search

darwin-morocho / flutter-facebook-auth

A flutter plugin to add login with facebook in your flutter app
193 stars 127 forks source link

Client/server login split #331

Closed lukehutch closed 1 year ago

lukehutch commented 1 year ago

What version are you using?

5.0.8

What OS and version are you using to local deploy your application?

Android emulator on Linux

What platforms are you seeing the problem on?

Android

pubspec.yaml

N/A

Describe the Bug

The documentation for flutter_facebook_auth is entirely client-centric. I want to split Facebook login between client and server, so that the server can verify that the user has logged in with Facebook on the client, by the server fetching the user's account information using the Facebook access token.

How do I do this? If I transfer the access token from the client to the server, can the server log in by somehow initializing FacebookAuth.instance based on the the access token?

(I don't see a way to do this currently.)

Expected Behavior

There should be a way for the server to make authenticated calls for the user, after the server has been provided with the access token.

To Reproduce

--

Relevant log output

No response

flutter doctor -v

--

Info.plist (iOS)

No response

Podfile (iOS)

No response

AndroidManifest.xml

No response

MainActivity.java

No response

MainActivity.kt

No response

index.html

No response

Info.plist (macOS)

No response

darwin-morocho commented 1 year ago

@lukehutch by default this plugins provide us an access token then you can use that token to make request to the graph api in your server

lukehutch commented 1 year ago

OK. I'm going to try to implent that. However since this is such a common use case (using Facebook login to log in to an app server), it would be nice if this library had a simple function you could call on the server to do all this, given the access token provided by the client to the server, and an appid and app secret known to the server.

lukehutch commented 1 year ago

Here's some info on how to verify a user-provided access token on the server: https://medium.com/@byn9826/verify-facebook-login-by-python-e02ac1e23e37

However there's another server auth flow that is very important -- providing a long-lived token back to the user:

https://developers.facebook.com/docs/facebook-login/guides/access-tokens/get-long-lived/

Also, long-lived tokens expire after 60 days without being refreshed -- it would be nice if these could be refreshed automatically, the same way that googleapis_auth has an AutoRefreshingAuthClient.

It would be awesome if flutter-facebook-auth could provide some code to support both of these serverside flows, and token refresh.

darwin-morocho commented 1 year ago

Here's some info on how to verify a user-provided access token on the server: https://medium.com/@byn9826/verify-facebook-login-by-python-e02ac1e23e37

However there's another server auth flow that is very important -- providing a long-lived token back to the user:

https://developers.facebook.com/docs/facebook-login/guides/access-tokens/get-long-lived/

Also, long-lived tokens expire after 60 days without being refreshed -- it would be nice if these could be refreshed automatically, the same way that googleapis_auth has an AutoRefreshingAuthClient.

It would be awesome if flutter-facebook-auth could provide some code to support both of these serverside flows, and token refresh.

At the moment that is not posible due to the native facebook sdk doesn't provide that feature

darwin-morocho commented 1 year ago

I'm closing this because is not an issue or bug.