https://stackoverflow.com/questions/21457333
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianAs per my comment above, you can do this by forwarding the authResponse.signedRequest parameter to the server and decode/check it on the server without having to send a server side request to Facebook's server.
Validating Facebook login on the server
Question
A web application supports log in via Facebook using the JavaScript SDK.
The Facebook authentication happens client side. Once successful, FB.getLoginStatus() is called and the authentication token and userID are sent to the server.
The web application stores the Facebook userID in its database.
How does the server know that the user has logged in successfully and that the authentication token and userID have not been faked client side? Is there a way of doing this validation server-side without sending a request to Facebook's server?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
