All geek questions in one place

Facebook oAuth needs a secret key?

Facebook oAuth requires your secret key? I thought you shouldn't have shared this. Am I using the wrong secret key?

+4
source share
4 answers

Your secret key is a shared secret between you and Facebook. Thus, you can send it over secure channels (for example, SSL).

+1
source

Do you say when your program asks for an access token? If so, you need to provide the secret that you are going to use so that it can be known by Facebook and is associated with the access token that they give you. Once you have the access token, you no longer have to post your secret to Facebook ... just use it to hash your API requests.

0
source

The api keys are in php and you should not print them anywhere. Just use them to initialize your php facebook api. Here is a tutorial that I wrote for writing Facebook apps.

http://www.dreamincode.net/forums/topic/153919-facebook-php-api-and-xfbml-on-iframe/

0
source

Answer: it depends. I understand that you are asking about client_secret or app_secret.

If you are connecting on the server side to Facebook, you are using client_secret. This is the oauth protocol authorization permission type.

If you use a client-side connection to Facebook, you do not want to enable client_secret, since your code can be decompiled, and others can access it and start interacting with facebook using your credentials. In this case, you are using the implicit grant type of the oauth protocol. Facebook does not require client secrecy in this instance, and in fact, in its security page checklist it says that you never include the client secret: https://developers.facebook.com/docs/facebook-login/security#checklist

The best (opinion), crazy for the conceptual perspective (and not nitty gritty code) that I found here: https://stormpath.com/blog/what-the-heck-is-oauth (I have no connection, as on this page).

Hope this helps, D

0
source

Source: https://habr.com/ru/post/1312573/

More articles:


All Articles