Social - User accounts and login
Preparation
Make sure you’ve gone through the steps to install and setup the social plugin.
Create a FacebookUser login flow
For typical social apps, you’ll just want FacebookUser
objects without associated User
objects. In this case your setup will be as follows:
Use login with Facebook button
You can use the login with Facebook button as well! Simply specify the onlogin data parameter as data-onlogin="social.onLoginButton()"
:
<div class="fb-login-button" data-max-rows="1" data-size="large" data-button-type="login_with" data-scope="public_profile,email" data-show-faces="false" data-auto-logout-link="false" data-onlogin="social.onLoginButton()" data-use-continue-as="true"></div>
Create a User and FacebookUser flow
For websites, you’ll want to connect FacebookUser
objects with your standard, registered User
objects.
Most of the time you should use the standard FacebookUser login flow (detailed above) and then set User.facebookuser
during registration.
You can also set facebook_automatically_create_user
to true in your config. This will create and connect a new User
object (if one does not exist already) to your FacebookUser
during the FacebookUser login flow. Generally using this automation is not recommended as it provides less control than is usually needed.
Checking if user is logged in
You can fetch a FacebookUser
using the fetch_by_fbsession
method.
You can fetch a User
by social login using the User model’s fetch_by_social
method.
Here’s a working example:
Server-side login flow (without a js popup)
In most apps the Javascript popup authentication method is the best. But sometimes, you’ll want to redirect users and avoid the popup. In this case you’ll need to:
- Send user to
http://example.com/facebook/user/login/
to authenticate a FacebookUser account - In all cases, this will allow the user to accept the app and a
FacebookUser
will be created if successful. Successful app accepts are redirected tofacebook_success_redirect
, failures tofacebook_failed_redirect
(set these up in your conf) - If successful, a
User
will be logged in iffacebook_automatically_login_user
is set to true in your config - If successful, a new
User
will be created iffacebook_automatically_create_user
is set to true in your config - You should also set up proper handler for failed authentications using
social.conf.ini / facebook_failed_redirect
– do not send failed authentications into an infinite loop by redirecting them again to login. This is bad UX and against FB policy!
When calling /facebook/user/login/
you can pass a couple of GET
parameters along with the request to customize the auth process. These are the available parameters:
redirect
– this will override thefacebook_success_redirect
setting for this particular request and redirect to a different page.scope
– this will be appended to thefacebook_scope
settingdisplay
– determines how the login screen is rendered. typically this will be page, popup, or touch but can be any of the supported display types.