Jump to content

[TOPIC: topicViewTemplate]
[GLOBAL: userSmallPhoto]
Photo

facebook two-phase login, really required? (Android)
Started by davebollinger Jun 05 2014 08:30 AM

3 replies to this topic
[TOPIC CONTROLS]
[/TOPIC CONTROLS]
[modOptionsDropdown]
[/modOptionsDropdown]
[reputationFilter]
[TOPIC: post.html]
#1

davebollinger

[GLOBAL: userInfoPane.html]
davebollinger
  • Basic
  • PipPipPipPipPipPip
  • 316 posts
  • Jedi

"conventional wisdom" (from the facebook sample, and from older posts here in the forum) seems to dictate the two phase login, aka (psuedo-code):

local function listenerPhase2(event)
  if (event.type=="session" and event.phase=="login") then
    -- now we're logged in with extended permissions, so:
    facebook.request("me/photos"...
  end
end
 
local function listenerPhase1(event)
  if (event.type=="session" and event.phase=="login") then
    -- we're logged in, but with only basic permissions, so on to phase 2 login:
    facebook.login(appid, listenerPhase2, {"publish_actions"})
  end
end
 
-- no permission login phase 1
facebook.login(appid, listenerPhase1)

[Argh!! Half my post was lost, trying again...]

 

But testing seems to indicate that a single-phase login works, with dev or test accts, with or without native fb android app installed, (more quick psuedocode):

local function listenerPhase1(event)
  if (event.type=="session" and event.phase=="login") then
    -- if we did .request("me/permissions" here we'd find publish_actions granted, so
    facebook.request("me/photos"...
  end
end

facebook.login(appid, listenerPhase1, {"publish_actions"})

I guess my question boils down to:  are there KNOWN conditions under which single-phase login will FAIL to obtain the requested permissions, in today's world?  Not sure how old the "conventional wisdom" is, and/or/if it still applies, and/or under what circumstances.

 

Thanks!

 



[TOPIC: post.html]
#2

ubj3d.android

[GLOBAL: userInfoPane.html]
ubj3d.android
  • Pro
  • PipPipPipPipPipPip
  • 538 posts
  • Jedi


[TOPIC: post.html]
#3

davebollinger

[GLOBAL: userInfoPane.html]
davebollinger
  • Basic
  • PipPipPipPipPipPip
  • 316 posts
  • Jedi

 

Thanks!  Tho that just illustrates that we don't seem to REALLY know the answer.

 

In Rob's post there he says facebook requires it: "writing to their timeline you have to make a 2nd request to get those features"

 

Yet in another (somewhat related, re photo upload on Android) post just days ago, Rob shows code that works for him, BUT it's single-phase login style!  http://forums.coronalabs.com/topic/42443-post-screenshot-to-facebook/?p=250253

 

When facebook DOES cooperate for me (and it often doesn't! :D) i haven't yet seen in my own testing where two-phase is actually necessary (but again, that may be just because i haven't tested some weird case that i'm just not aware of).  So my experience (so far) has been more like Rob's second post, rather than the first.

 

FB's own API docs  https://developers.facebook.com/docs/reference/javascript/FB.login/v2.0

seem to indicate that you can do either, that is if you DO ask for them in phase 1, fine, if not you can always go back and ask for more when actually needed.

 

Or:  https://developers.facebook.com/docs/facebook-login/permissions/v2.0

"Your app can ask for additional permissions at any time, even after a person logs in for the first time. "

(implying that you may or may not have asked for at least some extended permissions in the first time login)

 

I think if your app is the "auto-login at startup" type, then you'd do a first-phase no-permission login.  Then only if/when ready to actually publish you might ask for extended permissions.  On the other hand, if your app is a "the only reason i use fb is to post accomplishment photo" then you might as well do a one-phase login for that single operation (and of course, you may already be logged in anyway, and really just need to re-assert your requested permissions are still in effect)

 

That's what it seems like at least, but sure would like to know the real deal.



[TOPIC: post.html]
#4

Rob Miracle

[GLOBAL: userInfoPane.html]
Rob Miracle
  • Corona Staff
  • 10,040 posts
  • Jedi

The first call to facebook.login() gets you read permission to your "me" object, list of friends, etc.  You get no posting rights.  You have to make a second login request, where you request additional permissions to be able to post to your stream, get extra things that's not included in the basic permissions.

 

If you only want to read your information, then you only need one login.

 

Rob




[topic_controls]
[/topic_controls]