As of August 1st, 2018, Facebook has deprecated the publish_actions scope. You should remove this scope from all of your Facebook apps to avoid warning messages and update any implementations that rely on it. For more information, see Changes That May Require Your Action.
As of October 6th, 2018, Facebook will no longer allow their Login app to be hosted on a non-HTTPS/HSTS page. All Facebook Login instances will require HTTPS on this date.
This page is a step-by-step guide for the process of opening and setting up an external desktop web application in Facebook as part of the Gigya Setup process.
For instructions pertaining to setting up a Facebook app for mobile devices, please see our Mobile SDKs section.
To receive assistance from the Gigya team with your app's configuration, see Providing Gigya Access to Your Facebook App Settings .
Phase 1 - Opening the Application in Facebook
Log into your Facebook account.
- Open the Facebook developer's page at: https://developers.facebook.com/.
- In the top menu, click on "Apps" and select "Add a new app".
- In the popup, enter the Display Name for your new app and press Create New Facebook App ID.
- In the Create a New App ID popup:
- Enter your Contact Email address.
- If this is a test version of another app select Yes from the options.
- Select a category for your app.
When you are done, click on "Create App ID" (and complete any required CAPTCHAs).
Make sure you review the "Facebook Platform Policies" at https://developers.facebook.com/policy/.
- For Facebook Login, locate the Facebook Login app from the Products section and press Get Started.
- Enter your site's domain in the "App Domains" field. These are the domains within which OAuth will authorize your app to view data. For example, if you use the CNAME "login.mysite.com", the "App Domains" field must contain "mysite.com".
- Your Contact Email should be filled in from the first step of the App process. If it is not, you will need to enter it here, this is required to activate your app to Live status.
Enter your website's address in the Site URL, then click Save, and then Continue.
If your website does not implement SSL (https), also enter:
- Apps not using a CNAME are unable to share to Facebook.
- If your site is defined under one of Gigya's non-US data centers, replace socialize.gigya.com with socialize.<DC>.gigya.com (e.g., socialize.eu1.gigya.com for Europe). If you are unsure of the data center associated with a particular API key, see Finding Your Data Center.
- To forcibly sign a user out of Facebook in socialize.logout, socialize.removeConnection or accounts.logout, the Valid OAuth redirect URI must match the name of your site.
Click the +Add Platform button at the bottom of the page and add an "Android" platform. You will need to enter your Android app's "Package Name" and the "Class Name" of its Main Activity as well as the app's key hash. The key hash is a unique app identifier generated with the Java keytool utility: for more information about this and setting up Android apps for Facebook see https://developers.facebook.com/docs/android/getting-started). Note that Android apps can be added at a later stage by updating the Facebook app and going to the "Settings" button's "Basic" tab (https://developers.facebook.com/apps/<YOUR-APP-ID>/settings/basic/). If you have an Amazon Appstore URL, you may enter that here also.
Set Native or desktop app? to "No".
- Set App Restrictions as you require.
If you are creating a Canvas App, click +Add Platform at the bottom of the Settings page again and select Facebook Canvas.For an explanation of the App Info > Details fields see https://developers.facebook.com/docs/games/appcenter/guidelines.
The Following information, through Step 20, only applies if you want your app available via the Facebook App Store.
- To access the App Center options, you must click the +Add Product button from the left menu and add the App Center option to your app.
- In the App Center tab's App Info section enter a short and long description for your app, and tagline. For more information on Gigya's use of Facebook permissions see our permissions page.
- The app Category can be changed in this section.
- Icons section - At least a logo.
- Banners section - At least a web banner and cover image.
- Screenshots - At least 3 screenshots are required.
- If you do want to get Facebook approval, click on the App Review tab on the left, set your app to be available to the general public (unless it is still being tested).
- To request a formal review for extended permissions, click Start a Submission:
- A dialog box will open for you to select the Apps to be included in the submission (more than one app may be submitted at once).
- If you want to ask for login permissions beyond the basic ones (email, public_profile and user_friends are the basic).
- You will then see the steps required to complete your submission. You will need to include screenshots and notes regarding your planned use of the new permissions:
- After you click on Edit Notes you need to complete the questionnaire that appears, which may look similar to the following, however, each permission you request has different requirements. For each specific permission you request, you will need to complete the corresponding Edit Notes section:
- Click the Save button to complete the Edit Notes section. For help with individual sections you can reference this page.
Recommended Best Practice for using Webhooks:
You can not setup custom Webhooks within a Facebook App connected to Gigya.Gigya uses Social Sync to monitor and track Facebook Webhooks. Gigya's Social Sync enables your user's account data to be automatically updated whenever your Facebook users update their profiles on Facebook; these changes will sync automatically to their existing accounts in Gigya.
The Gigya Platform uses a specific implementation of Facebook's Webhooks API. Facebook only allows a single Webhook used for subscription per application, so you can not use unique app specific settings in a Facebook application that is being used with Gigya.
Any custom settings within the Facebook Webhooks section of your app will be overwritten when you connect your app to Gigya in the following section: Phase 2 -Configuring Facebook's Application Keys in Gigya's Website, as well as anytime you make changes within the Gigya Console. For this reason you can not use custom Webhooks settings within your connected Facebook app.
When you configure your Facebook Provider Configuration in the Gigya Dashboard (below), the Webhooks settings in your Facebook app will be automatically configured (and overwritten if necessary) for integration with the Gigya Platform.
Gigya automatically subscribes to the following fields: birthday, books, education, email, first_name, hometown, last_name, likes, location, movies, music, name, religion and work.
In order to submit an app for approval, you must have previously used your app with the permissions you are requesting. You can do this by using Test Users. To set up Test Users, go to the Roles tab of the Facebook Dashboard and select Test Users.
You can create a test app for development that is a child of your live app, so that you can edit the configuration while leaving your current app live. To create a Test App, inside the Facebook Dashboard, select +Create Test App from the current app's Dashboard drop-down.
For more information, see the Facebook documentation at https://developers.facebook.com/docs/apps/test-apps.
Phase 2 - Configuring Facebook Application Keys in The Gigya Website
- Open the Providers Configuration page of Gigya's Console.
- From the list of main social networks, select Facebook.
- Paste your keys (the "Secret Key" and the "Application Id" from the end of phase 1) in the corresponding places:
- Enable native SDK capabilities is required to use cross-device SSO and auto login.
- Select Secure redirects only to allow only HTTPS redirects from Facebook.
- If you defined a canvas application in Facebook, enter its URL.
- Click OK, and then Save Settings at the lower right-hand corner of the page.
Phase 3 - Setting Up Your Facebook For Business Account
Facebook issues app-scoped user IDs to users who register to your app, meaning that a 'providerUID' obtained from Facebook is only valid in the scope of that particular app. Since each app is associated with a single site, clients with multiple sites are recommended to create a business account in Facebook in order to bind users' data from all sites under a single business entity. This step can be performed at any point, and any existing Facebook app can be bound to the business entity that you create.
Once you set up your business entity on Facebook, any user that registers to multiple sites is recognized across your different sites and his social data can be aggregated under a single identity. Gigya automatically recognizes your business and associates it to all of your apps, so no further configuration is needed other than setting up your Facebook business entity and associating all of your Facebook apps to your business.
App-scoped data can be obtained via the the identity object. The identity holds an array called 'mappedProviderUIDs' which contains pairs of Facebook 'Users ID' and the site API key that uses the associated app.
Make sure that all of your Facebook apps are using the same Facebook API version.
That's it, Facebook configuration is complete! Please note that it might take up to 10 minutes for our system to become synchronized with Facebook.