Authenticate user from mobile app
https://stackoverflow.com/questions/12889915
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have mobile online game and my server need user_id for the player. But facebook only gives me access_token to request data from user account and doesn't provide signed user_id. It's important to have SIGNED user_id so no other user can pretend to be another just by replacing user_id in request to my server. Siging on client is no secure because anyone who cares can find secret key in client binary.
So now I will have to create intermediate step in authentication process - request to my server with access_token, which in turn request facebook for user info (which is sloooow and depends on my server geoposition (constant), not clients), create signature with MY_SERVER_PRIVATE_KEY + user_id, and send it back to client. This not a big problem, but create latency during authentication.
Do I miss something? Is there no way to receive user_id from facebook signed with my application secret key?
Solution
You cant get the signed user id ,unless the user has connected to your app first. So you have to either use client-side or the server-side Auth flow in your app.
