Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Facebook: sending an iOS access token server side and signing with App Secret

Tags:

ios

facebook

iphone

oauth

facebook-graph-api

I am writing an iPhone app that uses Facebook extensively. Right now, I'm getting the access token using the iPhone Facebook SDK. This returns me a standard access token.

I'm sending this token server-side and using it for many queries successfully. However, there are some queries that require an access token signed with the Application Secret, which the iPhone app sdk can't do client-side due to security vulnerabilities (specifically I'm trying to use dashboard methods).

So my question is: is there some way I can have Facebook upgrade this iPhone access token server-side to contain the signed secret? Or do I have to validate server-side from the beginning to do this?

The docs say that with the 'Server-side flow' method, once the user allows your app, you get a code generated by the server that you must send back with your App Secret to get your access token. The iPhone SDK uses 'Client-side flow' method, and it seems to skip this step, so I'm not sure how to get this code. So I guess the question boils down to, is it possible to upgrade a token gotten with the 'client side flow' method to one that can be used fully server side.

like image 209
Shaun Budhram Avatar asked Jun 14 '11 01:06

Shaun Budhram

People also ask

What is Facebook app access token?

An access token is an opaque string that identifies a user, app, or Page and can be used by the app to make graph API calls. When someone connects with an app using Facebook Login and approves the request for permissions, the app obtains an access token that provides temporary, secure access to Facebook APIs.

How do I get the secret app on Facebook?

Go to Settings -> Basic -> App Secret (type your password and you're ready to go).

Does Facebook use token based authentication?

When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.

Is app secret embedded in the client?

Is App Secret Embedded In the Client. If the Native or Desktop App toggle is set to Yes, then you will need to set this field. This restricts the app secret usage to methods allowed by a Client access token.

1 Answers

The answer is no.

The user token and app tokens are different and you can't convert one to the other.

Because you have a client app, I don't recommend that you embedded your app secret (as you point out).

For your app, I recommend that you create a web page on a server you control that gets and use app token that makes the calls you want.

like image 149
Douglas Purdy Avatar answered Oct 22 '22 21:10

Douglas Purdy
Sign in to Comment

Related questions

Showing an input that only allows numbers and the decimal point?
Google search policy
Cryptic warning without any google results [In Simulator]
Detect if wifi is turned on
Using Spotify/background music with camera open
Slicing up a UIImage on iPhone
CATiledLayer blanking tiles before drawing contents
What are the rules behind "X would like to use your current location" on the iPhone?
How to access Object ID Identity attribute?
Pause/Resume downloads in Objective-C
What's the difference between "Any iOS SDK" and "Debug" in Xcode 4 Code Signing?
Live Video Chat for iPhone and HTTP Live Streaming
Adding User in Itunes Connect Team
Why is Apple inconsistent in its own usage of instancetype in class constructors?
Firebase push notifications custom sound
Why doesn't @contenteditable work on the iPhone?
iPhone & iPad - two icons and two plists?
Fast, very lightweight algorithm for camera motion detection?
CodeSign error: code signing is required for product type 'Application' in SDK 'iOS 4.2'
UIKit: UIScrollView automatically scrolling when a subview increases its width past the edge of the screen

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!