We developed a hybrid mobile applicacion as front-end integrated with a backend, wich includes a Facebook OAuth service. With this setup social authentication, through the web browser, it works fine.
Now we would like to use the native Facebook app installed on the mobile device (instead of the web browser) to authenticate our users against or backend, but we don't find how to implement the auth process.
Our backend follows OAuth2 of type "Authorisation Code Grant" (https://alexbilbie.com/guide-to-oauth-2-grants/) and, therefore, expects a code and a status parameters in the Facebook response (just like the first described auth). But in mobile, the Facebook SDK doesn't return this paramenters, only an accessToken. Because of that, we can't implement the auth process in our backend.
Is it possible to perform the OAuth process using an accessToken instead of the autorization code? Maybe is it possible to obtain the code and status parameters from the accessToken parameter with Facebook API?
Related
I am working on some OAuth 2.0 standards and non-standards flows to allow some clients to take the advantages of the SSO and give the users the native experience regarding the client that he/she working on.
One of the clients is a flutter App, so I followed the Authorization Code Flow with PKCE. The flow itself is a pretty straight forward to open a browser so you can exchange the code in this front channel with the access token through a backchannel. Things getting a bit complex while trying to authenticate via an external provider like Facebook. From the OAuth standard, it's easy to just pass the &acr_values=idp:Facebook.
The problem is when trying to follow the Authorization Code Flow with PKCE or even the old implicit flow to get access token through the Facebook, it opens the browser to ask you entering the Facebook username and password, but this is not the native experience as instead of that I want the web view to redirect the user to the app to authenticate via it instead of the browser like what's happening using the native Facebook SDK or Firebase SDK?
The only solution that I am following right now is following a non-standard authentication flow that I implemented myself to use the Flutter's Facebook SDK to get the Facebook token then exchange this token with my IdentityServer4 token after that (described here) which seems very user-friendly experience but complex and at the same time not standard.
So, is it a way to use the Authorization Code Flow with PKCE to get the access token from the IdentityServer4 using Facebook as an external provider and use the Facebook app instead of the browser to authenticate so we can give the user a native experience and follow the best OAuth2.0 practices at the same time??
I'm coding an API and trying implements the Facebook Auth. My scenery, I've front-end and the back-end, both in different domain. i.e:
Front:
http://myappfront.com
Back:
http://myapiback.com
The Front will authenticate with Javascript SDK and send to Back just the User access Token, and Back will validate this Token with PHP SDK.
My question is:
I need two apps on Facebook for each domain? The authentication will works with different APPs?
I'm building an app that supports credentials authentication, facebook and google oauth on both Android and iOS.
My backend are written using ServiceStack.
For authentication using a browser we typically call /api/auth/facebook and ServiceStack handles the callbacks and exchange of information from the social provider such as facebook for a person logging in the first time and it also handles signing in a returning user via the same api endpoint.
When trying to connect to add support for facebook authentication or google in Xamarin app how do I call the ServiceStack endpoints to properly authenticate. How are the callbacks handled on mobile?
I'm a bit stuck with this
Have a look at the TechStacksAuth repository which provides an example of how to use the Xamarin.Auth component to authenticate with a ServiceStack OAuth backend like Twitter.
I was wondering if user access tokens that are recieved through one platform can be used to access and make facebook calls through another.
For example:
I have a mobile app and a web server that work together. A user signs in through facebook on the mobile app(through single-sign-on). The user then uses the mobile app in a way that an internal service requires that an external service call to facebook is necessary. The internal services relays this to the web server, and the web server makes the actual call to facebook.
Work flow:
User signs into mobile app
mobile app sends user access token + service call needed to web server
Web server makes external call to facebook and returns information to mobile app.
So in short, the mobile app is not making the facebook calls, but the web server is.
My question is that if I authenticate a user through the mobile app, can I pass(and store) the users access token and use that to make calls to facebook through the web server?
The answer is yes.
I've done this successfully with mobile SDKs (Android & iOS) using the Facebook authentication to obtain an access token, then passing this access token to a PHP web application which successfully uses it with the PHP SDK client library.
The access token is also the only piece of information that needs to be transmitted.
As long as the application key and secret are the same on both clients, an access token should be valid on either.
I am developing a Facebook application for mobile platforms. The mobile part is being developed with PhoneGap and the server side is Python / Django.
The mobile app should be able to query Facebook API directly. Server should be able to query Facebook API on the users' behalf too. Thus the user should be authenticated both with Facebook and on the server (Django), and the server should have the user's Facebook authentication token.
What would be the best flow for authenticating the user on both sides? Is it reasonable to authenticate on Facebook via mobile app, then send the token to the server and create a django session on the server?
I had a similar requirement: jQueryMobile app with Ruby On Rails backend. In my case, I implemented the Facebook authentication on the backend using omniauth. The backend retrieves the Facebook access token and passes it to the jQueryMobile frontend. The frontend then uses JSONP to retrieve the user's friend list. The advantage of this approach is that there is a single point of authentication -- Facebook auth at the backend.
You can find a demo of my app and the full source code at http://csgrad.blogspot.com/2011/07/jquerymobile-app-with-facebook.html