facebook security settings
3 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: October 28, 2015 (RSS)
By ht1080z - October 18, 2015 - edited: October 19, 2015
Hi,
There is a new security checklist in the facebook app settings (fb side). Can you help me to clarify some thing to make it work wit the login/signup with Facebook add-on?
What should i put in the settings:
Server IP Whitelist
Valid OAuth redirect URIs
Any other settings to turn off and/or on to make this connection secure between the add-on and facebook?
I cannot make without these to add-on work, probably the Valid OAuth redirect URIs is the key. I tried here my login/signup link but no luck.
Please advise,
Karls
By gregThomas - October 27, 2015 - edited: October 27, 2015
Hey Karls,
Thanks for letting us know about this issue.
Facebook have been making extensive security updates to their API recently. I've updated the directions on how to create a Facebook App under the new layout:
- Go to developers.facebook.com, login if required, then go to My Apps -> Add a new App in the drop down menu at the top of the page.
- A pop up will appear asking you which type of app you wish to create, select website.
- On the Quick start for website screen enter the name you'd like for your App then press enter. Then select which category your app falls under. Leave 'Is this a test version of another app? Learn More. ' set to No.
- You'll be taken to a 4 step 'quick start' process.
* The first step shows you some JavasSript code, you can ignore this and enter your sites domain in the 'site url' field at the bottom of the page.
* Once this is done, you'll be taken directly to the 'test' step, and the initial configuration is complete!
* Now you can click 'skip quick start' button in the top corner of this page.
- This will bring you to your app edit page.
- Copy the APP ID and APP Secret strings into the plugin: $GLOBALS['FACEBOOKAPI_APP_ID'] = ''; // Copy facebook App ID from app created at https://developers.facebook.com/apps $GLOBALS['FACEBOOKAPI_APP_SECRET'] = ''; // Copy facebook App Secret from app created athttps://developers.facebook.com/apps
- Click on "App Domains" and enter your domain without the www (eg: example.com)
- Click on "Website with Facebook Login". Enter your website URL (eg: http://example.com/ ) and click "Save Changes".
- Enable Facebook Login in your plugin by setting $GLOBALS $GLOBALS['FACEBOOKAPI_ENABLE_LOGIN'] to true.
You'll also need to make a small change to the code of the plugin so that it can get the users email address again. You'll need to update line 198 of the plugin from this:
$graph_url = "https://graph.facebook.com/me?access_token=" . $responseValues['access_token'];
to this:
$graph_url = "https://graph.facebook.com/me?fields=email,name,first_name,last_name&access_token=" . $responseValues['access_token'];
We'll be releasing a new version of the plugin with these changes in soon!
Thanks,
Greg
PHP Programmer - interactivetools.com
By ht1080z - October 28, 2015
Hi Greg,
We have a significant time zone difference and also we had a national holiday in Greece today, i just changed the add-on and tested on production.
Everything working fine, thank you for your response, analysis and help on the issue.
You probably find out more than i needed.
Thank you again,
Karls