Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to authenticate web service call that uses Facebook to authenticate users?

Tags:

rest

authentication

facebook

web-services

iphone

I'm developing an iOS app that uses Facebook authentication for a user to log into the app, the app then interacts with a Python REST web service.

What strategy should I use to authenticate the web service call once the user has signed into the app using their Facebook credentials?

like image 441
Rick Avatar asked Dec 05 '25 10:12

Rick

1 Answers

Send the auth token to your REST web service and let the REST web service check it with fb (facebook).

  1. Once the user has signed into the app you get an authentication token.

  2. Send the token and the fb user id to you REST web service.

  3. Your web service should verify that the token is valid (this involves an server-server api call to fb).

    I used php and this code but python should kinda look the same.

    function checkFacebookLogin($acces_token) {
    $url = "https://graph.facebook.com/me?access_token=" . strip_tags($acces_token);
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 5);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    $response = curl_exec($ch);
    curl_close($ch);
    $user = json_decode($response);
    return $user;
}

  4. If it's valid you get back a user.

  5. Verify the user id's (from fb and from the post in step 2). If it's the same you've got yourself an authenticated user.

  6. Store the authentication token and a timestamp in you local database on you server so you don't have to make a call to facebook over ander over again. When the user re-logs-in you could check the authentication token and the time (valid for only x hours) and grant permission without checking the token with facebook. Be warned that the user may revoked fb permissions in the meantime btw.

Good luck.

Update for commented question:

Of course, check out validating the token from google's developer doc's. It's written for a (javascript like) client app but that does not matter. You can just call the url with php or python.

In the end you will call something like:

https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=##ADD_TOKEN_HERE##

You could also read those 2 docs from Google about logging in with google from an installed app and conning with google from a webserver.

https://developers.google.com/accounts/docs/OAuth2InstalledApp https://developers.google.com/accounts/docs/OAuth2WebServer

like image 171
Tieme Avatar answered Dec 08 '25 01:12

Tieme
Sign in to Comment

Related questions

App rejected because of screenshot, what should I do now?
doesNotMatchKey:inQuery: return records that match key in Parse SDK for iOS
Stop webViewDidFinishLoad from being called rapidly
Creating a custom UIScrollView Scroller
iPhone Robotics Visual-SLAM algorithm implementation
How do I point compass at my destination?
“Application tried to present modally an active controller” Error in iOS5

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!