Social - User accounts and login


Preparation

Make sure you’ve gone through the steps to install and setup the social plugin.

Create a FacebookUser login flow

For typical social apps, you’ll just want FacebookUser objects without associated User objects. In this case your setup will be as follows:

Use login with Facebook button

You can use the login with Facebook button as well! Simply specify the onlogin data parameter as data-onlogin="social.onLoginButton()":

<div class="fb-login-button" data-max-rows="1" data-size="large" data-button-type="login_with" data-scope="public_profile,email" data-show-faces="false" data-auto-logout-link="false" data-onlogin="social.onLoginButton()" data-use-continue-as="true"></div>

Create a User and FacebookUser flow

For websites, you’ll want to connect FacebookUser objects with your standard, registered User objects.

Most of the time you should use the standard FacebookUser login flow (detailed above) and then set User.facebookuser during registration.

You can also set facebook_automatically_create_user to true in your config. This will create and connect a new User object (if one does not exist already) to your FacebookUser during the FacebookUser login flow. Generally using this automation is not recommended as it provides less control than is usually needed.

Checking if user is logged in

You can fetch a FacebookUser using the fetch_by_fbsession method.

You can fetch a User by social login using the User model’s fetch_by_social method.

Here’s a working example:

Server-side login flow (without a js popup)

In most apps the Javascript popup authentication method is the best. But sometimes, you’ll want to redirect users and avoid the popup. In this case you’ll need to:

  1. Send user to http://example.com/facebook/user/login/ to authenticate a FacebookUser account
  2. In all cases, this will allow the user to accept the app and a FacebookUser will be created if successful. Successful app accepts are redirected to facebook_success_redirect, failures to facebook_failed_redirect (set these up in your conf)
  3. If successful, a User will be logged in if facebook_automatically_login_user is set to true in your config
  4. If successful, a new User will be created if facebook_automatically_create_user is set to true in your config
  5. You should also set up proper handler for failed authentications using social.conf.ini / facebook_failed_redirect – do not send failed authentications into an infinite loop by redirecting them again to login. This is bad UX and against FB policy!

When calling /facebook/user/login/ you can pass a couple of GET parameters along with the request to customize the auth process. These are the available parameters:

  • redirect – this will override the facebook_success_redirect setting for this particular request and redirect to a different page.
  • scope – this will be appended to the facebook_scope setting
  • display – determines how the login screen is rendered. typically this will be page, popup, or touch but can be any of the supported display types.
Outlast Web & Mobile Development (c) 2019 | Privacy Policy |