tungwaiyip.info

home

about me

links

Blog

< February 2011 >
SuMoTuWeThFrSa
   1 2 3 4 5
6 7 8 9101112
13141516171819
20212223242526
2728     

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Facebook OAuth Authentication Flow

I was trying to follow the Facebook OAuth documentation. I finally have it figured out. There are three parties and multiple steps involved. I have created a diagram to show the flow (the server-side flow).

Facebook OAuth Authentication Flow

This is a condensed version of Facebook's documentation of the steps required.

  1. Redirect the user to Facebook's OAuth Dialog /dialog/oauth?app_id.
    1. User authentication - If the user is not logged in, they are prompted to enter their credentials.
    2. App authorization - After the user is successfully authenticated, the OAuth Dialog will prompt the user to authorize the app.
  2. After the app is authorized, the OAuth Dialog will redirect (via HTTP 302) the user's browser to the URL you passed in the redirect_uri parameter with an authorization code.
  3. App authentication - In order to authenticate your app, you must pass the authorization code and your app secret to the Graph API token endpoint /oauth/access_token?app_id&secret&code. If your app is successfully authenticated and the authorization code from the user is valid, the authorization server will return the access token.

If you got a "Error validating verification code" in step 3, note that the redirect_uri should be the same as in step 1. See the issue on StackOverflow.

2011.02.19 [] - comments

 

 

blog comments powered by Disqus

Made with PyBlosxom