I’m currently working on a radio with a number of stations. Some of these stations, I want to be locked unless a visitor likes the community page – an incentive. I spent quite a bit of time looking over the process of how you can determine if a visitor has liked a specific site. Unfortunately, the process is not at all straightforward. In a nutshell, I can get a list of the visitor’s likes if I can get that visitor to permit me to look at his/her likes. Here’s the process that I figured out:
- If not already logged into Facebook, prompt the visitor to do so.
- Create a Facebook app for the radio station – this really seems to be a way for Facebook to gate data.
- If the visitor is logged into Facebook, prompt to grant permissions to the Facebook radio app.
- If the visitor has granted permissions, analyze his/her likes for the specific site.
Of course, I would like it so that only step #4 existed; however, due to this world requiring massive security, all those other steps must also happen.
Since I have a larger history with PHP and I’ve been using AJAX recently, I downloaded and started messing around with the Facebook PHP SDK. Communicating between my AngularJS app and the PHP AJAX started to feel cumbersome. Eventually, I came across a Facebook JS SDK and found that it more directly implemented the login/permission procedure above.
Odd Login Statuses
In a couple of the JS SDK functions, there will be a response sent back with a login status. There are three:
- connected: Means logged-in and granted desired permissions.
- not_authorized: Means logged-in, but did not grant desired permissions.
- unknown: Means not logged-in.
When you call FB.login, the response object will only be ‘connected’ (logged-in and granted desired permissions) or ‘unknown’ (closed the dialog or did not log-in or did not grant permissions). It will never return ‘not_authorized’ (logged-in, but cancelled on the permissions screen). As such, you have to write your FB.login call like this:
FB.login( function( response ) {
if ( response.authResponse ) {
// response.status will be 'connected'
} else {
// response.status will be 'unknown'
}
}, { scope: 'public_profile' } );
I also noticed that in the call to FB.getLoginStatus, you will only get the ‘not_authorized’ login status if you have refreshed the page completely; thereby, allowing the JS SDK to initialize. So, it is possible that I am missing a step that would refresh this status properly, but could find nothing in the docs or through Google searches. Since the docs indicate that you should be able to get any of the three statuses immediately after login, this could also be a bug on Facebook’s end.
Facebook Apps
Apps are where you, as a Developer, can communicate with your visitors and Facebook on security. From the apps section, you can create an app, tell it which kinds of permissions you want, which websites it should recognize, etc. Two caveats here:
- You cannot have unlimited URLs associated with this app. At most, Facebook allows two – the main URL and a mobile URL.
- Starting on April 30, 2015, any permissions besides the basic info (public profile, email, friends) should be submitted to Facebook for review.