prevent asymmetric facebook session management with flag #28
Conversation
| throws java.text.ParseException { | ||
| if (authData == null) { | ||
| if (authData == null && !isFacebookLoginScopeExternallyManaged) { |
There was a problem hiding this comment.
Perhaps we should not logout from FB when calling with authData null. What’s the behavior on the iOS repo? We try to have them consistent if possible. Also who calls that with null? When linking fails right?
There was a problem hiding this comment.
I'll check regarding the iOS repo, but authData==null occurs on a logout flow (which is triggered from a login flow).
There was a problem hiding this comment.
But yes if we could just remove this logout all together, then I wouldn't need my flag at all.
|
@rogerhu what are your thoughts? @mitchymitch is a colleague of mine. |
Codecov Report
@@ Coverage Diff @@
## master #28 +/- ##
============================================
+ Coverage 57.3% 57.69% +0.38%
- Complexity 35 36 +1
============================================
Files 2 2
Lines 178 182 +4
Branches 18 19 +1
============================================
+ Hits 102 105 +3
- Misses 69 70 +1
Partials 7 7
Continue to review full report at Codecov.
|
|
@flovilmart I'm inclined to say that setAuthData() shouldn't have the side effect of logging out... may add a deprecated warning if someone passes a null to indicate that this behavior has changed. |
|
This will yield a lot a warnings. My main concern is that the current behavior is the same as on iOS, so I’m unsure about the Fox and the potential side effects on existing installations. Otherwise, that’s your call @rogerhu. |
|
Does the iOS logout too if authData is null? |
|
you'll need to rebase anyways given the set of changes... my question is still how iOS handles authData null.. |
|
@mitchymitch How did you get the user you provided to |
|
@jyoon17 with ParseUser.enableAutomaticUser(); |
@jyoon17 you're right - in a way. I don't think its intended behaviour though to log out of Facebook if I call linkInBackground(user) & then logInInBackground(token), since using logInInBackground(fbtoken) assumes YOU are the one responsible for the FB lifecycle. I'm curious how else people are using logInInBackground, since it seems pretty useless unless I'm not reading the code properly. |
build.gradle
Outdated
| @@ -4,7 +4,7 @@ buildscript { | |||
| jcenter() | |||
| } | |||
| dependencies { | |||
| classpath 'com.android.tools.build:gradle:2.3.2' | |||
| classpath 'com.android.tools.build:gradle:3.0.0-rc2' | |||
I was running into the following issue:
I was acquiring my facebook accessToken and then linking with
ParseFacebookUtils.linkInBackground(...). Then, if I had already linked with that Facebook id, I was getting a 208 code. In that case, I then have to useParseFacebookUtils.logInInBackground(...)to retrieve that old linked ParseUser. The problem is,logInInBackgroundwill log me out of Facebook, even though I'm supplying my own accessToken.Logic tells me, that if I'm supplying my own accessToken, its erroneous for it to assume its managing the lifecycle of my accessToken.
My Solution: I added a flag to track the cases (only 2) where the accessToken is acquired/expired externally to stop it from thinking it has to log you out.
Another Solution: Do we ever need to explicitly logout of Facebook? This could allow us to remove this flag.