As per Facebook's guidelines, "any Facebook Connect site that stores data about the user must register a Post-Remove URL." This patch provides a new page, fbconnect/unlink, that processes Facebook's POST notification after a user has unauthorized the app by unlinking their Facebook account from the website's one.

Make sure to set "Post-Remove Callback URL" in your app's settings to "http://www.yourwebsite.com/fbconnect/unlink" for this to work.

CommentFileSizeAuthor
fbconnect-unlink.patch1.48 KBjamix

Comments

shroge’s picture

shroge commented

Since the 6.x version of the patch is based on this one I thought I'd post my comment here as well. Sorry for the duplication, but I thought you could take a look at the suggestion as well since it also applies to the 5.x version.

Original 6.x patch comment: http://drupal.org/node/574210

I was looking at implementing this patch on my site so I was taking a look at the patch and noticed that the deletion of the user was taking place with a direct db call:

db_query('DELETE FROM {fbconnect_users} WHERE uid = %d', $uid['uid']);

I was thinking that it might be better if that was done with the user_delete call and check that you do not delete the 0 or 1 user:

if ( !empty($uid['uid']) && $uid['uid'] > 1 ) { // do not want to remove 0 or 1 no matter what
user_delete(null,$uid['uid']);
}

That way, any place that the user info has gotten into (users_roles, authmap) will be removed and so that module_invoke_all is called. I know that my module will need to do a bit of cleanup if a user is deleted.

jamix’s picture

jamix commented

Thank you for your suggestion. I have commented on it in the 6.x thread.

vectoroc’s picture

vectoroc commented
Status: Needs review » Closed (fixed)