4

How can you detect if a user previously authorized a tab application, without showing the user an authorization dialog? This is a user experience concern. We don't want to throw the user at an authorization dialog without a call-to-action, but we don't want a call to action to be shown to log the user in if the user previously authorized the app.

Here's the scenario. A tab application is hosted on a page that has several other applications. In Facebook, the 'Like' button does not work at the tab level but on a page level, so a user may have liked a different application without having seen the current application. Therefore, if any 'Like gate' is used on the landing page of a tab application, and authorization is required to use the app, then when we log the user in the user will be immediately shown the authorization screen without a call to action, unless we can detect that the user previously authorized this application.

Jon Davis
  • 6,562
  • 5
  • 43
  • 60

2 Answers2

2

You could use the javascript SDK and check the login status to see if they have authorized your application. If they have, you could redirect with javascript elsewhere or make the calls you need. If they haven't you could then show the call to action on your page. Something like:

FB.getLoginStatus(function(response){
  if(!response.authResponse){
    // redirect to authorization page
    top.location.href="http://www.facebook.com/dialog/oauth?client_id=appid&redirect_uri=http://facebook.com/somefanpage";
    // or instead show a call to action div
  } else {
   //load fan page specific content
 }
});

But this will only tell if you if they are currently logged in and authenticated with your application or not. The only way you would be able to tell if this is a returning user vs a brand new user is if Facebook sent over the userId in the signed_request like ifaour mentioned (then you could call /userId/permissions with your app access token or look up in your database), but Facebook most likely won't send the userId since your users probably aren't authenticating with your individual tab application but a different shared application key.

bkaid
  • 51,465
  • 22
  • 112
  • 128
  • The response object passed in from getLoginStatus requires the user to sign in first. We are attempting to determine the authorization status *before* signing the user in, so that we can customize the sign-in call to action (authorize us as a new user vs. sign in as an existing user). – Jon Davis Sep 26 '11 at 23:06
  • @stimpy77 I updated my answer but I'm fairly certain this isn't possible although I don't think I fully understand what you are trying to do. – bkaid Sep 26 '11 at 23:18
  • I overlooked the /userId/permissions detail you provided. That does in fact answer my question because that API endpoint is the detail I needed. Thanks. – Jon Davis Oct 13 '11 at 00:47
1

Well Facebook will send the user id in the signed_request only when the user authorize your application. So as long as that piece of information is missing then this means the user didn't authorize your application yet i.e. show the auth dialog (or redirect to auth screen)!

More about this in the Page Tab Tutorial:

Integrating with Facebook APIs

When a user navigates to the Facebook Page, they will see your Page Tab added in the next available tab position. Broadly, a Page Tab is loaded in exactly the same way as a Canvas Page. Read more about this in the Canvas Tutorial. When a user selects your Page Tab, you will received the signed_request parameter with one additional parameter, page. This parameter contains a JSON object with an id (the page id of the current page), admin (if the user is a admin of the page), and liked (if the user has liked the page). As with a Canvas Page, you will not receive all the user information accessible to your app in the signed_request until the user authorizes your app.

ifaour
  • 38,035
  • 12
  • 72
  • 79
  • By "authorize" I mean allowed access, not signed in. In order to get the Facebook ID, we need to log the user in, but we need to be able to determine whether logging the user in will cause an authorization dialog first, as this significantly changes the call to action that causes the user to begin the login process. – Jon Davis Sep 26 '11 at 22:49
  • I'm not sure if we are on the same page. It's simple if the `signed_request` (read on landing) includes the User ID do not authorize else authorize! right? – ifaour Sep 26 '11 at 22:52
  • Edited my comment, I was too late. I had misread your answer. We are indeed on the wrong page. Authorization and signing into the app are two different things. By "authorization" I mean the user giving rights to the app to do things like post on the user's wall. But in a new browser session a user is not necessarily signed into the app until an OAuth or equivalent sequence is performed, even if the user is already logged into Facebook, so we will still have to log the user in at which point the authorization dialog pops up if the user hasn't done this before. – Jon Davis Sep 26 '11 at 22:55