This page is a step-by-step guide for the process of opening and setting up an external application in Facebook as part of the Gigya Setup process.
- See A Note on Facebook API Versions below for a discussion of migrating your existing apps from Facebook API v1 to v2.
- To receive assistance from the Gigya team with your app's configuration, see Providing Gigya Access to Your Facebook App Settings.
Domain references are defined in Gigya's dashboard, externally in social network app definition pages, and when using Gigya's SDKs to set the domain (in particular the APIDomain field in class GSRequest).
Phase 1 - Opening the Application in Facebook
Log into your Facebook account.
- Open the Facebook developer's page at: https://developers.facebook.com/apps?ref=mb.
- In the top menu, click on "Apps" and select "Add a new app".
- In the "Add a New App" box, click on the "Website" icon.
- In the "Quick Start for Website" wizard, click on the "Skip and Create App ID" button in the top-right corner.
- In the "Create a New App ID" box:
- Enter your application's "Display Name". This is the name Facebook shows its users when referring to your app (see Required Assets for an example).
- Enter a name in the "Namespace" field (7 chars minimum, numbers are not allowed). This is the URL of your app within Facebook.
- Select a category for your app. For more information about categories see https://developers.facebook.com/docs/games/appcenter/categories.
- Make sure you review the "Facebook Platform Policies" at https://developers.facebook.com/policy/.
- When you are done, click on "Create App ID".
- Enter the Captcha and press 'Submit'. Note that after pressing submit, you receive no confirmation of a successful submit and the Captcha remains open.
- Click on the "Settings" button on the left.
- Copy the "App ID" and the "App Secret" strings (you will need to paste them in Gigya's website, as described in phase 2), use the Show button to see the "App Secret".
- Enter your site's domain in the "App Domains" field. These are the domains within which OAuth will authorize your app to view data. For example, if you use the CNAME "login.mysite.com", the "App Domains" field must contain "mysite.com".
- Click on the "Add Platform" button at the bottom of the Settings box and select "Website".
- Enter your website's address in the "Site URL" and your mobile site (if available) , then click "Save Changes".
- If you are defining an Android app for Facebook:
Click the "+Add Platform" button and add an "Android" platform. You will need to enter your Android app's "Package Name" and the "Class Name" of its Main Activity as well as the app's key hash. The key hash is a unique app identifier generated with the Java keytool utility: for more information about this and setting up Android apps for Facebook see https://developers.facebook.com/docs/android/getting-started). Note that Android apps can be added at a later stage by updating the Facebook app and going to the "Settings" button's "Basic" tab (https://developers.facebook.com/apps/621977507869949/settings/basic/).
- Select the "Advanced" tab of the Settings page:
- Set "Native or desktop app?" to "No".
- Set "App Restrictions" as you require.
- In the "Security" section of the "Advanced" tab set the following:
- Set the "Client OAuth Login" to Yes.
- In the "Valid OAuth redirect URIs" enter:
- If you are not using a CNAME for the connection to Gigya then in the "Valid OAuth redirect URIs" enter:
- Apps not using a CNAME are unable to share to Facebook.
- If your site is defined under one of Gigya's non-US data centers, replace socialize.gigya.com with socialize.<DC>.gigya.com (e.g. socialize.eu1.gigya.com for europe). Contact your IM to find out the region of your Data center.
- To forcibly sign a user out of Facebook in socialize.logout, socialize.removeConnection or accounts.logout, the "Valid OAuth redirect URI" must match the name of your site.
- Make sure your domain is included in the list of valid OAuth redirect URIs.
If you do turn on the "Stream post URL security" option, you will need to disable Gigya's URL shortening service. To do this set the shortURLs parameter to "never" in the Global Conf object (for details see Global Conf).
- Click the blue "Save Changes" button.
- Click on the "App Details" button on the left. For an explanation of the "App Details" fields see https://developers.facebook.com/docs/games/appcenter/guidelines.
- In the "App Info" section enter a short and long description for your app, a tagline and explanation for the permissions you require from the user. For more information on Gigya's use of Facebook permissions see our permissions page.
- The app "Category" can be changed in this section. For more information about categories see https://developers.facebook.com/docs/games/appcenter/categories.
- In the "App Center Listed Platform" section, set Website to "Yes".
- Enter icons, banners, screenshots and videos in the relevant sections. For Facebook information on the requirements see https://developers.facebook.com/docs/games/appcenter/guidelines. The minimum requirements for these sections are:
- Icons section - At least a logo
- Banners section - At least a web banner and cover image.
- Screenshots - At least 3 screenshots are required.
- Click the "Localize" button on the left if you want to configure your app's details for viewing in other languages.
- Optional: Facebook provide an option to request public approval of your app. Note that this may take some time and is not required for logging in with Facebook.
- If you do want to get Facebook approval, click on the "Status & Review" button on the left, set your app to be available to the general public (unless it is still being tested) and then click "Start a submission":
- A dialog box will open for you to select the Apps to be included in the submission (more than one app may be submitted at once).
- A red triangle will appear next to "Status & Review" and any sections where additions are required. If you click on the App Details button, a message will tell you what items are missing.
- Optional: You can ask for login permissions beyond the basic ones. This will need to be submitted for approval by FB. Full list of additional permissions can be found here.
- If you want to ask for login permissions beyond the basic ones (email, public_profile and user_friends are the basic), you will need to include additional permissions by clicking on the "Add Items to this Submission" link.
- A pop-up window with a list of permissions will appear for you to select additional permissions. Select the additional items and click 'Add items'.
- You then need to click on the "Add Notes" link for each of the additional permissions.
- After you click on 'Add Notes' you need to enter the following information for each item, and click 'save'.
- In addition, on the Review Submission Form, you must upload a minimum of four screenshots that shows how the site is using Facebook in the app.
- Click the "Submit for Review" button to submit the app for approval.
Optional Settings (For Advanced Users)
Using Graph Actions
Facebook's Graph API allows you to publish stories on your users' Facebook timelines, describing actions users have performed in your website, such as "Jane Smith reviewed a recipe on Daily Recipe". You may use Facebook's Graph API through the Gigya API with the socialize.facebookGraphOperation API method.
To publish Graph stories, you must first:
- Set up a Facebook app as described in the previous section.
- Check the "Enable publishing user actions" check box in the Site Setup > Permissions page on Gigya's website.
- Define objects on your website using HTML meta tags, as described in Actions and Objects.
- Test all of the actions you intend to publish using your app. You cannot ask for approval for actions until you have used them at least once from your app.
- Submit your app for approval, including all actions you intend to use, as described in Submit Your Actions for Review.
- During the Social Login process in your website, the user will be presented with a Facebook dialog in which they can authorize your application to publish actions
Facebook's guide to Custom Stories on the Web provides a general introduction to stories and actions and describes the review process for apps that use Graph actions.
For further details of the review process, see Story Submission Process.
For a reference on Graph actions, see Using Actions.
If you plan to use the Facebook Canvas Page, you have to define it here and then enable it in the Gigya settings (see Facebook External Application Canvas Page).
- Click the "Settings" button on the left.
- Click the "+ Add platform" button at the bottom of the Basic Settings box and select "Facebook Canvas".
- In the "Canvas URL" field, paste: http://<CNAME>/GS/SNLink.aspx?appid=<appid>
Note that you cannot use a specific HTML page as a canvas URL (use http://www.yoursite.com/canvas/, not http://www.yoursite.com/canvas.html).
If you are not using a CNAME, paste http://socialize.gigya.com/GS/SNLink.aspx ?appId=<appid> in "Canvas URL" and https://socialize.gigya.com/GS/SNLink.aspx?appId=<appid>in "Secure Canvas URL".
<appid> must be replaced with your App ID which is located at the top of the page.
If your site is defined under one of Gigya's non-US data centers, replace socialize.gigya.com with socialize.<DC>.gigya.com (e.g. socialize.eu1.gigya.com for europe). Contact your IM to find out the region of your Data center.
- Click the "Save Changes" button.
If you are using a CNAME and would like to redirect users to other servers (i.e. for geographic distribution of load) and enable OAuth on additional subdomains, add your subdomains in the 'App Domain' field:
- Click the "Settings" button on the left.
- Enter your domain names in the "App Domains" field.
- Click the "Save Changes" button.
Phase 2 - Configuring Facebook's Application Keys in Gigya's Website
- If you are not logged into Gigya, go to http://www.gigya.com/ and sign in. Then go to the Gigya Dashboard.
- Press the "Site Settings" button that corresponds to the domain you wish to configure. You will be redirected to the "Site Settings" page.
- select 'providers configuration' on the left hand side menu and click on 'Facebook'
- Paste your keys (the "Secret Key" and the "Application Id" from the end of phase 1) in the corresponding places:
- Select a Facebook API version to use with your app (Read more about Facebook API versions and permissions here).
- If you are using a CNAME, make sure to check the 'Enable CName' checkbox in the Facebook configuration window.
- Enable native SDK capabilities. Requires that your domain was entered in the "Valid OAuth redirect URIs" (see stages 10-16 above).
- If you are defining a canvas application, enter the canvas page url you defined in Facebook.
- Click the "Save Settings" button (located at the lower right-hand corner of the page).
To ensure smooth functionality, it is recommended that all of your Facebook apps use the same version of the Facebook API. Note that API v1 has been deprecated and cannot be used to create new apps: all Facebook apps created after April 30, 2014 are automatically assigned API v2 (see the Facebook upgrade guide). Therefore, if you create a new app, it will use v2, and if you have older apps that use v1, you should upgrade them to match the new app.
The upgrade may be mandatory for users of Single Sign-On, which requires that all sites in a group use the same API version. An app can use API v1 only as long as all the sites in your group are using v1. If you add a new site, with an app created after April 30, you must upgrade all the apps in the group to v2.
Thanks to Gigya's support for backwards compatibility, you can upgrade an app's API version without changing the app's implementation. Simply go to the "Facebook Configuration" dialog for the app and select the newer API version, as seen in step 4 above.
Differences you should expect when switching from v1 to v2 include:
- In v2, when logging into Facebook, you receive fewer properties from the Facebook profile by default. To get more properties by default, use the app configuration page on Facebook to request additional permissions. For more information about permissions in v1 and v2, see Facebook Permissions.
- The getFriendsInfo method now returns only those friends of the user who have granted permissions to your application on Facebook. However, the friend count property still reflects the user's actual number of friends.
Note that, while Facebook has also released Graph API v2.1 and v2.2, the availability of these versions does not affect your apps and does not require any further action on your part.
Phase 3 - Setting Up Your Facebook For Business Account
Facebook issues app-scoped user IDs to users who register to your app, meaning that a 'providerUID' obtained from Facebook is only valid in the scope of that particular app. Since each app is associated with a single site, clients with multiple sites are recommended to create a business account in Facebook in order to bind users' data from all sites under a single business entity. This step can be preformed at any point, and any existing Facebook app can be bound to the business entity that you create.
Once you set up your business entity on Facebook, any user that registers to multiple sites is recognized across your different sites and his social data can be aggregated under a single identity. Gigya automatically recognizes your business and associates it to all of your apps, so no further configuration is needed other than setting up your Facebook business entity and associating all of your Facebook apps to your business.
App-scoped data can be obtained via the the identity object. The identity holds an array called 'mappedProviderUIDs' which contains pairs of Facebook 'Users ID' and the site API key that uses the associated app.
Make sure that all of your Facebook apps are using the same Facebook API version (see A Note on Facebook API Versions above).
That's it, Facebook configuration is complete! Please note that it might take up to 10 minutes for our system to become synchronized with Facebook.