views:

1396

answers:

4

Exactly what the title says. Is it possible to use Facebook Connect (or any other means of FB integration) in a native iPhone app without resorting to the built in login dialog (which looks awful)? Something where I could create my own custom login screen asking for the facebook login username and password and then using the fbconnect native methods to validate that info and retrieve a valid session?

+2  A: 

When I looked into Facebook Connect, they seemed pretty stringent on their API and any mods you might want to make. Not once is there any mention on facebook.com/x of customizing the interface so I think you have to stick with what they've approved.

DysonApps
facebook is not yours, it's theirs, so if you're going to live in their house and use their code you need to play by their rules. If you don't like it, roll your own api over http with the native framework classes
slf
@slf: I am aware of that. That's why I am asking if anyone knows of an alternative way with an already existing api which makes use of the services that FB exposes, and it seems so far that the answer is 'no'...
boliva
A: 

Which would be wonderful if the log-in dialog actually carried out basic form validation at least. You can submit the form without filling in either your email address or password. Shoddy, shoddy, UI work.

iPhoneDevDude
+2  A: 

Yes and no.

Facebook uses delegated auth to have your application connect with it. Therefore, the user is intended to put their password into something "trusted" (e.g. the Facebook login page) so that your app doesn't actually see it, and only gets the key as a result. The idea is that users are thus trained to not trust other web pages/apps with their password.

Therefore, FB provides this web popup in their FBConnect library, with no other explicit way of turning a user's credentials into a session.

That said, and I'll answer your technical question since it's a legit question; you could do what you wanted by creating an offscreen UIWebView, hosting whatever the FB login URL is in that web view, and injecting Javascript into the page using stringByEvaluatingJavaScriptFromString:. That Javascript could take the username/password, fill out the form, and submit it, without the user ever seeing it. Read the FBConnect library code to understand what URL to use, and what to do with the result of submitting the page-- you could wire that back through into the library.

Doing this is (1) fragile, since you'll have to rely on IDs and stuff that can/will change to defeat just such techniques and (2) likely violates terms of use for FB Connect and of course is (3) not great for the health of auth on the web in general, since it doesn't reinforce that users should not trust 3rd parties with their passwords.

And it should absolutely go without saying that if you go it alone and give users a better-looking auth experience, never, ever store or do anything with their credentials besides giving them to Facebook.

quixoto
@quixoto: I have thought of doing something similar myself, but as you say, it could break at any moment.
boliva
Unfortunately I don't believe you'll find a solution that's more stable than this; Facebook's delegated auth is the way that they let you authenticate with them-- you can wrap up that web interaction in a hidden view, or do it manually using an NSURLConnection socket with a whole bunch of smart heuristics to find the right fields, etc, but no matter what, you're going to be fragile at some level since they don't guarantee anything about the internals except that the auth URL will stay the same.
quixoto
+2  A: 

Don't do it. This is against policy, and your application will get shut down for it. Like quixoto suggested, this is because we do not want to train users into typing in their password in random places, and because the user has not confirmed the action as per our UX requirements. We are currently working on a redesign of these dialogs to make them prettier.

daaku
Thanks daaku. This is a really old question (in dev time), but since you seem to be an official FBConnect developer (or to have some sort of authority on it) I gladly accept your answer.
boliva
Heh - yeah, I only started looking at Stack Overflow recently :)
daaku