alichtman
commented
6 years ago Also promising: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
Invoking the Login Dialog and Setting the Redirect URL
Must initiate a redirect to an endpoint which will display the login dialog:
https://www.facebook.com/v2.12/dialog/oauth?
client_id={app-id}
&redirect_uri={redirect-uri}
&state={state-param}This endpoint has required parameters:
- client_id. The ID of your app, found in your app's dashboard.
- redirect_uri. The URL that you want to redirect the person logging in back to. This URL will capture the response from the Login Dialog. If you are using this in a webview within a desktop app, this must be set to https://www.facebook.com/connect/login_success.html. You can confirm that this URL is set for your app in the App Dashboard. Under Products in the App Dashboard's left side navigation menu, click Facebook Login, then click Settings. Verify the Valid OAuth redirect URIs in the Client OAuth Settings section.
- state. A string value created by your app to maintain state between the request and callback. This parameter should be used for preventing Cross-site Request Forgery and will be passed back to you, unchanged, in your redirect URI.
If your login request looks like:
https://www.facebook.com/v2.12/dialog/oauth?
client_id={app-id}
&redirect_uri={"https://www.domain.com/login"}
&state={"{st=state123abc,ds=123456789}"}then your redirect URI would be called with:
https://www.domain.com/login?state="{st=state123abc,ds=123456789}"
shobrook
No point in designing a secure registration system only to switch to FB auth later.
^^ This looks promising, maybe. @shobrook, read step 3 and lmk if this is applicable. I understand Step 1, but I don't know where the rest of the code goes.
~This is used to get Oauth2 keys. Need to add "identity" permission in
manifest.json~~We could do Google Auth pretty easily, but it makes a ton more sense to do FB auth. It's a pain, but...~