views:

111

answers:

2

Hi guys,

I am integrating Facebook and twitter authentication to my new website.

When the user use either facebook or twitter to authenticate, I get the AccessToken and store it in DB and link it to the UserID of the logging in user ( the user should link his facebook or twitter account to his existing or new account on my site)

now the next time, he authenticate, I get the AccessToken, check in the DB if this accesstoken is linked to any user, if so I directly log him in.

Now in twitter, I always get the same accesstoken, but in facebook ( called SessionKey) it is not fixed but it contains the UserID.

The question is how can I link a user facebook account to an account on my site ? should I use his facebook ID and link it to my site UserID ?

Thanks.

A: 

You have to request the offline_access extended permission during the authorization process.

For example:

https://graph.facebook.com/oauth/authorize?client_id=&lt;CLIENT ID>&redirect_uri=<YOUR CALL BACK URL>&scope=user_photos,user_videos,publish_stream,read_stream,offline_access

http://developers.facebook.com/docs/authentication/#exchange_session

Once the user authorizes your app you'll be given the user's non-expiring access_token which can then be stored and reused.

Assuming you're using PHP, making API calls with the php-sdk and access_token would look something like;

$uid = $myDB_StoredUserID;
$access_token = $myDB_StoredToken;
$facebook->api($uid.'/feed', 'get', array('access_token' => $access_token));
Jamie
A: 

You should use Facebook user id. It is unique for each user and never changes. Same thing for twitter. You can hold onto access token if you need access to twitter api, but use twitter user id to link to your site's account. Access tokens can change, even if you get access token with offline_access permissions it can be revoked by the user.

Denis

related questions