The title speaks to the majority of the question, but I'm having a hard time wrapping my brain around how I have Facebook authenticated users gain access to my own site's API.
After the user has authenticated with FB I have a little bit of information available about the user, but no API key or username/password to pass along to my own secure API server for authentication.
I've found several related questions, but nothing that seems like an ideal answers:
Any help will be greatly appreciated!
In the App Dashboard, choose your app and scroll to Add a Product Click Set Up in the Facebook Login card. Select Settings in the left side navigation panel and under Client OAuth Settings, enter your redirect URL in the Valid OAuth Redirect URIs field for successful authorization.
Since you are authenticating your users through Facebook connect, you know enough about the user.
Regardless of the authentication flow you are using, you'll
STEP #1: receive an access_token
and a expire
parameter. Most likely, you've requested the user_id
too (if you are using the JS-SDK it would handle most of this).
STEP #2: encapsulate these info (access_token
, expire
& user_id
) in a hashed string, e.g. mimic the Facebook signed_request
format.
STEP #3: send this hashed string in your own API calls:
https://mydomain.com/apis/getUserSecretData?fb_oauth=my_hashed_string&vars=my_other_vars
STEP #4: in your API end-point, decrypt/decode your hashed string and verify the expire
parameter and if the access_token
is expired, then you need to request a new one and repeat your API call.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With