Reputation: 11
Adding Facebook Permissions in OpenAuth.RequestAuthentication
I am using Asp.Net 4.5 in Visual Studio to implement Facebook Login for my website. Specially, I'm using the Microsoft.AspNet.Membership.OpenAuth and related classes in the .Net framework.
I can retrieve basic information from Facebook with no issue; however, I need to request permissions for more Facebook info of the user.
To be clearer, the following method in OpenAuthProviders.asxc.cs leads user to Facebook and pops up the Facebook dialog box asking for user permission:
OpenAuth.RequestAuthentication(provider, redirectUrl);
This function redirects to an URL of the following format:
https://www.facebook.com/dialog/oauth?client_id=xxx&redirect_uri=xxx&__provider__=facebook&__sid__=xxx&scope=email
My question is, currently the scope in the URL is always email. How do we add more to the scope, e.g. user birthday, user picture URL, through the OpenAuth.RequestAuthentication function?
If I have to code a new deeper function to talk to Facebook directly just to achieve this, it seems a bit counter-intuitive why I am using this OpenAuth class in the first place.
Any advice appreciated!
Upvotes: 1
Views: 677
Answers (1)
Reputation: 188
Firstly if you are using Visual Studio 2012 then there's reference architecture built in to handle Facebook OAuth when building your website. Its broadly suggested to add the Facebook C# SDK via Nuget to enable calls to FacebookClient.
Secondly, the username is NOT always an email address. Facebook allows users to create an account using their mobile phone number, without needing an email address. So do not rely on this field to always give you the email addy. Instead you can call the Facebook OAuth Client to get this info for you.
Its critical to understand that the first time you call Facebook Oauth for feedback it only gives back the following variables:
- id (can be email or mobile phone)
- name (user's Full name)
- link (link to their profile page on facebook)
- gender (male or female.. so little choice here)
- the access token
Once you have the access token you can use it to call the other variables. To see what you can get access to with the Facebook Client check out https://developers.facebook.com/docs/reference/api/user/ for a full listing of the various variables. (Noob alert: I still haven't figured out how to call all of them but the important bits are easy.)
There's an excellent tutorial by Scott MitzFacken on using OAuth providers in MVC websites and he takes you through each step except the most important one: getting the Extradata out using the access token and then getting it into your database. Follow his tutorial until you get to the point where this code is added to the ExternalLoginCallback method:
if (result.ExtraData.Keys.Contains("accesstoken"))
{
Session["facebooktoken"] = result.ExtraData["accesstoken"];
}
Ok so you've got your access token in the correct method. Now to get the data from Facebook and into your app. I amended the ExternalLoginConfirmation method just after the check to see if a user already exists:
// Check if user already exists
if (user == null)
{
var client = new Facebook.FacebookClient(Session["facebooktoken"].ToString());
dynamic response = client.Get("me", new { fields = "first_name, last_name, email" });
model.FirstName = response["first_name"];
model.LastName = response["last_name"];
model.EmailAddy = response["email"];
// Insert name into the profile table
db.UserProfiles.Add(new UserProfile { UserName = model.UserName, FullName = model.FullName, Gender = model.Gender, FirstName= model.FirstName, LastName =model.LastName, EmailAddy=model.EmailAddy});
db.SaveChanges();
- This assumes you have the Facebook C# SDK applied to your project.
- The Facebook fields are requested in a single set of " " separated by a comma.
- In my example the model.XXX refer to User Profile fields.
- I then cast the User Profile fields to the response["XXX"] string.
- When the User Profile record is saved the additional fields are also saved, thanks to the Facebook Oauth Client.
I'm not sure if you still need this answer... hopefully not. For noobs like myself who spent the entire day trying to get this right I hope this answer sheds some light on the subject
Cheers and Good luck!
[tag: c#] [tag: facebook] [tag: dotnetopenoauth]
Upvotes: 1
Related Questions
- Facebook oauth error=access_denied in asp.net
- MVC4 oauth facebook accessing User & Friend Permissions:
- how to grant user permissions
- Facebook oAuth extended permissions request
- How to set the Oauth Facebook
- Asp.net and Facebook authentication
- Grant additional permissions inside a facebook app
- Facebook API: How can I handle different permissions for different users in the same app?
- Granting permission with Facebook C# SDK
- Authorize with Permissions