发表新帖
发表新帖

When should the server-side vs. client-side Facebook authentication flows be used?

后端 未结
关注
2 1511
不知归路
不知归路 2021-01-31 18:11

Facebook has two flows for Authentication, client-side and server-side. When should each one be used?

Facebook docs: https://developers.facebook.com/docs/authentication/

相关标签:
2条回答
  • 我在风中等你
    2021-01-31 18:51

    Depending on your needs you can use one or the other or both. If you want calls to facebook to be processed before the user sees a certain page then use server side... however if you want to display partial information until the user has authenticated, use javascript authentication.

    It boils down to this:

    • Javascript authentication can happen with-in a popup window and does not require a page reload you can also just perform a top.location.href redirect.
    • PHP authentication involves a redirect to an authentication page.

    Also see this thread, in particular this response.

    0 讨论(0)
  • 余生分开走
    2021-01-31 19:02

    To add to @Lix's answer, I would say:

    Client Side Authentication

    • When you want some information from Facebook API about the user that is required once, as in you only need to get it once like the user's name and email.
    • When you want to temporarily access/manage the user's information/data and don't need to do it often.
    • You get a temporary token, which is valid only for a few hours and you need to get a new token to call the Facebook API again after it has expired (which requires the user has to grant permission again).

    Server Side Authentication

    • You want to manage the user's data (on their behalf) after the user has left your website/app. Example, gathering the user's feed/timeline data on a regular basis.
    • When you want to access/manage the user's information/data in a recurring fashion untill the user hasn't revoked access to your client id (represented by a Facebook app).
    • You get both a temporary token and a permanent token (which lasts for about 60 days at the time of writing this). You can get a new temporary token by using the permanent token every time you need to call the Facebook API (given the previous temporary token has expired) -- without bothering the user to grant permission again.

    So, in short, for short term use, follow client-side authentication flow and for long term use follow server-side authentication (given you have a backend server of your own).

    0 讨论(0)
 看不清?
提交回复
热议问题