Facebook Authentication

Wiki ▸ API Reference ▸ Authentication ▸ Extended Authentication ▸ Facebook Authentication

Facebook tokens expiry

When facebook is available under linked_accounts, clients should check its expires_at attribute every time the app is opened. In the case that expired_at has already passed, clients should initiate a Facebook authentication flow with the same current scopes available under facebook. This would most of the time run in the background as the profile has already installed the Facebook application with the same permissions. Once new Facebook access_token is acquired, clients should use it to update the linked Facebook account.

Linked Facebook account scopes

By default at least public_profile and email scopes should be granted for a Facebook account to be linked. This happens during the Facebook authentication flow in both clients and server. Clients do not need to explicitly send the scopes attribute when authenticating Facebook accounts. The API server will make sure to get the scopes and other information about the linked account. It also installed webhooks on Facebook application to get notified about profiles changing their permissions i.e. the scopes of which Shoutit Facebook application can access.

Publishing Shouts to Facebook

Profiles can publish their shouts to Facebook by adding publish_to_facebook property and set it to true to the POST JSON body when creating a new shout.

Clients should consider the following

Adding “Publish to Facebook” checkbox defaulting to true if publish_actions is one of the scopes under facebook.
if publish_actions is not one of the scopes therefore the checkbox is not checked and the user checked it, initiating a Facebook authentication flow asking for publish_actions permission.
- in the case of non-existing facebook, initiating a Facebook authentication flow with both email and publish_actions permissions.
- updating the linked Facebook account.
- making sure the returned profile object has publish_actions in linked_accounts.facebook.scopes
setting publish_to_facebook to true in the shout post json body.

POST: /shouts

{
  "publish_to_facebook": true
}

Saving Facebook Friends list

Shoutit allows profiles to save their Facebook friends list to see who of them are using Shoutit. Facebook now only returns those friends who also use the app 1. Clients need to ask for user_friends permission when initiating Facebook authentication flow and the API will take care of the rest when the account is linked. Clients should ask for user_friends permission only when the user opens the Facebook Friends view not when signing up for first time or when publishing a shout.

Retrieving list of Profiles that are mutual friends

Before making calls to this endpoint clients should make sure the user_friends permission exists in linked_accounts.facebook.scopes of the user profile

Profile mutual friends

Shoutit API Wiki

Facebook Authentication

Facebook tokens expiry

Linked Facebook account scopes

Publishing Shouts to Facebook

Saving Facebook Friends list

Retrieving list of Profiles that are mutual friends

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Installation

API Reference

Clone this wiki locally