Mobile Technologies Web Technologies Digital Marketing Creative Design Career Talk Medical General Tech Interviews Internet Of Things

Embark on a journey of knowledge! Take the quiz and earn valuable credits.

Take A Quiz

Challenge yourself and boost your learning! Start the quiz now to earn credits.

Take A Quiz

Unlock your potential! Begin the quiz, answer questions, and accumulate credits along the way.

Take A Quiz

Popular Categories

Interview Questions
QuestionBank
Quantitative Aptitude
Engineering
Govt Exams
Digital Marketing
Management
Interviews
All

REST API for website which uses Facebook for authentication

Digital Marketing Facebook Marketing API 2 years ago

0 1 0 0 0 tuteeHUB earn credit +10 pts
5 Star Rating 1 Rating
_x000D_ _x000D_ We have a website where the only way to login and authenticate yourself with the site is with Facebook (this was not my choice). The first time you login with Facebook, an account gets automatically created for you. We now want to create an iPhone application for our site and also a public API for others to use our service. This question is about how to authenticate with our website from the app/API and is broken into 2 parts: What is the correct way to handle REST authentication from an API to a website which only uses Facebook OAuth as an authentication method? I have read and researched a lot about standard methods of authentication for REST API. We can't use such methods as Basic Auth over HTTPS, as there are no credentials for a user as such. Something like this seems to be only for authenticating applications using the API. Currently, the best way I can think is you hit an /authorize end-point on our API, it redirects to Facebook OAuth, then redirects back to the site and provides a 'token' which the user of the API can use to authenticate subsequent requests. For an official application that we create, we wouldn't necessarily need to use the public API in the same way. What would be the best way then to talk to our website and authenticate users? I understand (I think) how to authenticate 3rd-party applications that are using our API, using API (public) keys and secret (private) keys. However, when it comes to authenticating the user who is using the app, I am getting rather confused about how to go about it when the only way we have to authenticate a user is Facebook. I feel like I'm missing something very obvious, or don't fully understand how public REST APIs should work, so any advice and help would be greatly appreciated.
Previous Next

Posted on 16 Aug 2022, this text provides information on Facebook Marketing API related to Digital Marketing. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.

Take Quiz To Earn Credits!

Turn Your Knowledge into Earnings.

tuteehub_quiz

Answers (1)

Post Answer
profilepic.png
manpreet Tuteehub forum best answer Best Answer 2 years ago
_x000D_ UPDATE: see below I've been thinking hard about this question too. It's not entirely clear to me yet but here's the route I am thinking of going. I am creating a REST API an my users only auth with Facebook connect. On the CLIENT: Use the Facebook API to login and get an OAUTH2 code. Exchange this code for an access token. In every call to my custom API I'll include the Facebook user id and the access token. On the API (for every method that requires user authentication): Make a request to the /me Facebook graph using the access token from above. Verify that the Facebook user id returned matches the user id passed to my API from above. If the access token has expired additional communication is required. I have yet to test this. How does it sound? --- Update: July 27th, 2014 to answer question --- I only use the above exchange once upon login. Once I determine which user is logging in, I create my own access token, and that token is used from that point going forward. So the new flow looks like this... On the CLIENT: Use the Facebook API to login and get an OAUTH2 code. Exchange this code for an access token. Request an access token from my API, including the Facebook token as a parameter On the API Receive access token request. Make a request to the /me Facebook graph using the facebook access token Verify that the Facebook user exists and match to a user in my database Create my own access token, save it and return it to the client to be used from this point forward
0 views
0 shares

No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.

Q

What is the full form of NABARD ?

Banking, Finance & Insurance
Q

How to refresh app upon shaking the device?

Mobile Technologies
Q

What are the govt exams after BCA?

Career Talk
Q

TYPO3 v8. Override function in Core class

General Tech
Q

Why do people in India give so much importance to Government jobs?

Commerce & Accounting
Q

Which is the best red ball team in cricket right now?

Sports 0 Answers
Q

zkskKsk

Mobile Technologies 0 Answers
Q

Qwerty 4

Digital Marketing 0 Answers
Q

What are the key differences between AMOLED and LCD displays in smartphones?

Mobile Technologies 0 Answers
Q

What are the key challenges in Mobile App Development for Cross-Platform Solutions?

Mobile Technologies 0 Answers

Explore Other Libraries

Blogs Tutorials Question Bank Feeds Careernews

Tags

REST API website facebook authentication

Important Digital Marketing Links

Facebook Marketing API
SEO
Social Media Marketing
Email Marketing
Online Reputation Management