skip to Main Content

I’m developing an app with Ionic 3 and Angular 4, and also implementing Login With Facebook button (and logic).
I don’t understand how to secure this process.
The API returns the user’s email + id and then I need to send them to my server to register / log in the user.
But how can I be sure that nobody “fake” the ajax call with those user email & id? And skip the whole Facebook Button process?
I don’t get it at all – no matter what the API returns – I need to send it to the server via AJAX, and anyone can fake this process and send specific parameters with AJAX.

2

Answers


  1. A good way is to send the Access Token to the server and make the API call to the Facebook API there. You can/should activate “Require App Secret” in the App settings:

    Only allow calls from a server and require app secret or app secret
    proof for all API calls.

    Login or Signup to reply.
  2. The answer is – backend!
    You should always verify the token in the server side to prevent "hacks" like you said

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search