Social - User accounts and login
Make sure you’ve gone through the steps to install and setup the social plugin.
Create a FacebookUser login flow
For typical social apps, you’ll just want
FacebookUser objects without associated
User objects. In this case your setup will be as follows:
Use login with Facebook button
You can use the login with Facebook button as well! Simply specify the onlogin data parameter as
<div class="fb-login-button" data-max-rows="1" data-size="large" data-button-type="login_with" data-scope="public_profile,email" data-show-faces="false" data-auto-logout-link="false" data-onlogin="social.onLoginButton()" data-use-continue-as="true"></div>
Create a User and FacebookUser flow
For websites, you’ll want to connect
FacebookUser objects with your standard, registered
Most of the time you should use the standard FacebookUser login flow (detailed above) and then set
User.facebookuser during registration.
You can also set
facebook_automatically_create_user to true in your config. This will create and connect a new
User object (if one does not exist already) to your
FacebookUser during the FacebookUser login flow. Generally using this automation is not recommended as it provides less control than is usually needed.
Checking if user is logged in
You can fetch a
FacebookUser using the
You can fetch a
User by social login using the User model’s
Here’s a working example:
Server-side login flow (without a js popup)
- Send user to
http://example.com/facebook/user/login/to authenticate a FacebookUser account
- In all cases, this will allow the user to accept the app and a
FacebookUserwill be created if successful. Successful app accepts are redirected to
facebook_success_redirect, failures to
facebook_failed_redirect(set these up in your conf)
- If successful, a
Userwill be logged in if
facebook_automatically_login_useris set to true in your config
- If successful, a new
Userwill be created if
facebook_automatically_create_useris set to true in your config
- You should also set up proper handler for failed authentications using
social.conf.ini / facebook_failed_redirect– do not send failed authentications into an infinite loop by redirecting them again to login. This is bad UX and against FB policy!
/facebook/user/login/ you can pass a couple of
GET parameters along with the request to customize the auth process. These are the available parameters:
redirect– this will override the
facebook_success_redirectsetting for this particular request and redirect to a different page.
scope– this will be appended to the
display– determines how the login screen is rendered. typically this will be page, popup, or touch but can be any of the supported display types.