Skip to Content Skip to Menu

Login with Native Android FB Login and CB API

  • timstohr
  • timstohr
  • OFFLINE
  • Posts: 1091
  • Thanks: 56
  • Karma: 9
8 years 8 months ago #289130 by timstohr
Login with Native Android FB Login and CB API was created by timstohr
Hi Kyle,
We are creating a native android app with an FB Login using CB API.

how can i login a user into cb (using CB API) in the backend without user interaction (i.e. without login credentials) after he/she has logged into an external provider like facebook?

I think cbconnect implements this behaviour, but it has not become quite clear how (we have looked through the code but are non the wiser).

Also, how do we do the @link to already existing account according to Email Adress@? eg a user has already an account using the traditional login (password + username) and decides to login using FB login. That would mean it would need to identify the right user account based on email address sent from FB.

Thanks in advance

Tim

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 49447
  • Thanks: 8467
  • Karma: 1465
8 years 7 months ago #289155 by krileon
Replied by krileon on topic Login with Native Android FB Login and CB API
The login API can bypass authentication by simply using the login function without a password. See the login function of components/com_comprofiler/plugin/user/plug_cbconnect/component.cbconnect.php for usage details.

CB Connect only links if they've logged in normally through Joomla then used the link button. What you're wanting it to do is a massive security vulnerability. To put it into perspective you're wanting to allow Facebook accounts to takeover Joomla accounts based off the sole value of their email address, which you can change to whatever you want on Facebook or even in the application permissions dialog. It's certainly doable, but it will never be implemented into CB Connect.

As for the rest that's all implementation details regarding native app development that I can't help you with.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • timstohr
  • timstohr
  • OFFLINE
  • Posts: 1091
  • Thanks: 56
  • Karma: 9
8 years 7 months ago #289185 by timstohr
Replied by timstohr on topic Login with Native Android FB Login and CB API
OK understood,

how can we then instead link the fb accounts with cb accounts in a secure way? Any examples?

Tim

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 49447
  • Thanks: 8467
  • Karma: 1465
8 years 7 months ago #289188 by krileon
Replied by krileon on topic Login with Native Android FB Login and CB API
You can't without first logging in to CB as CB Connect already requires for linking. Username and Email Address absolutely are not safe to depend on as you could easily hijack someones account doing that. Best way to handle this scenario is if the username or email address (both need to be unique) is in use then ask them to login then link the accounts after they've logged in.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum