Geek Answers Handbook

Android Facebook and web server

I am developing an Android application as well as a website (which also has an Android client connection). I want to use the FB login, but the problem I see is this:

Client, use the FB login and then get access_token.

Both the client and the web server communicate using this access_code, since the web server needs to know which account the client belongs to. I also want to embed the FB login on the website.

One of the ways I was thinking about was this:

Login: 1) Log in to FB and get access_token. 2) Use access_token to get user information. 3) Provide access_token and user information on the web server. 4) The web server also performs the same FB operation with access_token and receives user information. 5) Confirm the correspondence of the user information and determine it. 6) Create another access_token between the client and the web server for this link.

It even makes it more valid, or maybe just logs in and gets the user's email address as the actual account and tells the web server that it is an account to use.

Or did someone do it differently?

+6
android login web-services facebook
source share
1 answer

For communication between your client / server, you must use your own client identifier.
Do not relay to access_token facebook gives you because it has changed in several scenarios.
Receiving email is also not a complete solution, because users may choose not to provide their email to you.

In general, you need to implement Facebook Connect on both sides.

1. Connect to facebook
2. Get permissions from the user (read about permissions here: http://developers.facebook.com/docs/reference/api/permissions/ )
3. Register him as your user and give him an identifier (you can use facebook uid if you want).

When the user returns to your site / application, you need to log in again, get his uid and request your server for information about the user.

One thing about access_token, you need it to request facebook api. you can get it from facebook every time the user accesses your website / mobile phone using facebook, or you can ask the user for permission for offline_access and then you will have the same access_token until the user changes his facebook password and etc. (more about this on the documents).
This method allows you to request a facebook api, although the user is not currently registered on your site.

+1
source share

More articles:


All Articles