Facebook connect service for my customers without appid

by

This has been discussed a couple o’ times before already – but I mostly commented on earlier questions, so let me write the whole thing up as a proper answer, for future reference.

[paraphrased] Multiple-client Facebook login via one single app id

Does anyone have a direction for me?

You probably rather don’t want to do that.

It is not really possible to run one simple app one multiple different domains.

As a workaround for only a few domains, people used to specify different domains for the different platforms – Website, Page Tab or Canvas App, plus Mobile alternative for Canvas – without actually using any of those platforms besides Website, which made the app usable on multiple domains as a website app. But since Facebook introduced their login/permission review process¹, you can’t do that any more – they expect you to present actual functionality on all platforms you have configured in your app.

You can kind-off use one single app for login on multiple domains – if you are willing to use only the server-side login flow, and to redirect users to one “main” domain (that gets specified as the app domain in the app settings) to login, and then from there back to the origin domain.

But this has several drawbacks:

  • It’s not what you’d call a “white label” solution. If your clients expect it to look as if users where logging in via “their” app, it should stay on their domain. Individual branding, in regard to stuff such as app name, app logo that shows in the login dialog, etc., would also not be possible. Additionally, app attribution – the link that shows up under content shared/posted via the app – would only link users back to the main domain, and not to your customer’s.

  • You would not be able to use the JS SDK for client-side API requests, or even just to embed it to render any of the FB social plugins that require an app id – the SDK checks what domain it is “running on”, and can not be tricked to accept a domain that is not specified in the app settings.

  • There could be privacy issues. An over-exaggerated example: Just because I as the app user decided to share my photos or videos I have on Facebook with your customer Our-Holy-Mother-of-Christ-Bakery.com, does not necessarily mean I want to share them with your other customer, amateurs-doing-all-kinds-of-nasty-stuff.xxx as well – but if they shared an app id for login purposes, I automatically would. Have fun writin’ the Privacy Policy (which is mandatory if you use FB login functionality, and FB also automatically checks if your app has got one) for that scenario 😉

  • Finally, and most importantly: All your customers would be “sitting in the same boat.” If one of them, or in turn their website users, would publish spam via your app id, so that Facebook blocks it, login would not work any more for all of your customer’s websites. And if you decide only then, that setting up an individual app for each of your customers would be the better way to go, they would not be able to recognize their existing users any more, because of user ids being app-scoped since API v2.0 was introduced – so if users logged into this new app, that app would see a totally different user id. (And to rely on an email address as an identifier is risky, too, because you will not get one from the API for every user; for example if they registered using their mobile device.)

  • Edit: Plus, app/domain insights, as luschn mentioned in his answer.

¹ Yes, the review process has made it more laborious to set up multiple apps for multiple clients. But for apps that do the same stuff/use the same permissions in the same manner, you can refer to an earlier successfully reviewed app id to speed up the process a little. Also, screenshots of how f.e. posts made via the app look on timeline, and what UI components are used, as well as screencasts that you include in your submission could probably be used with little to no alteration.

More Related Contents:

  1. Do I need an appId for a XFBML version of the Facebook Like button?
  2. Hi! I have an issue: Shopify instagram sales channel
  3. Facebook Graph API v2.0+ – /me/friends returns empty, or only friends who also use my application
  4. Facebook API error 191
  5. Facebook Callback appends ‘#_=_’ to Return URL
  6. Running Facebook application on localhost
  7. Warning: Each child in an array or iterator should have a unique “key” prop. Check the render method of `ListView`
  8. Facebook Oauth Logout
  9. Facebook Graph Api – Posting to Fan Page as an Admin
  10. How do you post to the wall on a facebook page (not profile)
  11. Fetching list of friends in Graph API or FQL – Appears to be missing some friends
  12. Get user profile picture by Id
  13. Where can I find my Facebook application id and secret key?
  14. How to get all the user IDs of people who are using your Facebook application
  15. Liking a page on behalf of a user?
  16. How to post on a friend’s Timeline after the February 2013 migration takes effect?
  17. Omniauth Facebook Error – Faraday::Error::ConnectionFailed
  18. Given URL is not allowed by the Application configuration
  19. How can we track hashtags with the new facebook hashtag implementation
  20. ASP.NET Web API and Identity with Facebook login
  21. Facebook API – How to get user’s address, phone #?
  22. How to show particular image as thumbnail while implementing share on Facebook?
  23. Facebook Graph API – how to get user country?
  24. How can I post new comment with Graph API into Social Comments Box?
  25. CSRF state token does not match one provided FB PHP SDK 3.1.1 Oauth 2.0
  26. Creating Facebook Page programmatically through Open Graph API
  27. What is the length of the access_token in Facebook OAuth2?
  28. Loading Iframe Facebook (Load denied by X-Frame-Options)
  29. How to display my photo albums and photos that are in FB on my own website
  30. How to get Likes Count when searching Facebook Graph API with search=xxx

Leave a Comment