Databases
StackOverflow2013
Postsdbo
POFacebook Authentication Workflow - Which one do i choose?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POFacebook Authentication Workflow - Which one do i choose?
    text
    copied!<p>Our company plans an app for Android and iOS with a server backend. Besides our own registration and login mechanism we want to implement the Facebook login to simplify the registration process. Our current approach looks as follows:</p> <ul> <li>We use the native Facebook app framework for each os to perform the authentication over Facebook.</li> <li>We deliver the resulting access-token to our server.</li> <li><p>Our server verifies the underlying app id with this request</p> <p><a href="https://graph.facebook.com/app/?access_token=user_access_token" rel="nofollow">https://graph.facebook.com/app/?access_token=user_access_token</a></p> <p>and checks, if the user has a valid session:</p> <p><a href="https://graph.facebook.com/me/?access_token=user_access_token" rel="nofollow">https://graph.facebook.com/me/?access_token=user_access_token</a></p></li> <li>After these steps, we either create a new account and/or approve a new session.</li> </ul> <p>This procedure worked just fine for a few days until Facebook stopped answering our server's requests. It seems, that our ip got blacklisted. I guess it's just not as designed to directly transmit the confidential access token. The absence of the app secret in our approach might indicate, that this is the wrong direction. So my final question is: What did we do wrong and how can we fix this? Thanks in advance!</p> <p><strong>Update</strong></p> <p>The "Sandbox Mode" is disabled and we didn't specify an "iPhone App Store ID". It's zero, because our app is still in development. Could this cause some problems?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload