tags:

views:

490

answers:

1
+2  Q: 

Authentication without a username and a password

Hi,

I'm working on an AIR application that connects to facebook. After the user connects to his facebook account he should be able to do stuff to the account linked to the facebook account he's logged into.

Typically, you'd have a login() function that accepts a username and a password, authenticates them and sets a cookie. In my case, all I have after the user logs in to facebook is his facebook user ID, how can I authenticate users based on that?

Thanks,

+4  A: 

You're not really doing the authentication any more if your having the user log in via their Facebook account, now Facebook is handling the authentication and you just have to link it to the account that Facebook gives you. That is the whole point as far as I can see.

edit:

Yes, but say i use a function like login(FBuid), how does the backend check that the user is actually logged in with FB and is actually authenticated?

If you have it set up correctly, the API will connect to Facebook and then their scripts will check if that user is already signed in (ie. they have an active session, which is confirmed by a valid facebook session cookie). If they don't have an active session then it will ask them to log into their account and return you the Facebook user Id. If they do have an active session they will just return the Facebook user id to you without asking the user for anything. The Facebook user Id that you receive back is your confirmation that they have been authenticated.

Gerry  2009-06-07 09:42:32
Yes, but say i use a function like login(FBuid), how does the backend check that the user is actually logged in with FB and is actually authenticated?
Leo Jweda  2009-06-07 09:53:29
Please see my edit for my response
Gerry  2009-06-07 10:12:57
Gerry: Thanks for following up on the question.Connecting to Facebook isn't the problem, the problem is later with MY server.When the application sends a request to MY server, how will the server know that he's actually logged in? I need to tell my server that that user has connected to Facebook and can use the account linked with his Facebook account. That's where I'm having a problem.
Leo Jweda  2009-06-07 11:14:05
Is your server supposed to act "on behalf" of the user at facebook?
VolkerK  2009-06-07 11:29:16
Oh I think I see what you are saying... you are connecting straight to FB via your Air app and not using your server for the transaction.I don't think you want to do it that way as your server needs to trust the source of the data. It can trust FB to return the correct ID, but it can't trust the user. I believe the way you should do it is by having the Air app only connect to your server and have your server connect straight to FB and connect your account to the associated FB account. Then it returns a session id to your Air app.
Gerry  2009-06-07 12:33:55
Actually my server does nothing right now other than keeping track of the accounts linked to each user and who's a friend of whom.. That's pretty much all there is to the application, really! All the communication is done from the AIR application (with FB and other websites).I think I get your idea, I'm just not sure.. Can you explain just a little bit? Thanks again :)
Leo Jweda  2009-06-07 13:43:08
Your air app connects to a script on your server. The script invokes a login request on FB and FB returns the user's ID. The script creates a session to keep track of the login and returns the session cookie and any other details you need back to your app. For every future request that your app makes to the server it must pass the session ID cookie so that the server knows which session to load. Here is the link to sessions in the PHP manual in case you haven't read through it yet: http://php.net/manual/en/book.session.php
Gerry  2009-06-07 17:52:27

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases