OAuth 2.0 framework- Facebook App
This post will help you to get an understanding about OAuth framework and how you can use Facebook API from a third party App.
OAuth (Open Standard Authorization) is a token based method of authenticating access to the API that enables applications to obtain access to user accounts. It allows third party Apps to access protected resources by giving an access token on behalf of the user. Popular social websites like Facebook, Twitter and Google also uses OAuth2 protocol for authentications and authorizations.
There are several ways to get the access token by the client
- Authorization Code Grant Type
- Implicit Grant Type
- Client Credentials Grant Type
- Password Grant Type
- Refresh Token Grant Type
How it works
Assume that you have already logged in to a facebook account. Another third party application needs your facebook profile details. That means facebook should give third party application certain permission to access facebook details. OAuth provides an solution to this by providing an access token to the third party application by allowing the application to access facebook profile data.But sensitive information like passwords remain entirely closed to that third party application.
Let’s see how we can implement this,
1.In order to proceed, first you need to create an app on facebook developers site. https://developers.facebook.com/
Go to My Apps can create a new app.You can give any name.
After creating the app you will redirect to a page like this. And the
APP ID:657880047941799.
After the creation of App, need to associate it with the facebook login. Then under Settings Facebook Login you have to provide the Valid OAuth Redirect URIs in order to get all facebook responces.
In Settings Basic tab you can see App ID and App Secret
In order to access user resources from facebook we need App ID,App Secret,and Redirection end point URL.
2.First need to obtain authorization code from facebook. For that we need to send a request to the authorization endpoint of the server.
These are the values,
response_type- Code
client_id-657880047941799
redirect Url-http://localhost/Facebook
Scope- public_profile user_posts user_friends user_photos
Can combine these and make the encoded Url as https://www.facebook.com/dialog/oauth?response_type=code&client_id=657880047941799&redirect_uri=http%3A%2F%2Flocalhost%2FFacebook&scope=public_profile%20user_posts%20user_friends%20user_photos
Once you login it will show the user consent page.
3.After that need to send these parameters get the access token to the token endpoint of the server.
grant_type- Authorization_code
client_id-657880047941799
redirect_uri-http://localhost/Facebook
code-AWV1rq4xatyaqrPHiUiWMzxna7i2_Z0wFGGqZVhDhmY0Q1yLB8I_Q1muQw8luCm08dRt-ssYoaWWwwyEKXUMLebziVE6IRGP8szjzV7lqGTPilOcq0bsy3tU_SSpWsOQavxDHfV4ahjiR1i8zjvcJHoHpgh5UCZuGnqxkOPu9WYbguI0IeNZzj7SvmYKm9T1Wzu9lyQrsGAGu2LMUgIkr_A8V2_s9q_lPGLU67OKGw5XqAuURP6tqBCjHnoGoe-Kui0fu3TxuP9JZGzjZFAMmUKd-eAEcgDe_xiOPItCBzu9amjTLfR9rsI946TXxrK8fMl1xLDPcpOxW3qpoDI8QzSyD#_=_
In the HTTP Headers, need to add the Authorization header with the App credentials.
App ID = 657880047941799
App Secret- 183f1d3dfd33fae8d7d33bd354e86746
App ID:App Secret-657880047941799:183f1d3dfd33fae8d7d33bd354e86746
Base64Encode-NjU3ODgwMDQ3OTQxNzk5OjE4M2YxZDNkZmQzM2ZhZThkN2QzM2JkMzU0ZTg2NzQ2
After that in the response can get the access token.
4. Finally can access user resources from facebook resource server by providing the access token
You can implement the client application.
And this is the application main page where user directs to