Geek Answers Handbook

Facebook iOS SDK 3.0 Re-Authorization

I have a few questions about the new FBSession reauthorization (reauthorizeWithPermissions: behavior: completeHandler :) on facebook sdk 3.0:

As soon as someone logged in via facebook in my application, on some pages I would like to re-authenticate the user with his / her credentials on facebook. This is done so that the one who viewed the page and the person who registered were the same. Permissions for re-authorization remain the same as for logging in. All I need is a re-confirmation of the user password to secure this case.

Therefore, I use reauthorisationWithPermissions: for this. And I set the behavior as FBSessionLoginBehaviorForcingWebView to make sure the user is forced to enter their credentials. However, this does not work at all. It just displays an empty webview for a couple of seconds, and then disappears ... At the moment, it calls the FBSesstionStateHandler block with the state set to FBSessionStateOpen, however, it cannot call the FBSessionReauthorizeResultHandler defined in (completeHandler :).

However, if I just set the default behavior (FBSessionLoginBehaviorWithFallbackToWebView), it works fine by passing the request back and forth between facebook app / safari and ends the call by calling checkHandler correctly. However, with the default behavior, it does not force the user to re-enter their password.

So, I'm really confused, and the sdk docs on the Internet are not very useful for my business. Can someone please advise me what I'm doing wrong ... or learn his famous bug in the SDK? If so, how can I fulfill my requirements?

-(void) reauthThroughFacebook { if ( !self.facebookSession.isOpen && self.facebookSession.state == FBSessionStateCreatedTokenLoaded) { [self.facebookSession openWithBehavior: FBSessionLoginBehaviorWithNoFallbackToWebView completionHandler: self.stateHandler]; } if ( self.facebookSession.isOpen ) { [self.facebookSession reauthorizeWithPermissions: self.userPermissions behavior: FBSessionLoginBehaviorForcingWebView completionHandler:^(FBSession *session, NSError* error){ if (self.facebookSession == session) { [self completedReauthWithSuccess:(error == nil) error:error]; } }]; } else { [self completedReauthWithSuccess:NO error:[NSError errorWithDomain: @"No active session found." code: FBErrorInvalid userInfo: nil]]; } }

Also, after the reauth web view is displayed correctly, how can I guarantee that the email address of the user will be automatically filled in and block the change of the user form? Can I access the facebook sdk web view to set these properties?

Finally, what happens to the access token and expiration date if re-auth happens with the same rights as login?

Thanks in advance,

+8
ios facebook facebook-ios-sdk
source share
1 answer

This is an interesting question. I have not encoded it, so I don’t know if this will work, but how the FB session works, this is my best guess when approaching.

Using a single FB session, I don't think you can do this. During this session, FB auth is binary, either the user logs in (that is, has an open session) or not. The various reauth methods were intended for authorization with additional permissions and are now deprecated in favor of methods for requesting additional permissions.

You may be able to accomplish something close to what you want by supporting multiple FB sessions. The second auth value will be basically the same as allowing the second FB user to log into your application. Then you should close the second session at the appropriate time. You can ensure that both sessions are the same FB user by comparing FB user IDs.

In the last paragraph, Understanding Sessions, "FB discusses support for multiple sessions.

0
source share

More articles:


All Articles