Topic-icon Help - JFBConnect > UserMap.> FB App Athorized

Hi guys, 
PHP 7.4.33 + Joomla 3.10.11 + JFBConnect 9.x (August 2022, I noted it now) I attach an image here for you

JFBConnect > UserMap.> FB App Athorized: denied

Why he is been denied ?
- Something wrong with JFBConnect process ? An old issue ?
- Or something between the User and its Facebook profile ? What ? (Ho forgot the password ?!?) 

What happen now ? I mean, Can he try again to connect his Facebook profile when he wants ? OR Do I have to delete it before it ?

Many Thanks for help on understanding ?
Support Specialist
2 months 5 days ago #68456 by mel
Users can deauthorize the app from Facebook at any time. When that happens, Facebook calls the deauthorize callback set up in the application. JFBConnect then sets that flag to 0 on the usermap. In order to authenticate on the site again with Facebook credentials. the user will need to connect again to the Facebook profile with the Joomla user.

If they're not getting the prompt again to accept the app when using the Login with Facebook button again, it's safe to delete the usermap as long as
1) you have the "Automatically Link Users by Email" setting enabled in JFBConnect > Configuration and the FB account email matches the Joomla account email (or else a new account will be created
2) the user is logged in and SCLogin has the "Show Connect Account Button(s)" settings enabled. They can then map the logged into Joomla user to the FB account.

1 month 2 weeks ago #68479 by joomleb
Hi Mel,
Thank You for the deailed explication.
About the point 2, Do you mean that if the User has deauthorized FB with "SCLogin > Show Connect Account Button(s): enabled" and he is logged in, the Facebook Icon (to connect Facebook) will no longer be shown, Right ? ...(Till the JFBC > User Map deauthorized record is not deleted)
Support Specialist
1 month 2 weeks ago - 1 month 2 weeks ago #68482 by mel
Looking at the code, yes I believe there's just a flag set on the user and it's not removing the user map row. I can't figure out what we're actually doing with that authorized information that's useful. I'll have to check with Alex since he wrote that logic.

I mapped a test user to my localhost page and deleted the authorization on the user's FB settings. I attempted to delete the usermap row and try to re-map the user again but was getting "Login Error. There is an error in logging you into this application. Please try again later." I'll have to investigate this further.

Last edit: 1 month 2 weeks ago by mel.
1 month 2 weeks ago #68484 by joomleb
Hi Mel,
thank you, I'll stay tuned here waiting your updates. Meanwhile I report you 2 more User Map related issues here, so you can complete the investigation:

2 - the "JFBC > User Map > Created / Modified" dates are not applying the "Joomla > Global Configuration > Server > Website Time Zone" adjustment writing the in a different time that is generating confusion during Admin checkings. Please, Can you confirm and fix it ?

3 - the sense to have an User Map recap section is to give to Admin a simple way to check users when neeed. This is why would be "a must" to have the Socila Connected icons linked directly to the Social Profile User page. So, we can click on the Socila Icons (Google, Facebook, etc.) and open in a new window tab the Social User Profile and check it when we need...
Please, Can you add it for the next release ?
Support Specialist
1 month 1 week ago #68493 by alzander
We're still investigating the cause of an error after de-authorizing an app, but I wanted to respond to your other 2 questions.

2) When a user de-authorizes, we use the following code to set the updated_at date to the current UTC time. Looking at the user component, I see how we can format it to the current timezone of the server to display that better. I've added an item to our todo list.

3) While it may sound simple and obvious, unfortunately, most social networks do not allow you to get the user's profile URL. There's a lot of reasons for this, but one is because admins started spying on their users (similar to what you're saying with 'check users when needed'). Facebook disabled this ability to get profile URLs back in 2018. Others never had the ability. There probably are some networks that we could fetch the URL from, but it's very inconsistent, so we don't do it.

This is Facebook's announcement post of the change:

Disabling the ability to resolve the app-scoped user ID (ASID) returned by Facebook Login to a Facebook profile page, even for logged-in users.

Prior to this, we did link the profile icon in the user map to the user's profile...

I hope that helps with some background.

1 month 1 week ago #68494 by joomleb
Hi Alex,

2 - Thank You. We'll stay tuned here...

3 - Awful. We are suffering a critical  massive Fake Users Registrations (hundreds registrations, this is the first report on HikaShop  and on next hours we'll update it with more details and probably we'll move it to Joomla GitHub). Sometimes they are using Fake Facebook / Google Users Profiles to Register.
To "spy" the new Users Profiles would be too useful to understand malicious intentions. Please, Do you know if there is a "manual workaround" to discover the Social Profile Page of the connected users ?
Support Specialist
1 month 1 week ago - 1 month 1 week ago #68495 by mel

We're still investigating the cause of an error after de-authorizing an app, but I wanted to respond to your other 2 questions.

There are two different ways that I found to deauthorize the user. In a Facebook profile > Settings > Security & Login > go to the App that was authorized and either A. click "View and Edit" and remove from there or B. just hit the remove button. I just tested again and I did not receive the Please try again error as before, so maybe that was just an api fluke.

* If the mapped user is not logged into your Joomla site, they will be prompted to accept the app again when they click the login with FB button on the next login.
* If they're logged into the Joomla site already, they will not be prompted to accept until the next FB login. The "Connect" button in SCLogin will not be displayed if the deauthorizeUser callback is performed.

After talking with Alex, it seems as we're just turning the Authorize bit to 0 in the usermap area, but not doing anything with it except display it in the backend. We do not delete the mapping to the FB user, because the user can choose to log in and accept the app again and we don't mess around when mapping the "new" connection and accidentally creating a new Joomla user depending on the website's JFBConnect configuration setting.

Hope this clarifies things for the authorize user.
Last edit: 1 month 1 week ago by mel.
3 weeks 3 days ago #68502 by joomleb
Hi Mel, 
Thank You for the useful info.

Maybe could be useful an email notification when deauthorizeUser callback is performed or any type of alert into the JFBC, Do you agree ?
Support Specialist
2 weeks 5 days ago #68504 by alzander
It's not a bad idea and likely pretty straightforward to implement. Sending an email is not difficult. However, when we implemented the deauthorize callback functionality, we assumed other social networks would have similar notification functionality at some point... that never happened.

Can you let us know what you'd do when you received such a notification? I'm mainly asking because we haven't had many users discuss this functionality. It's helpful for us to know why the email is useful for us to implement it. If it's just 'to know' that someone deauthorized without much to do in response, then I'm not sure if it's something we'd add. If there's a really good use case, we'd like to know that as well if there's something we could implement for a better experience.

Social Stream
Hide. Seek. Play!

Countdown Hide & Seek Game

Countdown, the new hide & seek toy, is available now! Designed and developed by the founders of SourceCoast, it's the perfect toy to get your kids moving at all ages.

Get the Hide and Seek Toy on Amazon