Handling Facebook SDK 3.0 Session lifecycle in Android

Question

I am attempting to update my Android app from the Facebook SDK 2.0 (async API) to the new SDK 3.0. Facebook is not the sole method of authentication in this app. The previous version of the app stored the Facebook access_token in SharedPreferences. I am attempting to setup a workflow that covers all possible authentication cases, but the docs are not complete.

Session session = null;

//already authenticated in another Activity, so reuse session:
session = Session.getActiveSession(getApplicationContext())

//app resumed/rotated, so reopen session:
if (session == null) {
    session = Session.openActiveSessionFromCache(getApplicationContext())
}

if (session == null) {
    session = new Session(getApplicationContext());

    //access_token from SDK 2.0 (async API), stored in SharedPreferences
    if (myPreferences.getFacebookToken != null) {
        AccessToken access_token = AccessToken.createFromExistingAccessToken(myPreferences.getFacebookToken(), null, null, null, null);
        session.open(access_token, new Session.StatusCallback(){
                @Override
                public void call(Session session, SessionState state, Exception exception) {
                    if (session.isOpened()) {
                        myPreferences.deleteFacebookToken();
                    }
        });
    }
}

//user previously logged in (app restarted), or SSO
if (!session.isOpen()) {
    session.openForRead(new Session.OpenRequest(getApplicationContext()).setLoginBehavior(SessionLoginBehavior.SSO_WITH_FALLBACK));
}

Session.setActiveSession(session);
Request.newMeRequest(session, ... // etc

I believe this covers all authentication cases for Facebook in my app. What I would like to know is how can I best determine if my user is a facebook user, in order to call this code in the first place? I can detect the SDK 2.0 access_key for previous users, but new users will not have a valid session for me to check. I would like to login a user with no interaction if they have SSO, or if the Session object has an access token for them already, but not run any of this if the user has opted for another login authentication mechanism. It seems the check of the Session object will pop the FB login if there is no access token (in the case of a user who does not use Facebook to login).

Answer 1

First a comment about your code: you dont' need to do the if (myPreferences.getFacebookToken) block at all. The SDK already stores the access token for you, and will use the stored data if it's available. You don't need to explicitly pass it to the Session.

Now, onto answering your question. Calling openActiveSessionFromCache is pretty much exactly what you're looking for. If the user has previously authorized with facebook, and you haven't called closeAndClearTokenInformation, then calling openActiveSessionFromCache will log them in quietly. So if you get a non-null Session from that call, then you know they're a facebook user, and they've already authorized your app. If you get a null Session, then they haven't auth'ed your app yet, and you should present them with all the login choices.