Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Facebook native mobile application and mobile browser sharing session

Tags:

mobile

facebook

facebook-javascript-sdk

fbconnect

I have a website which allows login via facebook functionality and displays photos from facebook.

While accessing from a mobile browser I would like the website to automatically login(when the click on FB login button, without entering username and password) if the user is already logged in via the native FB application (iOS or andriod). It seems to be that I can do that by building a native iOS or android application and use facebook single sign on feature. Is it possible to do that without having the user install anything on their mobile device?

like image 963
Prasanth Avatar asked Dec 21 '12 19:12

Prasanth

2 Answers

That is not possible.

Auto-Login relies on auth tokens that will be granted to a website or mobile app after a user approves an app. For security reasons, those tokens are tight to the cause they were issued for. Particularly, web tokens and mobile tokens are not interchangeable.

So you could build a native mobile app to get a "native token", but even if you would manage to (cookie-)inject it into a browser view, your website's backend couldn't use it.

More generally, you're raising an issue even facebook can't solve: Say you are using a facebook mobile app and logged in there. If you open facebook's web version on that very same phone, you'll have to log in there again. The root cause is the same as with above. Specifically, any native app is uncapable of setting arbitrary auth cookies into the OS browser. I personally believe this restriction will not fall, because it would have a large security impact - just imagine how any app could set (and possibly get) cookies for any website.

like image 68
domsom Avatar answered Sep 18 '22 09:09

domsom

If they've never logged in facebook from their Mobile, how will your website ever know them ?

Is it possible to do that without having the user install anything on their mobile device?

Like PC's, users in a mobile device need to login in their phone in facebook's website before being eligible to login "automatically" to your website. When I say automatically, I mean they still have to go with the first time process of "Do you authorize this app/website to do X things on your account". That message is inevitable when using facebook's api on the web.

Hope this answers your question.

like image 35
Hamed Al-Khabaz Avatar answered Sep 18 '22 09:09

Hamed Al-Khabaz
Sign in to Comment

Related questions

Uncaught ReferenceError: checkLoginState is not defined using facebook API
how to get fb page scoped user id for sending message
Use OpenIdConnectServer and try to connect to Facebook through API service
How to add title and content after Facebook deprecation?
Unable to get provider com.facebook.internal.FacebookInitProvider: java.lang.ClassNotFoundException
Facebook share button issue: "Attachment not found: The attachment could not be found."
How do you verify user-owned subdomains in Facebook?
Wondering how Facebook does the "Mutual friends" feature
API Key Error in Facebook Connect (javascript sdk)
Android Facebook single sign-on - multiple key hashes possible?
Facebook Logout Url
Facebook Graph API overriding explicitly set Privacy settings
Facebook authorize w/permissions request yield "Page Not Found"
Check if page tab app is still installed
Unicode in PHP?
Safari and php sessions not working in facebook iframe
Accessing Facebook API Data with Python
OpenGraph: custom properties not showing in post
Facebook iOS SDK 3.0, implement like action on a url?
Facebook non-expiring access token

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!