Comments (5)
martey
commented on July 19, 2024
Are you saying that if you request offline_access, the access token retrieved with our code is different than one retrieving using Facebook's JavaScript methods?
from facebook-sdk.
wescarr
commented on July 19, 2024
I don't believe so, but it appears that the JS API does not solely look at the fbsr_ cookie to determine if a user is logged in. As I mentioned, the fbsr_ cookie remains with no expiration even after the user logs out of facebook. Perhaps this isn't an SDK issue, an our service needs to separately track if the user is actually logged in or not.
from facebook-sdk.
wescarr
commented on July 19, 2024
I think I did a poor job explaining the issue. Essentially it boils down to the python SDK not having the ability to tell if the user is actually logged into Facebook or not. Just relying on the fbsr_ cookie is not enough since it persists if your app has the offline_access permission.
To deal with this, I plan to rely on the JS API by calling FB.getLoginStatus() and then setting a separate cookie like fb_loggedin. Then on the server side, check for the presence of the new cookie as well as use get_user_from_cookie to determine if the user is logged in to Facebook.
Hopefully that clears things up a bit.
from facebook-sdk.
martey
commented on July 19, 2024
I took a cursory look at the PHP SDK and the Graph API documentation, and did not see any server-side method to retrieve a user's logged-in status.
As far as I can tell, the purpose of the fbsr cookie is to note that the user has a valid access_token, not that they are currently logged in. Since offline_access lets you use an access_token even if a user is not logged in, I assume that is why the fbsr cookie remains (although we might have a clearer answer once the cookies are properly documented).
I think using FB.getLoginStatus is probably the right move in this case, albeit not one that the Python-based SDK can take (since we can't assume that we will have access to JavaScript). I am leaving this open so that I (or someone else) can research it more (and hopefully confirm my findings), especially since it probably affects our django-facebook package.
from facebook-sdk.
martey
commented on July 19, 2024
I just checked the Graph API documentation, and am relatively certain that our current implementation is correct. Requesting offline_access means that you need to be able to use the Graph API regardless of whether the user is currently logged in to Facebook.
If your application is dependent on a user being logged in to Facebook, you should not be requesting the offline_access permission (which is deprecated anyway; see #19).
from facebook-sdk.
Related Issues (20)
- Release 4.0.0 to support after deprecation on 7/26/2020 HOT 5
- the package version is too old HOT 1
- How to get photo and message of a specific post via URL HOT 1
- get all connections support time-based pagination HOT 1
- Release support for Graph API version 8.0 HOT 2
- Why it's no v.8, but still 3.1.0 that is deprecated? HOT 3
- login-facebook HOT 1
- Replace the image of a facebook post
- Facebook graph
- [FEATURE REQUEST] Type hinting
- [Bug] Remove support for deprecated Graph API Version "3.1". HOT 3
- how we can post an image with caption to group or page i need help
- JSONDecodeError raised when trying to use put_object method HOT 1
- Update supported versions HOT 4
- H
- How can i put love react on post facebook API
- Hihu HOT 1
- Unable to fetch more than 25 comments
- Could I please receive all notifications and messages for this email
- Any New Release ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from facebook-sdk.