Jump to content

SSO (Single-Sign-On) via Facebook using TW3FacebookLogin

Recommended Posts

  • Administrators

TW3FacebookLogin is a non-visual component, which is available in the Designer's Cloud-tab. It lets you add Single-Sign-On to your web page using Facebook credentials.

To use this, you need an AppID, which you can obtain by registering at https://developers.facebook.com

When you register, you need to specify the App Domains where you're going to host your web app. So, if you plan to have it at https://myserver.example.com/mywebapp/index.html, then you need to register myserver.example.com as App Domain.

Then add TW3FacebookLogin to your form and set the necessary properties and events:


  • ApiVersion: Version of FB api. Default is v8.0
  • AppId: The AppId you get when you register your app at Facebook.
  • AutoLogin: If true, your web page will automatically call Login, which pops up Facebook's login form
  • Enabled: When this is set to True, the component loads Facebook's SDK and checks if you're already logged in
  • Permissions: What information to ask for from Facebook. Leave it blank if the basic profile information is enough.
  • SDK: The Facebook SDK to load. This default value is usually ok.


  • OnLogin: Is called when the Login is successful
  • OnLogout: Is called when user logs off


  • Login: Opens Facebook's login form (or logs the user automatically in if you're already in logged into Facebook)
  • Logout

Useful properties after login:

  • UserName
  • UserEmail
  • UserId
  • UserToken

Most of the time you only need to:

  • Set AppID
  • Set Enabled to True, which will automatically load Facebook's SDK
  • Set the OnLogin- and OnLogout-events
    • In OnLogin, get the name, email, UserId and token.
  • Call Login (for example, from a Button's or Image's OnClick-handler)

And when you test, make sure to do it with a browser from the registered URI. Don't expect this to work from SMS's console.

Finally, a few words about security. Do not blindly trust the information that you receive. As this all happens in the client, you can not automatically trust UserName and UserEmail. So, when you do add this kind of SSO-support to log into a backend server, pass on the UserToken to the backend server, which should separately call Facebook's services to verify the token.

Note! When writing this, there is a problem with Facebook's API and Firefox browser. This problem is not related to Smart Mobile Studio at all, but affects any Facebook logins in Firefox. Refer to these URLs for more information:


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...