I have a web application that authenticates users against Facebook. Once my site redirects them to login with Facebook, FB redirects them back to my site with a valid session cookie. This is a PHPCOOKIE I guess.
I would like to accomplish the same thing from my iPhone application. I have looked at the Facebook iPhone SDK, but that simply lets the iPhone application directly call the graph API.
What I actually want to do is have my backend server call the graph API like it does with the browser.
How do I get the iPhone SDK to pass the session cookie to all requests to my server, the same way the browser does?
This does actually occur- but you're on the iPhone, and the iPhone caches the "cookie" with auth info. It's in NSDefaults. It's also called single-sign-on or SSO. It detects Facebook login and authentication on the native app on the same device, and sets a local (iPhone app default) access token for further graph requests.
Related
Hi i'm working on a web with Laravel. On the web, I use socialite to login with Facebook, but I don't know how to do that with api for mobile to connect.
On the web, the flow is the user request to the website, socialite will redirect to facebook to obtain data and redirect back to the redirect url that we register to do authentication.
I don't know if with mobile app is the same?
How can I do it since there is only 1 redirect url and how to detect if the request is from website or from mobile app. Because request from website, ultimately is return view and request from mobilr is return json, right?
Or the mobile side, mobilr developer will do the obtaining data then send it to the website through api to authenticate?
Please help me on this. Thank u. Sorry for my bad English. If anyone does not understand my situation please ask me again.
Thank you all.
If you are building a mobile app, you should use the Facebook Mobile SDK to preform Facebook login instead of doing it the website way. On Facebook, you can have different settings for iOS and Android (and other platforms), so you won't need to worry about knowing which platform the user is using.
When the user authenticates using the mobile app, you can pass the Facebook access_token back to your database via an API.
I was wondering if user access tokens that are recieved through one platform can be used to access and make facebook calls through another.
For example:
I have a mobile app and a web server that work together. A user signs in through facebook on the mobile app(through single-sign-on). The user then uses the mobile app in a way that an internal service requires that an external service call to facebook is necessary. The internal services relays this to the web server, and the web server makes the actual call to facebook.
Work flow:
User signs into mobile app
mobile app sends user access token + service call needed to web server
Web server makes external call to facebook and returns information to mobile app.
So in short, the mobile app is not making the facebook calls, but the web server is.
My question is that if I authenticate a user through the mobile app, can I pass(and store) the users access token and use that to make calls to facebook through the web server?
The answer is yes.
I've done this successfully with mobile SDKs (Android & iOS) using the Facebook authentication to obtain an access token, then passing this access token to a PHP web application which successfully uses it with the PHP SDK client library.
The access token is also the only piece of information that needs to be transmitted.
As long as the application key and secret are the same on both clients, an access token should be valid on either.
Assuming it is possible to transfer the Facebook API access token from some web app to my mobile app (via physical storage or network), will my mobile app be able to use that token as a regularly acquired token (as if the mobile app itself requested the token from Facebook)?
Is this procedure allowed in the Facebook API's terms of service?
Will the mobile app be able to cache that transferred token and use it as its own?
Basically, what I want is for the user to do Facebook Login and authenticate on one machine, and use the acquired token on a different one (e.g mobile app).
Is there a better way of doing this?
You can set your mobile app to go through facebook's oauth steps onload and if the user has already authenticated the app, he will get logged in right away, since you'll get an access token at this point of time, save that in the mobile app.
Automatic login triggers are now being used on both stackoverflow and quora. (if you sign up here through facebook, when you visit the site, you'll get signed in again - same for quora).
Also, access tokens grant access to a particular 'facebook app'. If your mobile app uses the same app id, then you can certainly reuse the same access token on the mobile device.
yep, we can reuse it. I got an access token from mobile app then it's applicable on web browser.
I am developing a Facebook application for mobile platforms. The mobile part is being developed with PhoneGap and the server side is Python / Django.
The mobile app should be able to query Facebook API directly. Server should be able to query Facebook API on the users' behalf too. Thus the user should be authenticated both with Facebook and on the server (Django), and the server should have the user's Facebook authentication token.
What would be the best flow for authenticating the user on both sides? Is it reasonable to authenticate on Facebook via mobile app, then send the token to the server and create a django session on the server?
I had a similar requirement: jQueryMobile app with Ruby On Rails backend. In my case, I implemented the Facebook authentication on the backend using omniauth. The backend retrieves the Facebook access token and passes it to the jQueryMobile frontend. The frontend then uses JSONP to retrieve the user's friend list. The advantage of this approach is that there is a single point of authentication -- Facebook auth at the backend.
You can find a demo of my app and the full source code at http://csgrad.blogspot.com/2011/07/jquerymobile-app-with-facebook.html
I have a mobile app that allows users to login through facebook connect.
There is also a webservice that the mobile app will use.
Can the mobile app share its auth token with the webservice?
user login to facebook through mobile app
mobile app sends auth token to webservice
webservice queries facebook for user details
or would the mobile app query facebook and then pass the information to the webservice?
user login to facebook through mobile app
mobile app queries facebook for user details
mobile app sends details to webservice
Yes. The API doesn't care where you get the token from, as long as you're using the same AppID/Secret. This is commonly used in offline data access scenarios (user authenticates through web app, backend service updates in background). Do you have a specific example where this doens't work?