Uploaded image for project: 'Titanium SDK/CLI'
  1. Titanium SDK/CLI
  2. TIMOB-14433

iOS: Facebook login broken after password change

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: Release 3.1.0
    • Fix Version/s: None
    • Component/s: iOS
    • Environment:

      API 3.1.0.GA and associated Facebook module, iOS 6.1.3 with Facebook SSO credentials on phone, Facebook app installed

      Description

      Including sample app code below. Steps to reproduce:

      1. Create a Facebook app at developers.facebook.com. I used the app default settings, just make sure "Native iOS App" is clicked, match the Bundle ID to what is in tiapp.xml, and that Facebook login is enabled for the app. I also turned off sandbox mode on Facebook.
      2. Use the code included below, make sure to change your FB app ID. Log in and out - all works fine. Do this on the device, not simulator.
      3. In your browser, go to https://www.facebook.com/settings and change your password. Select the option to logout of devices, as the user is likely to do.
      4. Go to your Ti app on the phone, logout and try to login again - will fail as expected.
      5. in iOS, go to Settings -> Facebook -> Your Name, and update your password to match the one you entered in the browser a bit earlier.
      6. Go into Facebook app on phone, which will ask you to log in again due to the expired session, caused by the password change.
      7. Now go to the Ti app, try to log in - STILL FAILS!!!! Definitely not the expected behavior, and not sure how to instruct the user.
      8. The only way I successfully got out of this conundrum was to toggle the Ti app's Facebook permission under "Allow These Apps to Use Your Account" at iOS Settings -> Facebook, but even this is unreliable.
      9. What makes this even worse, is that I have seen cases where Facebook claims the user changed the password (seen this by using the token debug tool) - when the user (me!) has not changed his password.

      Code to reproduce:

      index.js

      index.js

      var loggedIn = undefined;
      var fb = require('facebook');
      fb.appid = 'YOUR_APP_ID';
      fb.permissions = ['email'];
      fb.forceDialogAuth = false;
       
      function doLogin(e) {
      	fb.authorize();
      }
       
      function doLogout(e){
      	fb.logout();
      }  
       
      function loggedInState() {
      	$.initLabel.visible = false;
      	$.logoutBtn.visible = true;
      	$.loginBtn.visible = false;	
      	Ti.API.info('Access token in case we need to debug: ' + fb.accessToken);	
      }
       
      function loggedOutState() {
      	$.initLabel.visible = false;
      	$.logoutBtn.visible = false;
      	$.loginBtn.visible = true;	
      }
       
      fb.addEventListener('logout', function() {
      	loggedOutState();
      });
       
      fb.addEventListener('login', function(e) {
      	Ti.API.info('Facebook login event, data:' + JSON.stringify(e.data) + ' cancelled: ' + e.cancelled + 
      		' error: ' + e.error + ' type: ' + e.type + ' uid: ' + e.uid + ' success: ' + e.success);
      	if (e.success) {
      		loggedInState();
      		alert('Login success, see console logs for user data');
      	} else if (e.error) {
      		alert ('Login error: ' + e.error);
      		loggedOutState();
      	} else if (e.cancelled) { // do nothing
      		alert('Login cancelled');
      		loggedOutState();
      	} else {
      		alert('no success, no error, and not cancelled... assume loggedOutState');
      		loggedOutState();
      	}
      });
       
      loggedIn = fb.getLoggedIn();
      Ti.API.info('logged in: ' + loggedIn); 
      if (loggedIn) {
      	loggedInState();
      }
       
      if (loggedIn === false) {
      	loggedOutState();
      }
       
      $.index.open();
      

      index.xml

      index.xml

       
      <Alloy>
      	<Window class="container">
      		<Label id="initLabel">This appears only when login state is undefined</Label>
      		<Button id="loginBtn" onClick="doLogin">Facebook Login</Button>
      		<Button id="logoutBtn" onClick="doLogout">Facebook Logout</Button>
      	</Window>
      </Alloy>
      

      index.tss

      index.tss

      ".container": {
      	backgroundColor:"white"
      },
      "#initLabel": {
      	width: Ti.UI.SIZE,
      	height: Ti.UI.SIZE,
      	color: "#000",
      	visible: true
      } ,
      "#loginBtn": {
      	visible: false
      },
      "#logoutBtn": {
      visible: false
      }
      

      bits from tiapp.xml

      bits from tiapp.xml

      <id>com.test.ti</id> <!-- make sure this matches your Facebook app config -->
      <property name="ti.facebook.appid">YOUR_APP_ID</property>
      ...
          <modules>
          	<!-- Add the appropriate line(s) to your modules section -->
          	<module platform="android">facebook</module>
          	<module platform="iphone">facebook</module>
          </modules>
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cng Chee Kiat Ng (Inactive)
                Reporter:
                mokesmokes Mark Mokryn
              • Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Backbone Issue Sync

                  • Titanium SDK/CLI <> Titanium Mobile
                    Synced with:
                    TIMOB-16894
                    Sync status:
                    ERROR
                    Last received:
                    Last sent:

                    Git Integration