7

Hello I am using the facebook sdk for android on my android phone and using single sign on. It works fine when I logged into the facebook application, my application also signed in. For logout I encountered a confusion.

The way I implemented was restore the access token and expired date from the user preferences of the application and check the validity of the session. If expired the application calls the facebook.authorized function and once authorized the access token and expired date will update again.

There are few things I find a bit confusion when dealing with the logout.

1) When I logged out from facebook application, my application still can get through and request the user details. Although, my saved access token on my application has no relationship with the facebook application, I thought it will at least giving me an error when requesting the data. But it hasn't given me the error.

Does it suppose to be actting like that. Signing out from facebook apps will not affect the access token I have stored on my application.

2) When I logged out from my application and not the facebook application, the facebook application won't automatically logout.

Improve this question

2 Answers 2

Reset to default
9

The Facebook access token and your app access token are separate and distinct, so it is entirely possible that one can be valid and allow access while the other is not valid and will require re-authorisation.

If the Facebook app is logged in but your app is not, then the Facebook SDK will use the existing Facebook app login to obtain a new access token for your app without authenticating, but this is still not linked to the Facebook app login token in any way.

If the Facebook app is not installed, or not logged in, then the Facebook SDK will take you to the Facebook website to do the initial authentication, but this does not log the Facebook app in because there is no connection between your access token and the Facebook access token.

So, in summary - your understanding is correct. There's no interaction between the two apps except for when your app tries to authenticate a user, then the Facebook app will act as a proxy, allowing you to gain access without authenticating so long as Facebook is logged in. After that, there is no further interaction and what you've observed is expected and intended behaviour.

Improve this answer
3
  • So if the user grants access to [my] application, he will always be authenticated if he is logged into the [official] facebook application? Even if I try to call facebook.logout(context) in [my] application? Sorry, but I'm a bit confused.
    – harsimranb
    Commented Jan 9, 2012 at 19:34
  • Yes - so long as your app has permission to access the Facebook account, uses the Facebook API, and the official Facebook app is still logged in, then the next time you start your app, it will use the Facebook app to get a new access token and will silently authenticate. That's how single-sign-on is supposed to work.
    – RivieraKid
    Commented Jan 10, 2012 at 0:40
  • So, is facebook.isSessionValid() the correct way to check if the user is actually logged on? Because facebook.isSessionValid() would return true, even when the user was logged in.
    – harsimranb
    Commented Jan 10, 2012 at 1:56
0

I have the same problem. I'm thinking about creating a "isLogged" var and store it so that when someone logout and restart the app it will not even verify if the user is logged bypassing facebook's session verify.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.