Facebook API Question posted in
The official documentation for the Facebook APIs can be found here.

How does a mobile app authenticate with a backend API if the user signs in through social logins?

I’m trying to understand the basic organizations and login flow between social logins on a mobile app and how that app requests resources from a backend flask api.

If the user logins into the app through Facebook, how does the backend api provide resources based on that login? Because it seems the backend doesn’t know the user has logged in with Facebook.

Does facebook need to send a token to the app that the backend api then validates with facebook?

Tags:

2

Answers


  1. 0

    I suggest you to first read about single sign-on mechanisms:

    https://en.wikipedia.org/wiki/Single_sign-on

    Then you can read about OAuth2 which is used by Facebook for SSO from here

    https://oauth.net/2/

    https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

    Simply you are correct, when user signs-in on Facebook, the backend will get token from Facebook that is used for authentication/ authorization of that user.

    Login or Signup to reply.
  2. 0

    This is happening when a Facebook/Google log in is clicked on an XYZ website.

    1. XYZ website redirects to Facebook login page together with an XYZclientID(XYZ should be already registered under Facebook as a developer)
    2. Facebook identifies that XYZ(using XYZclientID) wants to authenticate ABC person
    3. ABC person log in to facebook.
    4. Facebook issues an authorisation code(for ABC+XYX combination) and redirects back to XYZ website.
    5. XYZ uses this authorisation code + XYZclientID + XYZclientSecret to get a bearer token
    6. Facebook validates the secret and issues a bearer token(linked to ABC person)
    7. XYZ uses this bearer token to retrieve details of ABC person. (It cannot be used to retrieve data of DEG person)
    8. Facebook give the email & other personal details of ABC to XYZ and XYZ shows that ABC is logged in.

    More elaborated here : https://www.scienceabc.com/innovation/oauth-how-does-login-with-facebook-google-work.html

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search