I'm developing an Android app as well as a website (that does have communication with the Android client as well). I want to use FB login, but the problem I see is this:
Client, Use FB login and then gets an access_token.
How does Client and Web Server communicate just using this access_code since the Web Server needs to know which account the Client is referring to. I also want to implement FB login on the web site as well.
One method I was thinking was:
Client Login: 1) Use FB login and get access_token. 2) Use access_token to get some User info. 3) Give access_token and User info to web server. 4) Web server also performs the same FB operation with the access_token and retrieves the User info. 5) Validate the User info matches and determine the user account based on that. 6) Establish another access_token between Client and Web Server for this link.
Does this even make it any more valid or perhaps just doing the login and retrieving the user email address as the actual account and tell the Web Server this is the account to use.
Or has someone done this in another way?
Our in-app browser for Facebook on Android has historically relied on an Android System WebView based on ChromiumChromiumChromium is a free and open-source web browser project, mainly developed and maintained by Google. This codebase provides the vast majority of code for the Google Chrome browser, which is proprietary software and has some additional features. Chromium.https://en.wikipedia.org › wiki › Chromium_(web_browser)Chromium (web browser) - Wikipedia, the open source project that powers many browsers on Android and other operating systems.
If you cannot access your account on the app but can log in on Facebook's website, then try to update your Facebook app. Possibly, the version of Facebook installed on your device is no longer supported, or it contains a bug or glitch related to logging in.
Under the Account tab in the top right, click Account Settings. Under Account Security, click Change. Under Secure Browsing (https), check the box. Click save.
For the communication between your client/server you should use your own client Id.
Don't relay on the access_token facebook gives you because it changed in several scenarios.
Getting the email is also not a full solution because users can decide not to give you their mail.
In general you need to implement Facebook Connect on both sides.
1.Connect to facebook
2.Get permissions from the user (read about permissions here: http://developers.facebook.com/docs/reference/api/permissions/)
3.Register it as your user and give him an id (you can use facebook uid if you want).
When the user returns to your site/app you need to login him again, get his uid and query your server for the user details.
One thing about the access_token, you need it to query facebook's api. you can get it from facebook every time a user login to your site/mobile using facebook or you can request the user for offline_access permission and then you'll have the same access_token until the user changes their password at facebook etc. (read more about it on the docs).
This method allows you to query facebook api's although the user isn't currently logged in to your site.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With