Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Facebook access token server-side validation for iPhone app

Tags:

authentication

facebook

iphone

I'm developing iPhone application, that is based on communication with server, and I want to use Facebook authentication mechanisms.

Basically, I think it should work like this:

  1. In my iPhone app, user logs in to Facebook, using his email and password.
  2. User allows access to his data for related Facebook application.
  3. My iPhone app receives access token, after successful log in.
  4. In further communication with my server, my iPhone application should use the received Facebook access token (for example: in queries).
  5. When my server receives some query from iPhone app, with access token, it should ask Facebook that this token is valid (and for who), and if yes, server should assume that user is authenticated with Facebook.

My question is: how the server should ask Facebook if given access token is valid? I think I should somehow check if the token is valid for my Facebook app.

I've tried many Facebook queries to graph API, that I've found, but nothing worked as I expected. Can you provide me some example?

like image 670
Marcin Avatar asked Mar 23 '11 14:03

Marcin

People also ask

How do I verify my Facebook access token?

You can simply request https://graph.facebook.com/me?access_token=xxxxxxxxxxxxxxxxx if you get an error, the token is invalid. If you get a JSON object with an id property then it is valid. Unfortunately this will only tell you if your token is valid, not if it came from your app.

How do I get a short live access token on Facebook?

Go to https://developers.facebook.com/tools/explorer/ and select your app from the first drop down menu, in the left. Click on the button "Get access token", and in the "Select Permissions" window, click in "Extended Permissions" and check manage_pages and publish_stream, and click in "Get Access Token" blue button.

1 Answers

Here's a two step process you can use to validate that a user access token belongs to your App:

1) Generate an App Access token

(https://developers.facebook.com/docs/howtos/login/login-as-app/)

https://graph.facebook.com/oauth/access_token? client_id=YOUR_APP_ID &client_secret=YOUR_APP_SECRET &grant_type=client_credentials

2) Debug the User Access token

(https://developers.facebook.com/docs/howtos/login/debugging-access-tokens/)

https://graph.facebook.com/debug_token? input_token=INPUT_TOKEN &access_token=ACCESS_TOKEN

Where INPUT_TOKEN is the user access token you want to verify, and ACCESS_TOKEN is your app's token that you got from step 1.

The debug endpoint basically dumps all information about a token, so it'll respond with something like this:

{     data: {         app_id: YOUR_APP_ID,         is_valid: true,         metadata: {             sso: "iphone-safari"         },         application: YOUR_APP_NAMESPACE,         user_id: USER_ID,         issued_at: 1366236791,         expires_at: 1371420791,         scopes: [ ]     } }

If that token isn't from "your app" then it will return an error response.

like image 105
sebastian the crab Avatar answered Oct 16 '22 13:10

sebastian the crab
Sign in to Comment

Related questions

Create UIActionSheet 'otherButtons' by passing in array, not varlist
$(document).click() not working correctly on iPhone. jquery [duplicate]
How do I make UITableViewCell's ImageView a fixed size even when the image is smaller
UIButton won't go to Aspect Fit in iPhone
No identities were available - administrator request
Is it possible to use AutoLayout with UITableView's tableHeaderView?
javascript scroll event for iPhone/iPad?
Get position of UIView in respect to its superview's superview
iOS How to detect iPhone X, iPhone 6 plus, iPhone 6, iPhone 5, iPhone 4 by macro?
How to set the UITableView Section title programmatically (iPhone/iPad)?
Adding a simple UIAlertView
Get current URL of UIWebView
UIStatusBarStyle PreferredStatusBarStyle does not work on iOS 7
Rename a class in Xcode: Refactor... is grayed out (disabled). Why?
Changing UIImage color
UITableView Setting some cells as "unselectable"
Javascript for "Add to Home Screen" on iPhone?
To ARC or not to ARC? What are the pros and cons? [closed]
How does Apple know you are using private API?
How do I save a UIImage to a file?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!