StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPerforming authorized (through facebook) REST requests to my node.js server on a PhoneGap app
primarykey
Id
7695715
data
AcceptedAnswerId
7697608
AnswerCount
2
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2011-10-08T08:40:59.777
FavoriteCount
4
LastActivityDate
2011-10-08T16:15:24.007
LastEditDate
2011-10-08T11:31:05.640
LastEditorUserId
45974
OwnerUserId
45974
ParentId
0
PostTypeId
1
Score
5
ViewCount
1874
LastEditorDisplayName
text
Body
Since this issue is about three technologies I'd like to quickly introduce each of them: <ul> <li>node.js: javascript on the server side (consider it my webserver)</li> <li>PhoneGap: framework that allows me to write Android applications in HTML/Javascript/CSS.</li> <li>facebook authentication: using <a href="https://github.com/bnoguchi/everyauth" rel="noreferrer">everyauth</a> to let my users login with their facebook account</li> </ul> The objective: I need my PhoneGap application to communicate with my server using a REST based protocol. Many of these requests may only be made when the user has logged in to my server, using their Facebook account. Thus, the user needs to login and then go to the logged in state of the PhoneGap application. The issue: When I setup everyauth for facebook I basically have an URL, like domain.com/auth/facebook which will redirect to Facebook's login "popup". When the user then accepts the login, the server will know, and so far everything is good. The problem is that <ol> <li>the user now has to be redirected to some external URL, while he should simply get back to the PhoneGap application (in a logged-in state)</li> <li>The PhoneGap app does not retrieve the authentication token, or whether authentication was successful or not, because the login process is done in the external URL domain.com/auth/facebook while the PhoneGap application's HTML is stored on and run from the phone itself</li> </ol> Cause of the issue: the reason this issue appears while it does not for a normal web application, is that the PhoneGap application's HTML files are stored and run from the phone itself while authentication goes through domain.com/auth/facebook, which is considered to be a different domain. Suggested approach #1: a PhoneGap user has recommended me to use this <a href="https://github.com/davejohnson/phonegap-plugin-facebook-connect" rel="noreferrer">Android-Facebook plugin for PhoneGap</a>. The issue here is that the server does not act as an authentication middle-man. Thus, the user would have to inform the server of their authentication token instead of the normal approach where the server informs the user of a successful authentication procedure and the corresponding tokens. This seems like a severe vulnerability. How should I tackle this issue?
Tags
<android><facebook><authentication><node.js><cordova>
Title
Performing authorized (through facebook) REST requests to my node.js server on a PhoneGap app
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USTom
UserOwnerUserId
1. USTom
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POPerforming authorized (through facebook) REST requests to my node.js server on a PhoneGap app
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POPerforming authorized (through facebook) REST requests to my node.js server on a PhoneGap app
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POPerforming authorized (through facebook) REST requests to my node.js server on a PhoneGap app
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.