I’m using the Facebook C# SDK to allow users to log in to my site using Facebook.
To log out, I can use fb.logout, but this logs the user out of facebook as well as my site, which seems really annoying and unnecessary for the user.
I’m pretty confident that they don’t have to log out of Facebook when they log out of my site, as digg.com provides exactly the functionality I’m after – log in and out with facebook, without logging the user out of their Facebook account.
Here’s the code I’m using for the log in/out:
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function () {
FB.init({
appId: 'XXXXXXXXXXXX', // App ID
status: true, // check login status
cookie: true, // enable cookies to allow the server to access the session
xfbml: true // parse XFBML
});
// Handle successful log in.
FB.Event.subscribe('auth.authResponseChange', function (response) {
if (response.status === 'connected') {
// the user is logged in and has authenticated your
// app, and response.authResponse supplies
// the user's ID, a valid access token, a signed
// request, and the time the access token
// and signed request each expire
var uid = response.authResponse.userID;
var accessToken = response.authResponse.accessToken;
// Handle the access token
// Do a post to the server to finish the logon
// This is a form post since we don't want to use AJAX
var form = document.createElement("form");
form.setAttribute("method", 'post');
form.setAttribute("action", '/login.aspx');
var field = document.createElement("input");
field.setAttribute("type", "hidden");
field.setAttribute("name", 'accessToken');
field.setAttribute("value", accessToken);
form.appendChild(field);
document.body.appendChild(form);
form.submit();
} else if (response.status === 'not_authorized') {
// the user is logged in to Facebook,
// but has not authenticated your app
alert("Logged in to facebook but not authenticated MT");
} else {
// the user isn't logged in to Facebook.
}
});
};
// Load the SDK Asynchronously
(function (d) {
var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0];
if (d.getElementById(id)) { return; }
js = d.createElement('script'); js.id = id; js.async = true;
js.src = "//connect.facebook.net/en_US/all.js";
ref.parentNode.insertBefore(js, ref);
} (document));
</script>
<div class="fb-login-button" autologoutlink="true"></div>
You’ll see that when the user logs in, I redirect to /login.aspx, which provides my site’s login functionality (using .net authentication), and also saves the accesstoken to a session for use during the user’s session.
I need the log out button to do the same thing, but in reverse, without logging the user out of facebook altogether.
I’ve looked for hours online, but can’t seem to find any way of calling fb.logout without logging the user out of their facebook account too. If digg.com can do it, I must be able to as well, surely?
Many thanks,
Paul
Facebook Platform Policies say otherwise – section I. Features and Functionality, #6: