Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Facebook auth token exchange

Tags:

android

facebook

google-app-engine

Is it possible to authenticate the user on server side using auth token retrieved by Android applicaton from Facebook? In other words Android application uses SSO and obtain auth token. Then sends this token to backend application deployed on Google App Engine. Then backend application verifies the user against Facebook using the token.

I guess it's not feasible because retrieved token can be used only by Android application, but who knows? Maybe it may be reused somehow?

like image 258
user793456 Avatar asked Jun 10 '11 22:06

user793456

People also ask

How do I get my Exchange token on Facebook?

At a high level, you obtain a long-lived token for the client by: Using a valid, long-lived access token, your server sends a request to get a code from Facebook. Facebook sends a code back to your server and you securely send this code to the client.

Does Facebook use token based authentication?

When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.

What can I do with Facebook access token?

An access token is an opaque string that identifies a user, app, or Page and can be used by the app to make graph API calls. When someone connects with an app using Facebook Login and approves the request for permissions, the app obtains an access token that provides temporary, secure access to Facebook APIs.

How can I get Facebook OAuth?

In the App Dashboard, choose your app and scroll to Add a Product Click Set Up in the Facebook Login card. Select Settings in the left side navigation panel and under Client OAuth Settings, enter your redirect URL in the Valid OAuth Redirect URIs field for successful authorization.

1 Answers

The Token you get from Android API can be sent to your server, who can check the validity of the token by querying the graph ( using /me?auth_token=.... for example). The problem is that the same token can be used by any third party - it's not client specific - and so if you base server identification based on that, you have a problem (since a third app could use its user token and get authenticated by you). I am trying to find a way to solve this issue, but I don't have good ideas yet...

like image 112
Rohi Avatar answered Sep 18 '22 14:09

Rohi
Sign in to Comment

Related questions

XML parser for dynamic layout (dynamically loaded skins)
Android 2 emulators communicating
How can I recognise which area of an image (not just coordinates) has been touched in Android?
Cannot fetch PDF file as binary data
Login to my application using facebook credentials
How to easily Generate Synth Chords Sounds in Android?
connecting android apps to mysql database
Android Offload license validation to a trusted server
Whats is taco memory and why am I low on it?
Keep AsyncTask during rotation but not on Activity removal
Android - Animate popup dialog with bounce effect
How to customize Android's LockScreen?
Android Explicit Intent throws NoClassDefFound error
Android Facebook .. how to get AccessToken
Filter Intent based on custom data
Android: Best way to fetch data from server (Widget + application)
Android components for displaying a graph (nodes and edges, in 2D)?
What is the 'best practice' for changing from 'Activities' to 'Fragments' for Android applications?
Android SIP SSL
Is there an Android built-in browser developer guide? Where to look for JS engine differences?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!