Menu
I am using Facebook authentication for my Android App.
I authenticate the user in my app using facebook ID [throught HTTP Post to Web API with facebook-id]. So If someone get to know the facebook-id of any user in my app, they can easily post to the URL which gave them access to the app.
Is there any recommended way to do this?
929
Once you made the login POST, facebook will give you an authtoken which is unique but it will expire sometime. Based on this token generate a temporary "session_key" (it could be md5(facebook_token + user_id), store this session_key in you db and send it back to your application.
With each request from app to your server, you have to send this session_key and the username. On server-side, you have to check if the session_key is in your database and if it was assigned to "user_id".
If everything is ok, you can continue the action otherwise return an error message.
When the user log out, remove this session_key(it will be regenerated when he will login with facebook).
Hope this will help.
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
