Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

When should the server-side vs. client-side Facebook authentication flows be used?

Tags:

Facebook has two flows for Authentication, client-side and server-side. When should each one be used?

Facebook docs: https://developers.facebook.com/docs/authentication/

Possibly related: What is the purpose of the implicit grant authorization type in OAuth 2?

like image 310
John Bachir Avatar asked Nov 15 '11 20:11

John Bachir


People also ask

What is client side and server-side authentication?

Description. A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.

What authentication protocol does Facebook use?

OAuth2 dominates the industry as there is no other security protocol that comes close to the adoption of OAuth2. In case you're wondering what OAuth2 is, it's the protocol that enables anyone to log in with their Facebook account. It powers the “Log in with Facebook” button in apps and on websites everywhere.

What is server-side authentication?

Server-side authentication takes place when the server provides certificates for authentication to the client. When requested, the server will authenticate itself to the client, also known as server-side authentication, by providing certificates to the client.

What is client side authentication?

Client-side authentication is when authentication checks are performed completely at users' side. The idea is that the authentication procedures, methods, or codes are delivered to the client, where they are executed to determine whether a user has access.


1 Answers

Depending on your needs you can use one or the other or both. If you want calls to facebook to be processed before the user sees a certain page then use server side... however if you want to display partial information until the user has authenticated, use javascript authentication.

It boils down to this:

  • Javascript authentication can happen with-in a popup window and does not require a page reload you can also just perform a top.location.href redirect.
  • PHP authentication involves a redirect to an authentication page.

Also see this thread, in particular this response.

like image 197
Lix Avatar answered Oct 09 '22 01:10

Lix