Geek asks and answers

Facebook authentication on my server using Android

I am creating an application with the following blocks:

Android - the client side, Java Servlets - Sever Side, Facebook - is used to authenticate users and work with their data.

My problem is this: I would like to authenticate my users via facebook (for example, a request sent by the android client using facebook-android-sdk to facebook), but then I would like to send requests to my server (which is implemented by servlets) and how- then check that the user sending the request authenticates to facebook and my application.

So these are the steps:

user X authenticates to facebook and my facebook application using facebook-android-sdk. X sends a request to my server

As for the server, I would just like to know that this is the right user who works with me, I do not need a server to execute Graph API requests.

How can I find out that X is valid on my server? In this case, authentication was performed on the client side.

+23
source share
2 answers

So, you have: Facebook - an Android application - your web server. And your web server should know that you are the Facebook user that you represent. The problem is that you cannot trust the Android client for any data that it gives you.

I solved the problem as follows:

  • Authenticating a Facebook user from an Android application,
  • Get the FB auth token for an Android application,
  • facebook Android -,
  • - Facebook API .

Facebook API - , , Android, id ( , Android )

+53

( tomas.tunkl) :

( , , , :)

, , , . , API.

API, API :

GET /debug_token? input_token={input-token}& access_token={access-token}

input_token: ,

access_token: API JSON, . :

{ "data": { "app_id": 000000000000000, "application": "Social Cafe", "expires_at": 1352419328, "is_valid": true, "issued_at": 1347235328, "scopes": [ "email", "publish_actions" ], "user_id": 1207059 } }

, issu_at .

, facebook, ; .

+1

More articles:


All Articles