Friday, 23 August 2013

How to authenticate Facebook User after receiving response.status === 'connected'?

How to authenticate Facebook User after receiving response.status ===
'connected'?

Perhaps I am going about this the wrong way but I have a website that
allows facebook login.
1) If the user has already registered on my website 2) and is logged into
facebook but not logged into my site 3) when visiting the login page i
check for their facebook login status and get response.status ===
'connected' via
FB.Event.subscribe('auth.authResponseChange', function (response) {
if (response.status === 'connected') {
var s = JSON.stringify(response.authResponse);
LogMeIn(s, function(response) {
HandleAjaxError(response, function(msg){
window.location = '/_/';
});
});
4) I then want to pass their authResponse object to the server and confirm
that this userid works with this token before I log them in as this user
I have read to simply grab the json contents of
https://graph.facebook.com/{userID}?access_token={accessToken}
and if it does not return an error then it is good! But when testing this
method I noticed that the same access_token worked for two different user
ids (meaning it did not return an error for the userid that was not logged
in on my computer). Instead it returned the facebook user object with name
, location etc.
This really surprised me, as I expected the access_token to work only with
a single user id.
In an effort to prevent someone from simply changing the user id before
continuing the script I need to authenticate via server side. What is a
way to accomplish this?
Proof, go to these links to see profile information
My profile
https://graph.facebook.com/1233822590?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Another userid with same access_token
https://graph.facebook.com/100000116781159?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)