Download presentation
Presentation is loading. Please wait.
Published byRoss Morris Modified over 10 years ago
1
Authentication Simon Cross Partner Engineer facebook.com/sicross An Overview
2
Facebook Platform Graph API User, App, Page, Credits, Places, Ads Standards HTTP, HTML5, JSON, OAuth, Open Graph WebsitesMobile Apps on Facebook Social PluginsDialogs
3
Permissions Auth Dialogs Server-side Auth Client-side Auth SDKs Mobile SSO “It’s All About The Access Token”
4
ID Name Friends Picture Gender Username Locale Permissions Default, Basic User data
5
{ data: [ ] } Permissions Without Permissions, if you query the API for anything more than the basic user data, you’ll get:
6
Permissions Ask for the permissions you NEED - but not more ~60 Permissions user_likes user_birthday user_events user_photos user_checkins email... friends_likes friends_birthday friends_events friends_photos friends_checkins... publish_stream publish_checkins create_event manage_pages offline_access... Full list at developers.facebook.com/docs/authentication/permissions
7
Permissions The more permissions you request, the lower your conversion ratio ~3% reduction in conversion for each additional permission But some permissions have a bigger effect than others: email, user_birthday, stream_publish, offline_access etc Ask for only the permissions you actually need You can always ask for more later Tips
8
Server Side Auth Flow User’s Browser Your AppFacebook GET Your app’s frontpage Redirect GET OAuth Dialog User’s Browser Your AppFacebook 302 Redirect GET Your app’s callback URL GET /oauth/authorize Access Token GET /me?access_token=... API Response Render user data in page
9
Server Side Auth Flow GET https://www.facebook.com/dialogs/oauth? client_id=YOUR_APP_ID& redirect_url=http://yourapp.com/callback& display=page|popup& scope=perm_one,perm_twohttp://yourapp.com display=popupdisplay=page
10
Client Side Auth Flow User’s Browser Your AppFacebook GET Your app’s frontpage GET OAuth Dialog User’s Browser Your AppFacebook 302 Redirect including Access Token in URL fragment GET /me?access_token API Response, render user data in page GET /me?access_token=... API Response Render user data in page User clicks a call-to-action to login GET /ajax_api.php?access_token=...
11
Client Side Auth Flow GET https://www.facebook.com/dialogs/oauth? client_id=YOUR_APP_ID& redirect_url=http://yourapp.com/callback& display=page|popup& response_type=token& scope=perm_one,perm_twohttp://yourapp.com/callback& http://yourapp.com/callback#access_token=166942940015970%7C2.sa0&expires_in=64090 Response is a 302 redirect to:
12
Javascript SDK
13
Mobile SDKs
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.