Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 2.5 Support (CLOSED)
  7. Suggestion: Deauthorize Callback handling

Topic-icon Suggestion: Deauthorize Callback handling

Active Subscriptions:

None
12 years 8 months ago #12256 by fb_100000157901698
I am writing code to deal with FB Deauthorize Callbacks (in my case, I'll be deleting all users data from Joomla database related to this user).

It just stroke my mind: JFBConnect doesn't have any configuration options on this... maybe for most users, a simple solution could be implemented, kind of "What do ya wanna do when some infortunate deauthorizes your app? a) leave it alone, b) block the user, c) delete the user, d) have a couple of big ugly thugs beat him up"

ok, I agree... option d) is not good user experience, but the rest it is feasible, right? :D
The topic has been locked.
Support Specialist
12 years 8 months ago #12261 by alzander
Yeah.. we've avoided the de-authorization issue for a few reasons.. but agree, it's something we need to look into.

Basically, most of what we do right now is 'pulling' data from Facebook for the current user. Since that means the user has given authorization to do this, it's no big deal. If the user de-authorizes the app, then they specifically can't login through Facebook (or else they have to re-authorize) and therefore, our 'pulling' functionality will simply not work as if it's just a normal Joomla user.

Since we also create a normal Joomla user, we never liked the idea of blocking or deleting the account, because yes, it's an admin's choice. So, yes, I can see adding it at some point to give the a) and b) option. As for c), it's easy to implement as well, but much tougher because deleting the user from Joomla doesn't always do what you want it to do unless there are good User plugins for every extension to handle the delete. Most do this, but some don't which is where the problem would be.

Now that you mention it though, I like D) the best, and we'd probably make that default if we implement it. :)

If you need help implementing the de-authorize, just let us know. It shouldn't be that difficult, and again, something we'll probably add.. so if you're working on it, we can do it together and just get it ready for a future release.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
12 years 8 months ago #12282 by fb_100000157901698
The coding for this is quite straight forward. But we all know that are a big deal of users that can go so far the components go... they simply don't know or don't want to write a single line of code (it puzzles me how can one have a Joomla site exclusively on components and modules... at some point, coding is a must).

Anyway, for privacy issues, blocking or deleting users is a necessity.

Blocking is the easy part and yes, deleting is more complicated. You can only guess that, if JS or CB plugins are active, certain records should be deleted in certain tables (or some delete method can be called on either JS or CB). You probably will never be able to find a 100% reliable way to delete records from other specific / custom components integration... but, that should not be an issue: if someone is able to create a plugin (like I did) to integrate JFBConnect with components other than JS and CB, for sure can handle the deauthorization by him/herself.

I am just (and as a tip for any newbie Joomla programmers like myself):
    grabbing the FB userid from the FB signed_request via the deauthorize callback
    getting the corresponent Joomla userid from table #__jfbconnect_user_map
    deleting the user via JUser::delete()
    deleting the corresponding record from table #__jfbconnect_user_map
    deleting records from my component's tables


As I said, it is quite straight forward.
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 2.5 Support (CLOSED)
  7. Suggestion: Deauthorize Callback handling
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS