Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
157 views

Facebook User Authentication in A Web Application

Facebook uses OAuth 2.0 to authenticate users on third-party web applications. The application requests access to a user's Facebook data, redirecting the user to Facebook to approve access. If approved, Facebook issues an authorization code to the application, which can then request an access token to make API requests on the user's behalf. Without approval, Facebook redirects back to the application with an error.

Uploaded by

sbr11
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
157 views

Facebook User Authentication in A Web Application

Facebook uses OAuth 2.0 to authenticate users on third-party web applications. The application requests access to a user's Facebook data, redirecting the user to Facebook to approve access. If approved, Facebook issues an authorization code to the application, which can then request an access token to make API requests on the user's behalf. Without approval, Facebook redirects back to the application with an error.

Uploaded by

sbr11
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Facebook User Authentication in a Web Application

An example of sequence diagram which shows how Facebook (FB) user could be authenticated in a web application to allow access to his/her FB resources. Facebook uses OAuth 2.0 protocol framework which enables web application (called "client"), which is usually not the FB resource owner but is acting on the FB user's behalf, to request access to resources controlled by the FB user and hosted by the FB server. Instead of using the FB user credentials to access protected resources, the web application obtains an access token. Web application should be registered by Facebook to have an application ID (client_id) and secret (client_secret). When request to some protected Facebook resources is received, web browser ("user agent") is redirected to Facebook's authorization server with application ID and the URL the user should be redirected back to after the authorization process. User receives back Request for Permission form. If the user authorizes the application to get his/her data, Facebook authorization server redirects back to the URI that was specified before together with authorization code ("verification string"). The authorization code can be exchanged by web application for an OAuth access token.

Sequence diagram example - Facebook User Authentication in a Web Application.

If web application obtains the access token for a FB user, it can perform authorized requests on behalf of that FB user by including the access token in the Facebook Graph API requests. If the user did not authorize web application, Facebook issues redirect request to the URI specified before, and adds the error_reason parameter to notify the web application that authorization request was denied

You might also like