Best practice for Facebook authorization / action on mobile without plugins

Question

I'm writing an app using Phonegap.

I'd like to give some perks to the user for posting about the app on their wall (or something of the sort) if they wish to do so.

There's a neat Cordova plugin which covers Facebook's functionality pretty thoroughly and more importantly it appears that it does so as natively as it can manage.

If a plugin like that is not available however, what is a high-level overview for having a user:

1. authorize with FB
2. post something canned on FB
3. ascertain that they have in fact posted what was given to them

I believe there's a way to do these things using Facebook's JavaScript SDK, but I've never seen an app ask me for my username and password (that wasn't the actual Facebook app) and I don't imagine Facebook would be happy with that, so what's the best way to go about that?

Additionally, if I want for a user to log in using Facebook in my app, (think Tinder) what is the data that I should be saving? Facebook login token and device ID? What are the best practices when it comes to using facebook and phone data to identify and store user account information server-side?

Answer 1

Facebook Login for Android -

The Facebook SDK for Android provides methods to implement Facebook Login for your app. The SDK provides Facebook Login support for the these common scenarios:

• Your app uses only Facebook Login to authorize people using your app.
• Your app provides two login options: Facebook Login and your own login mechanism.
• Your app uses your own login initially and Facebook Login is an option to switch on certain social features.

For more - login-with-facebook.

Manually Build a Login Flow -

The easiest and quickest way to implement Facebook Login is with our official SDKs for JavaScript, iOS, and Android and we recommend you follow our separate guides for these platforms.

However, if you need to implement browser-based login for an app without using our SDKs, such as in a webview for a native desktop app (for example Windows 8), or a login flow using entirely server-side code, you can build a Login flow for yourself by using browser redirects.

This guide will take you through each step of the login flow and show you how to implement each one without using our SDKs:

• Checking login status
• Logging people in
• Confirming identity
• Storing access tokens and login status
• Logging people out
• Make direct HTTP requests to Graph API endpoints to retrieve and post data.

For more check - manually-build-a-login-flow.

Pros:

• No plugin dependency and no uncertainties when new versions of Cordova or the Facebook SDK are released.
• Works for all platforms, including platforms for which a version of the plugin doesn’t exist.
• Works for both browser-based apps and Cordova apps.

Cons:

• Not full-fledged, less out-of-the box features.
• Integration not as tight. For example, no native dialogs, etc.

The logic is integrated together and is available on github as OpenFB.

Sample Example -

Login using Facebook:

openFB.login(scope, successHandler, errorHandler);

Get the user’s list of friends:

openFB.api({path: '/me/friends', success: successHandler, error: errorHandler});

Post on the user’s feed:

openFB.api(
    {
        method: 'POST',
        path: '/me/feed',
        params: {
            message: 'Testing the Facebook Graph API'
        },
        success: successHandler,
        error: errorHandler
    });