Force the user to login on Facebook when authorizing the Facebook API

StackOverflow https://stackoverflow.com/questions/21230140

Question

I've seen many questions about this, but most of them are outdated due to Facebook updating their API.

I have a site were people can bind their account with their Facebook account by storing their access token on that user. Which works great.

However the issue is that I have an option were people can connect their Facebook to their account on the spot on a shared computer were people can come and go. But by authorizing the application on this public computer they'll also get logged into Facebook automatically, so anyone can visit Facebook and thus get into the previous guys Facebook. But the issue is also that the next guy that comes to bind his account with Facebook will automatically get the previous guys already authorized accesstoken since the already logged in user has already authorized the app.

Is there a way to always force the user authorize their Facebook when they press on the bind Facebook button? Or is there a way to logout the user from Facebook after we have recieved the accessToken? I have the same issue with Twitter but I will leave that for another question.

Thanks in beforehand.

Was it helpful?

Solution 2

I couldn't find a solution to force people to login(The issue being if they already were logged in & authorized) But I used the javascript SDK to logout the user if he is logged in & authorized while if he is logged in but not authorized or not authorized at all then he'll atleast get the login form On the connect to Facebook page I have this javascript running that will automatically log out the user that registers & authorizes which means that the next guy that comes to log into his Facebook account will now get a clear login screen

window.fbAsyncInit = function() {
    FB.init({
        appId: 'AppIdStringHere',
      status     : true,
      xfbml      : true
    });
    FB.getLoginStatus(function (response) {
        if (response.status === 'connected')
        {
            //alert("Authorized");
            FB.login(function () {
                FB.logout(function (response) {
                });
            }, { scope: 'publish_actions' });
        }
        else if (response.status === 'not_authorized')
        {
            //alert("Logged in but not authorized");
        }
        else
        {
            //alert("Not logged in");
        }
    });
};

  (function(d, s, id){
     var js, fjs = d.getElementsByTagName(s)[0];
     if (d.getElementById(id)) {return;}
     js = d.createElement(s); js.id = id;
     js.src = "//connect.facebook.net/en_US/all.js";
     fjs.parentNode.insertBefore(js, fjs);
  }(document, 'script', 'facebook-jssdk'));

OTHER TIPS

You don't need to code it. You can find the solution on facebook developers console.

  • Go to https://developers.facebook.com
  • Go inside your Application
  • Go to Facebook Login/Settings at the rigth menu
  • Set to Yes option Force Web OAuth Reauthentication

That worked fine!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top