Authentication Provider - Facebook Setup Guide
Disclaimer THIS DOCUMENTATION AND ALL INFORMATION CONTAINED HEREIN ( MATERIAL ) IS PROVIDED FOR GENERAL INFORMATION PURPOSES ONLY. GLOBAL REACH AND ITS LICENSORS MAKE NO WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, WITH REGARD TO THE MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON- INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR THAT THE MATERIAL IS ERROR- FREE, ACCURATE OR RELIABLE. GLOBAL REACH RESERVES THE RIGHT TO MAKE CHANGES OR UPDATES TO THE MATERIAL AT ANY TIME. Limitation of Liability IN NO EVENT SHALL GLOBAL REACH BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES, OR DAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY YOU OR ANY THIRD PARTY, WHETHER IN AN ACTION IN CONTRACT OR TORT, ARISING FROM YOUR ACCESS TO, OR USE OF, THE MATERIAL. VERSION 1.1 PUBLISHED APRIL 2015 Page 2 of 12
Facebook Before you can start using a supported 3rd party authentication provider, you must first configure your gateway to allow access to the domains specified under Captive Portals >Your Captive Portal > General Info > Show Walled Garden IPs. The list shows only the IPs/domain names required for enabled authentication providers. A full list of all authentication providers IPs/domain names can be found at https://support.odyssys.net Details of how to whitelist IPs/domain names can be found in the configuration guide provided for your chosen gateway type at https://support.odyssys.net A Facebook account, upgraded to developer status. More information at: https://developers.facebook.com/docs/createdeveloper-account. Creating a Facebook App Go to https://developers.facebook.com/ Click Apps > Create a New App Click Apps > Create a New App. Fill in details as appropriate; Display Name and Category are mandatory. Now Create App ID Page 3 of 12
Basic App Setup We must tell Facebook to expect a request from your portal Go into Settings > Basic. Click Add Platform. Click Website Page 4 of 12
Copy the URL of your portal splash page, including portal ID (e.g. https://manager.odyssys.net/account/captiveportal/xxxxxx) into the Site URL and Mobile Site URL fields. Now enter manager.odyssys.net into the App Domains field. Also enter a relevant support email address into the Contact Email field. This is needed before the app can be switched to Public, and will be used in case users need support regarding the app. Click Save Changes. Setting the App live Go to Status & Review and change the setting Do you want to make this app and all its live features available to the general public? to Yes, then confirm in the pop-up. This prevents you having to add all testers to the Roles tab. Page 5 of 12
Linking Facebook App to Odyssys Manager If you have already created Facebook as an auth type in Odyssys you can edit the configuration as shown below to associate the api keys. If Facebook doesn t currently exist in the list of Authentication Providers, you can add it by navigating to your chosen Captive Portal. Then scroll down to reveal the toolbar. Click Auth provider and choose Facebook. To learn how to create portals head to https://support.odyssys.net and search portals. Page 6 of 12
Once selected you can configure Access limit control Associated groups Facebook permissions Bandwidth shaping VLAN tagging and api keys. Page 7 of 12
Access limit control Configure how many sessions the user can have. To VLANtag Input your VLAN Bandwidth Shaping You can bandwidth shape only users in who authenticate using this method. Page 8 of 12
API keys Application ID and App Secret from App homepage (Dashboard page) are necessary and will tie the login to your chosen Facebook app. Keep these safe. When done configuring click Add Provider Page 9 of 12
Facebook Permissions More Facebook permissions can be requested from users by completing the above steps and editing the provider as shown above. You will be presented with a screen to add further permissions. If your app asks for more than than public_profile, email and user_friends it will require review. Currently the below are approved by Facebook and are provided by default In some cases a user may choose what information to provide it off the back of their privacy settings or if the information is relevant to the app use. public_profile provides access to a subset of items that are part of a person s public profile. A person s public profile can refer to the following properties: id name first_name last_name age_range gender locale timezone updated_time On the web, public_profile is implied with every request and isn t required, although the best practice is to declare it. On ios and Android, you must manually request it as part of your login flow. Page 10 of 12
gender & locale can only be accessed if: The person queried is the person using the app. The person queried is using the app, and is a friend of the person using the app. The person queried is using the app, is not a friend of the person using the app, but the app includes either an app access token or an appsecret_proof argument with the call. timezone & verified can only be accessed if: email The person queried is equal to the person making the request. Provides access to the person s primary email address via the email property on the user object. Note, even if you request the email permission it is not guaranteed you will get an email address. For example, if someone signed up for Facebook with a phone number instead of an email address, the email field may be empty. Facebook s permission definitions see here. Triggering Facebook Sign-in from HTML Source If you are opting to customise fully the HTML source for your captive portal, you need to bind the facebookloginselected()javascript function to an onclick event on an element in the page (usually a button, but it could be a link, etc). For example: <input id="facebook_login_btn" type="button" class="xbtn" value="facebook" onclick="facebookloginselected();" /> This function is part of the portalscripts.js import that should already be in the <HEAD> section of the page source. Page 11 of 12
Craven House, 121 Kingsway London WC2B 6PA T +44 (0) 20 7831 5630 info@globalreachtech.com Copyright Global Reach Technology Limited All rights reserved. Global Reach and the Global Reach logo are registered trademarks.