Jump to content

Facebook connect just for registered members


Owdy
 Share

Recommended Posts

It is against Facebook's rules. As we've explained.

You have 2 general options

1) Allow Facebook Connect. Their guidelines state that if you allow FBC, you must make it a seamless "login" process. You cannot ask for additional information during the process, nor can you treat the user using Facebook Connect differently than a locally registered/logged in use.

2) Don't use FBC. Then you don't have to adhere to their rules.


Unfortunately, you can't pick and choose which FBC guidelines you're going to follow. Either you have to follow them all, or don't use their API. :)

Link to comment
Share on other sites


1) Allow Facebook Connect. Their guidelines state that if you allow FBC, you must make it a seamless "login" process. You cannot ask for additional information during the process, nor can you treat the user using Facebook Connect differently than a locally registered/logged in use.



Based on their new rules (guidelines), can't you require that they give permission for you to know their true email address?
Link to comment
Share on other sites

Well that's stupid. That's like a major opening for spammers to be able to circumvent security measures. Follow their rules, does it permit obtaining their email address temporarily (so that it can be compared to an internal search) to prevent someone from registering multiple accounts, circumventing bans, etc?

Link to comment
Share on other sites

So basically, FaceBook is saying, "You may use our connection system so long as you surrender any form of security or protection against abuse..."

That's going to come back to bite them in the rear end when their user base starts loading up with spammers using their service to get around security measures of other sites.

Link to comment
Share on other sites

What they're essentially saying is "you may use Connect, provided you trust that our security is up to the task of preventing undesirables getting through".

Annoyingly, you can't even force a Connect member to read your Terms of Service. Facebook insists that if you Connect with a site you agree with that site's ToS, but the site isn't allowed to make you read it - which I would assume means you can plead ignorance if you violate it in some way.

Link to comment
Share on other sites

I believe you can give a link to your TOS when setting up Facebook Connect, however, and Facebook supplies that link on the "do you wish to allow site x to access your info" screen.

Facebook does allow you to retrieve the real email address now, but the user has to allow it. Will see if Matt can clear this up a little, since he knows more about it.

Link to comment
Share on other sites

  • Management

Just to clarify:

Facebook Connect guidelines want you to click their button, perform any Facebook log in and then appear as a member on the site. You may not request any additional information during the "log in" process and you cannot limit it to current members. It may be called "Facebook Connect" but it is not really designed to "connect" a forum account to a Facebook account.

Any sites that do perform additional tasks have a special arrangement with Facebook. I believe Digg.com asks for a display name during the "log in" process but they can do that as they have a special arrangement.

Facebook have recently introduced a new permission mask for requiring the user's real email address. As with all permission requests, a dialogue box appears asking the user to grant permission. They can decline if they wish and you will get their proxy email address. Assuming they accept, then the real email address is stored. IP.Board 3.1 makes use of this.

Existing connected members will need to revoke permission for emails and then re-accept the new one. I have yet to figure out an elegant way of doing that.

Link to comment
Share on other sites


You may not request any additional information during the "log in" process and you cannot limit it to current members.


Just wondering, but what if you are no longer accepting new registrations? Does that mean that if you use FBC, that you must accept new members despite this?
Link to comment
Share on other sites

You have to change how you look at FBC. Facebook wants you to consider when someone uses FBC that they are logging in, NOT registering. Essentially, you have your membership database, plus Facebook's. Anyone that is a Facebook user doesn't register at your site, they login to your site, using their existing Facebook login.

Link to comment
Share on other sites

Just testing the Facebook Connect on this site :) - It saves joining up to several forums you be on, Facebook Connect allows (non techies) who only go on Facebook and nothing else to feel safer around other sites.

Some internet users might use facebook but nothing else. I have logged into here using FC - now am I a member of the forum or am I just a facebook user on the forum?

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...