Facebook Single Sign-On Pro-Tips
Today, Facebook released a list of best practices for developers of iOS and Android apps that implement the Single Sign-On (SSO) features that Facebook debuted a year ago.
Using SSO, developers are able to save their users time and frustration of logging in to their apps repeatedly. The developers also have access to the Graph API to build in-app social experiences.
Facebook recommends the following 4 Pro-Tips for developers:
Pro-tip 1: Include Facebook Login at User RegistrationApps will often only use SSO and Facebook Login when asking the user to enable Facebook features in the app. You should also include Facebook Login anywhere you prompt the user to Register for your app, often times when users launch your app for the first time. Users can enjoy a simplified registration process, and you can request the same information, such as e-mail address, that you would normally collect manually from the user.
Pro-tip 2: Store the user’s session in your appAfter your user authenticates for the first time, you should immediately store the authentication result locally. This way, you can keep the user logged-in to your app without having the user re-authenticate each time.
Pro-tip 3: Request only the permissions your app needsWe have streamlined the SSO permissions dialog, along with all permission dialogs in our recently announced Improved Auth Dialog. You should only request the permissions you need to get the user registered and using your app’s social features.
As part of our ongoing efforts to improve privacy protections for Facebook users, we’ve deprecated the ‘offline_access’ permission. Instead, you now have the option to extend the expiration of existing, valid access tokens for a limited amount of time without requiring the user to login again. Learn more about upgrading access tokens. Also, many apps incorrectly ask for ‘publish_stream’ when using our Feed Dialog. Your app only needs ‘publish_stream’ if it will be publishing to the user’s feed programmatically with the Graph API.
Pro-tip 4: Complete all iOS and Android Fields in your App SettingsBe sure to fill out every field related to your app in your app settings in the Native iOS App and the Native Android App fields. You can access these app settings for your app here. On iOS, If these fields are not configured, we will not be able to drive traffic to your app or the iOS App Store. In addition, we use the iOS Bundle ID to streamline authentication for users who have already authenticated your app.