Upload
ross-morris
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Authentication
Simon CrossPartner Engineer
facebook.com/sicross
An Overview
Facebook Platform
Graph API User, App, Page, Credits, Places, Ads
StandardsHTTP, HTML5, JSON, OAuth, Open Graph
Websites Mobile Apps on Faceboo
kSocial Plugins Dialogs
•Permissions
•Auth Dialogs
•Server-side Auth
•Client-side Auth
•SDKs
•Mobile SSO
“It’s All About The Access Token”
IDName
FriendsPictureGender
Username
Locale
Permissions
Default, BasicUser data
{ data: [ ]}
PermissionsWithout Permissions, if you query the API for anything more than the basic user data, you’ll get:
PermissionsAsk for the permissions you NEED - but not more
~60Permissions
user_likesuser_birthdayuser_eventsuser_photosuser_checkinsemail...
friends_likesfriends_birthdayfriends_eventsfriends_photosfriends_checkins...
publish_streampublish_checkinscreate_eventmanage_pagesoffline_access...
Full list at developers.facebook.com/docs/authentication/permissions
Permissions
•The more permissions you request,the lower your conversion ratio ~3% reduction in conversion for each additional permission
•But some permissions have a bigger effect than others: email, user_birthday, stream_publish, offline_access etc
•Ask for only the permissions you actually need
•You can always ask for more later
Tips
Server Side Auth Flow
User’s Browser
Your App Facebook
GET Your app’s frontpageRedirect
GET OAuth Dialog
User’s Browser Your App Facebook
302 Redirect
GET Your app’s callback URLGET /oauth/authorize
Access Token
GET /me?access_token=...
API ResponseRender user data in page
Server Side Auth FlowGET https://www.facebook.com/dialogs/oauth? client_id=YOUR_APP_ID& redirect_url=http://yourapp.com/callback& display=page|popup& scope=perm_one,perm_twodisplay=popup display=pag
e
Client Side Auth Flow
User’s Browser
Your App Facebook
GET Your app’s frontpage
GET OAuth Dialog
User’s Browser Your App Facebook
302 Redirect including Access Token in URL fragment
GET /me?access_tokenAPI Response, render user data in page
GET /me?access_token=...
API ResponseRender user data in page
User clicks a call-to-action to login
GET /ajax_api.php?access_token=...
Client Side Auth FlowGET https://www.facebook.com/dialogs/oauth? client_id=YOUR_APP_ID& redirect_url=http://yourapp.com/callback& display=page|popup& response_type=token& scope=perm_one,perm_two
http://yourapp.com/callback#access_token=166942940015970%7C2.sa0&expires_in=64090
Response is a 302 redirect to:
Javascript SDK
Mobile SDKs