How does a mobile app authenticate with a backend API if the user signs in through social logins?

Question

I\'m trying to understand the basic organizations and login flow between social logins on a mobile app and how that app requests resources from a backend flask api.

If t

Answer 1

I suggest you to first read about single sign-on mechanisms:

https://en.wikipedia.org/wiki/Single_sign-on

Then you can read about OAuth2 which is used by Facebook for SSO from here

https://oauth.net/2/

https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

Simply you are correct, when user signs-in on Facebook, the backend will get token from Facebook that is used for authentication/ authorization of that user.

Answer 2

This is happening when a Facebook/Google log in is clicked on an XYZ website.

1. XYZ website redirects to Facebook login page together with an XYZclientID(XYZ should be already registered under Facebook as a developer)
2. Facebook identifies that XYZ(using XYZclientID) wants to authenticate ABC person
3. ABC person log in to facebook.
4. Facebook issues an authorisation code(for ABC+XYX combination) and redirects back to XYZ website.
5. XYZ uses this authorisation code + XYZclientID + XYZclientSecret to get a bearer token
6. Facebook validates the secret and issues a bearer token(linked to ABC person)
7. XYZ uses this bearer token to retrieve details of ABC person. (It cannot be used to retrieve data of DEG person)
8. Facebook give the email & other personal details of ABC to XYZ and XYZ shows that ABC is logged in.

More elaborated here : https://www.scienceabc.com/innovation/oauth-how-does-login-with-facebook-google-work.html