I’m implementing Facebook logins on an iOS app with a .net core web api backend.
- I created the app in Facebook with a client id and secret.
- I added iOS and web pages to my app
- The iOS app successfully connects and aquires a token
- I added the app.UseFacebook code to my startup.cs and configured it with the app id etc.
- I added the authorize attribute to an action I’m restricting access to
- I call this web api action from iOS with an https get, and add an http header Authorization Bearer (token I acquired from Facebook)
The get returns status code 401 as if my token was invalid. I’m wondering if iOS tokens can be used with a web page app as well? I have those 2 configured for my Facebook app.
2
Answers
I'm not sure if this was the right way to do it, but my implementation is working.
The workflow is,
I check the Facebook access token is valid by calling https://graph.facebook.com -- refer to: Task VerifyAccessToken(string email, string accessToken)
AccountController.cs
call facebook graph service to verify the access token is valid
Create a jwt bearer token for your middleware, the iOS app will use the jwt bearer token for calling your .NET apis (it won't use the facebook access_token)
Create a user if it doesnt exist
Classes for de-serialising the response from the facebook graph REST service
ASP.NET Security repo contains different auth middlewares, where you can find how to check and verify jwt tokens and create identity with claims. Look into FacebookHandler.cs if you need Facebook JWT toen validation