Use facebook authentication for browser extension [closed]

Question

I'm wondering what will be the best way to implement Facebook connect for a browser extension .
the two options I have in mind are:

• Implement Oauth protocol directly in the extension context (http://developer.chrome.com/extensions/tut_oauth.html)
• Implement it in a website then pass somehow the access token to the extension to make the API calls

What in your opinion are the pros and cons of each method?
Also would love to get some examples of browser extensions that use Facebook for authentication (apparently there aren't too many that are easy to find...)

Thanks

Answer 1

I'll be honest, it's a little hard to weigh up Pros and Cons without knowing what your extension will actually be doing since the implementation of authentication is only one piece of the puzzle (a very small piece at that). Regardless I'll take a punt and assume that most of the time your extension won't be doing things with users data unless they have their browser window open.

1. Client side authentication (your first option)

Pros

• Easier to develop and maintain since you'll have all your application logic all in one place and written in one language (JavaScript)

Cons

• The access token is stored in the users browser and therefore you can't perform autonomous server side operations (unless you pass that token to your service)

2. Server side authentication (your second option)

The pros and cons for this one are pretty obvious based on my answer above. Generally speaking the only time you'll ever need to use server side authentication is if most of your application logic is already on the server and therefore it (usually) makes sense to have this aspect there too.

Note: Which ever option you choose, you'll ultimately still need to display the authentication pop-up window to the user where they will choose to either accept or reject using your application.