar(256))
GoogleToken (nvarchar(256))
The advantage to this method is you are able to link up your users to the right account if you decide later to add another authentication / identification service or roll your own. It won;t matter if they login to FB, Google or Twitter - you always know whcih account to attach them to.
It is also useful to have an email address for each of your users regardless.
Regards
Steve
I am doing a little work with Facebook Connect and wondering how on Stack Overflow for example, you are able to login using another login provider such as Facebook or Yahoo, and for the site to be able to pick up your user details as you registered them on Stack Overflow? As far as I am aware, you could have registered using a different email address and your first name and last name are not unique identifiers, so how is it done?
It all depends on your use case. For example, I use the e-mail address as a unique identifier. When you log in with Facebook, my portal also asks your e-mail address from Facebook. Then, it searches a user object with a matching e-mail address from the database.
There are more than one ways of doing this:
Only allow login via Facebook. Then you can definitely identify all of your users via their e-mail address.
Allow logging in via Facebook and a username/password too, but require your users to use the same e-mail address in both places.
Allow logging in via Facebook and a username/password too, and allow your users to use different e-mail addresses for each. This is the most complicated option. Most sites solve this by requiring the user to 'pair' their Facebook account with their site account. This means that first time it is set up, users need to log in to the site, and while they're logged in to the site, they can log in to Facebook. Then your site stores their Facebook identity (no e-mail required in this case, just store the user id in a field). After this, the users can login via Facebook only, and you can pair their Facebook user id with the corresponding user object in your own database.
If you have any questions, just write them in the comments. :)
You would most likely add a new column on to your user table such as facebook_uid. Then, if a user has an existing account, you would get them to sign in to that first, before connecting to facebook, you can then store their facebook_uid against your existing user_id. Then if the user turns up and is already signed in to facebook, you can sign them into your website as well. If the user doesn't have an existing account on your site, you would simply create one (possibly filling it with the users name from facebook)
If you wanted to allow multiple methods of sign in, you could potentially have another table that holds a mapping between a provider (facebook,twitter,google etc) and the associated id for that account back to your user table.
The basics are, when they sign in with a 3rd party login system, you either map it to a current account on your site, or you create new account on your site if one does not already exist, and you map the account to it. You would obviously need to make this clear to your users, or have some way to merge accounts in case they aren't already signed in when they use a 3rd party. You could also potentially ask for email access from facebook and try and map that to an existing account, before creating a new one
Thanks
I'm creating a desktop application in C#.
one of the things that this application should do is to publish things to the status of the user in facebook (like: "dave just won 3 gold medals" ). this should happen whether the user is logged in now to facebook or not. I want the user to give me all the needed permissions once and then everything would happen automatically (I would save whatever is needed on my DB).
I tried using facebook developer toolkit 2.0 for .net but didn't see anything there that could help me.
ANY help would be appreciated.
For you question:
you need to use the Facebook Connect API
there is a Feature called offline_access - its an extended permission.
In FB Connect you need to toggle the correct popup :
The workflow will be like that:
User uses FB Connect to confirm the fact he wants to connect your app to his facebook account.
You trigger the popup.
You can then call all calls on his permission even if he is offline (or not using facebook connect)
For the sake of understanding: FB Connect is meant that way that you can easily log the user into his app and do everything on his behalf. offline_access is actually meant for cronjob work.
Iv'e got some answers here. I think it answers other questions I saw in the web lately:
My answer is related to desktop applications that works outside of facebook (facebook connect).
+ I'm using the facebook developer toolkit 2.1:
Here is how to get the special permission, needed to for offline access. and how to get the session key:
facebook.Components.FacebookService FS = new facebook.Components.FacebookService();
FS.GetExtendedPermission(facebook.Types.Enums.Extended_Permissions.offline_access);
The second line will force you to login and afterwards would ask for the permission after the user choose to grant the permission, you are given in the post URL - the fb_si_session_key. BUT the toolkit developers didn't do enough to bring it to you :-(
So you have few options. the simple one is to do:
FS.Logoff();
FS.ConnectToFacebook();
What will happen is that you'll see the login screen for a second and before youll be able to click anything it would vanish. but this time you'll have the right session key. you can get it like that:
string myPermanentSessionKey = FS.API.SessionKey;
If you dont want to show that annoying screen again you have few options, all of them are related to changing the source files of the toolkit. I'm not gonna get into it here, but just tell you a simple option: in the facebookconnect() function I changed it to receive a parameter (isShow) when I send true to it, it behaves normal, when I send false to it - it skips on the formLogin.ShowDialog();
It's working.