The web application that I am developing now requires users to be able to log in via Facebook OAauth. However, the problem is that all these users are behind a firewall that blocks access to facebook.com (company policy). We looked at several solutions to get around this, for example:
- Putting a proxy server (squid) between Facebook and users. This may solve the problem, as squid supports fine-grained regular expression ACLs. However, most of the Facebook OAuth strategy runs on www.facebook.com, and checking PATH_INFO for whitelisting certain paths is not possible if users use HTTPS (which is mandatory).
- Adding a proxy-like site to the DMZ firewall, which simply passes and modifies the urls / Facebook request. Obviously, this is not so, because basically it means that users leave their credentials on our server, which contradicts the terms of Facebook.
- Loosen the firewall a bit to just include the IP addresses needed for OAuth authentication, but as far as we can see if there is a dedicated IP or subdomain for authentication only (it would be nice if graph.facebook.com would provide something like that).
Any ideas for alternative solutions? Is this even possible?
ssl facebook proxy facebook-oauth oauth
sborsje
source share