Getting the facebook session at the server side if we login using JS SDK

前端未结

关注

 3  819

Friends,

I have set up a facebook login for my website using JS SDK.

If the use is logged in through JS SDK, should we cross verify whether the session

3条回答

甜味超标 (楼主)

2021-02-07 15:26

There are two parts to this question: Firstly, there is a difference in the UI flow. See: https://developers.facebook.com/docs/concepts/login/login-architecture/

1) Browser side with JS SDK. You start off with oauth 2.0 dialog, obtaining the Access Token and then using this to access the Facebook API.

2) Server side uses signed_request posted to the server. With this, you can extract the user_id. See: https://developers.facebook.com/docs/howtos/login/signed-request/ -
Step 1 - describe the signed_request, how you can obtain it from PHP or JS SDK
Step 2 - how to verify that the signed_request is not fabricated.

Oauth token from other providers can be integrated with FB. See my Dropbox example: apps.facebook.com/fileglu/ - circa Sept 2011, also check out the technical section for implementation details, including CSRF, CORS and avoiding javascript cryptography.

0 讨论(0)