search

mediapop / django-friendface

Getting Facebook to work for Django.
2 stars 0 forks source link

Mobile authentication and tablets #87

Open gaqzi opened 11 years ago

gaqzi commented 11 years ago

The iPad and other tablets can access tabs on Facebook pages.

This means they don't get touched by the current mobile workflow and thus gets redirected back to http://apps.facebook.com/[...] when the auth is done. Facebook doesn't like this when it's an app and will raise a misconfigured error.

Example:

[07/Sep/2013 20:45:29] "POST /campaign/details/ HTTP/1.0" 302 0
[07/Sep/2013 20:45:29] "GET /facebook/application/421946217920154/authorize/?next=%2Fcampaign%2F HTTP/1.0" 200 245
[07/Sep/2013 20:45:32] "GET /facebook/authorization/138/authorized/?code=<snip> HTTP/1.0" 200 71
[07/Sep/2013 20:45:33] "GET /campaign/ HTTP/1.0" 200 210817

The very last request then redirects the user to https://apps.facebook.com/ instead of the mobile url for the app.

My suggested change is to have friendface rely on a middleware for mobile detection in the FacebookAppAuthMixin. If the middleware sets is_mobile to True then the mixin wil itself set is_facebook_mobile to True and then the normal mobile workflow will ensue.

I know you @Celc has been against relying on a mobile detection middleware, since we could rely on Facebook to always tell us when the user is mobile by sending them to the mobile URLs.

I've used a modified middleware from django-mobile for m14everyone and it seems to be working well. So I'll package that up as django-mobile-detection-middleware and change it to set is_mobile on request.

I'll add a pull request here that takes those changes in as on the app auth mixin. This will not force mobile detection on anyone, it won't work without the middleware. Unless we should start bundling the middleware with friendface?

Thoughts?

gaqzi commented 11 years ago

Think I'll use this django-mobi for mobile instead and change it from request.is_mobile to request.mobile. Also has detection for tablets in case that'd be needed as some point.

kitsunde commented 11 years ago

How come you changed to mobile? request.is_secure() and request.is_ajax() seem to be the established convention.

kitsunde commented 11 years ago

I'm having trouble understanding the misconfiguration issue.

Also why is it a problem that tablets can visit tabs, isn't that a good thing? Or is it that the client wants to force tablets to mobile, in which case we want to override the normal behavior?

gaqzi commented 11 years ago

@Celc The latter.I don't remember exactly how it all went, but there was some step in the login that failed when the user was visiting the tab for the first time on a tablet.

When all the redirects were done it was then sent over to apps.facebook.com, which in turn sent the user to the mobile version of the app. And that caused another redirect and Facebook spat out a misconfigured error because we were telling the mobile version to use the desktop version of apps.facebook.com.