facebook login to website with only javascript

Question

is that even possible?

What I'm currently doing is using this code wherein after line 37 I intend to setup a cookie of my own indicating who is logged in and then redirect the browser to another page. But I think that's not secure since user can look into javascript and mess with the cookie. But isn't that what fb js sdk must be doing behind the scene, setting some cookie?

How can I securely log in a user into my website(I will be maintaining a db table of fb ids)?

Answer 1

You no need to set separate cookie when you are using fb login as your authentication and data(fb uid).

But still am bit confused with what exactly u ve to do. As far as i understood, if login u want to redirect the user to some other page else show him login button

is it correct??

Then do this:

1) Have custom login button instead of FBML login button(make it invisible first).

2) in setup() method if the "response.status" is connected then redirect else show login button - onclick of button call FB.login() http://developers.facebook.com/docs/reference/javascript/FB.login/ this will do the login and authentication of ur site.

3) Subscribe to "auth.statusChange" instead "auth.login" http://developers.facebook.com/docs/reference/javascript/FB.Event.subscribe/ so when the user status changes, it will invoke your setup() method

This should solve your problem.

Cheers