Facebook Login – auth.login issues

Recently I ran into this issue related to facebook login. I am using the new facebook JS SDK . The auth.login event which is meant to be fired on the status change (when the user makes a successful login attempt to your site as FB documentations puts it forward) was firing at page load if the user is already logged in facebook. As a result the user was being logged into my site even if he does not want to.

A little bit in detail…

As facebook documentations cite, a user has three possible statuses (https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/)

  1. the user is logged into Facebook and has authenticated your application (connected)
  2. the user is logged into Facebook but has not authenticated your application (not_authorized)
  3. the user is not logged into Facebook at this time and so they don’t know if they’ve authenticated your application or not (unknown)

I was expecting the auth.login event (https://developers.facebook.com/docs/reference/javascript/FB.Event.subscribe/) to be fired as a callback when the user logs into my application using facebook (no matter what is/her status is), but the problem I ran into was , in the first case cited above, the user was automatically getting logged in when he/she accesses the website. The reason for it was, the auth.login event handler was initiated at page load and even if the users status is connected already (as in the first case) my application context was considering it as a status change (when the response object is returned with status connected) and executing my custom function inside the auth.login event handler. Bottom-line, event which is expected to fire when the user makes an attempt to login was firing at page load. The confusion in the context was the facebook JS SDK has 2-3 functions which does the similar thing.

  • auth.login - fired when the auth status changes to connected
  • auth.authResponseChange - fired when the authResponse changes
  • auth.statusChange - fired when the status changes (see FB.getLoginStatus for additional information on what this means)

I googled a bit and found out this being reported as a bug with no reliable replies from the facebook team. https://developers.facebook.com/bugs/409994342377303/

So I thought of resolving the issue by myself. I tried many ways to avoid the auth.login event firing at page load but in what ever way I tried, I was with no success if the event handler was initiated at page load. So I thought of an alternative, I had this FB.getLoginStatus at page load, so I initiated the auth.login event handler inside this function and this solved my problem.

I am still confused how the problem got solved especially since the event was not firing at its expected context. But in my view when the event handler was put inside the FB.getLoginStatus function the custom function was only getting bound to the event and not getting executed whereas  when it was in page load the function was getting executed.

Note: In my website, I was getting the connection status on page load and if the user is already connected I was showing a message like “You are logged in facebook. Click here to access your massbaab account using facebook. “, so when the user clicks on the “click here” link , he will get logged into my application.

Please see it in action here http://www.massbaab.com


About Anoop KC - baabte System Technologies