My project uses Node.js and Express, but the question is about generic approach.
Our users are all from FB and we don't have any auth other than FB. We need to associate some actions with specific FB users and also need their tokens to communicate with FB.
Currently we do it like that:
What's good: we always know that user's status is effective (token's TTL is more than normal page's lifetime, so we are good here).
What we don't like much: * client-side tokens are short-lived (yes, we can exchange them, but don't want to if we can find any alternative) * it normally takes several requests to FB (1 - load JS SDK, 2 - get login status) until we can show something. Till that the 'login' block of our site is empty.
What's the question?
We are looking for an optimal way to use some server-side code here and at least render user's name and avatar when we're sure the user is logged in.
I can imagine some scheme like this:
Concerns:
Authentication is the process of determining whether someone or something is, in fact, who or what it says it is. Authentication technology provides access control for systems by checking to see if a user's credentials match the credentials in a database of authorized users or in a data authentication server.
Using the JS SDK is the only feasible way to know a user’s status in “real-time”. (“real time” in quotes, because the result of FB.getLoginStatus gets cached as well – if one wants it to be accurate at all times, one must use the second parameter set to true.)
If you have the JS SDK set up to set cookies under your domain, then the PHP SDK is able to determine the login status of the user without any API lookups over HTTP – it just reads the user ID from cookie, so Facebook::getUser() will get you the user ID. That would be enough to display the picture – but for the user name, that’ll still require an API request.
Here you could opt for requesting the name once – and then saving it into your session. If, on the next request, the JS SDK indicates that the user is not connected any more, you could erase the login info from the page and/or force a reload (and on that, clear the session), to return to the not logged in state.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With