Start a new topic

Social Integration - how to passt Auth_token


i'm am trying to link an existing user to facebook. (for posting on his wall and so on)

Simple question:

How can i parse my auth_token from Facebook to this user? Saving the user-model doesn't work.

var token = Facebook.accessToken;

// Current User

var currentUser = Kinvey.Backbone.getActiveUser();

var promise = currentUser.connect('facebook', {

success : function(model, response, options) {



I've read through the docs but can't find this for backbone. (The third paramater is just for creation or?)

(Or is it "just" calling login?)



You mean adding the Facebook token to an existing user? I think you can set this when saving the user model, did you add the `_socialIdentity.facebook.access_token` to the user attributes?

Note that we designed the social integration to login with a social provider only, and not to do maintain and return the access tokens, so you might run into issues here.

My user registered in our application and - let's say - a week later he want to interact with facebook over our app (Cause that's a advantage for him in our application - more points)

So what is your advice to handle that?

In fact i don't want him to be able to use the "login with Facebook" Button - just posting stuff without confirming each single time. For this i've created a special attribute on each user named "createdBySocial" (true/false) to specifiy if it's a facebook-"only" user or a normal user who just combined it's account with facebook.

(Any thoughts - good/bad idea?)

That's the script for saving the token "manual":

// Current User

var currentUser = Kinvey.Backbone.getActiveUser();

var promise ={

_socialIdentity : {

facebook : {

access_token : Facebook.accessToken



}, {

success : function(model, response, options) {

console.log("Token Saved");



Best, Nico

(thanks for the support, by the way.)

`createdBySocial` sounds like a good idea, you could also just save the access_token somewhere else (i.e. not in `_socialIdentity`), so you can be sure it is always part of the response.

The above will work great if users can only access their own data (i.e. the collection ACL is private). Otherwise, you might want to use BL to hide the access_token to other users.
Login or Signup to post a comment