Menu
A web application supports log in via Facebook using the JavaScript SDK.
The Facebook authentication happens client side. Once successful, FB.getLoginStatus() is called and the authentication token and userID are sent to the server.
The web application stores the Facebook userID in its database.
How does the server know that the user has logged in successfully and that the authentication token and userID have not been faked client side? Is there a way of doing this validation server-side without sending a request to Facebook's server?
286
As per my comment above, you can do this by forwarding the authResponse.signedRequest parameter to the server and decode/check it on the server without having to send a server side request to Facebook's server.
60
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
