Monday, January 19, 2015

FB Authentication 


FB Authentication
•  User clicks on the FB button on home page
•  the user is redirected to https://graph.facebook.com/oauth/authorize with these parameters:

client_id FB App Id
type web_server
display Popup
redirect_uri /myServices/connectToFBCallback
response_type Token
auth_type Reauthenticate
state Test
scope Email

• Note that  is set up in the FB App at developers.facebook.com

• after the user logs successfully into FB, the callback URL (/myServices/connectToFBCallback) is invoked by FB we are interested in the 2 parameters that are passed into the callback URL.

1) code
2) state

•  if code is null or empty, we assume the user is not authorized by FB and send the user to registration

•  state should be same as the one we passed with the  URL https://graph.facebook.com/oauth/authorize 

•  if state is null or empty, we assume the user is not authorized by FB and send the user to  registration

• Note: if the callback URL is never invoked by FB, there is nothing that we can do
 to inform the user about the status of their login

• the next step is to get the access token

•  the URL is https://graph.facebook.com/oauth/access_token

• parameters:

client_id 
code 
type web_server
client_secret 

•  open the URL connection is https://graph.facebook.com/oauth/access_token using HTTPS protocol and read the input. We are interested in the access token that could be read in the input as access_token=xyz...

• Save the access token in the Database

• We then need to get the FB username of the user 

•  open HTTPS URL connection to https://graph.facebook.com/me

• with parameter

 access_token=

•  the response from FB is read into a Gson object 
•  the username and email are parsed and stored in the Gson object
•  we then look up the   Account table using the email of Gson object
1) if the account is found, we log the user in and we are done
2) if the account is not found, we send the user to registration

Logging in FB User

• We redirect the user to myWebsite/loginFB.action with the following parameters:

1) email (ex:abc@abc.com)
2) profilePic (ex: https://graph.facebook.com//picture)

• The loginFB method will store the profile pic in  Account.profile_pic.

• For example: https://graph.facebook.com/gandikotam/picture will  be the value stored in the Account.profile_pic for the FB user with username gandikotam

• To retrieve the image, the ProfilePicController needs to be modified to download the image using HTTPS protocol.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)