1

I've been reading and re-reading lots of information but I'm still a bit unclear what is required for using Facebook Login in my app to access a non-Facebook related web service. Lots of info and unclear what is still valid today and what not. I need some help.

I'm building a web service on GAE and I have an app iOS and later an Android app as well. I would like to let users log in with their Facebook account to then use my web service (on GAE) through their phone app. My web service and the app does not do anything related to Facebook after that - only piggy-backing on the login to not have to sign up a new account for my service.

Do I need a Facebook app for this at all? Please explain a bit why or why not so I understand how it fits together.

Many thanks!

murrekatt
  • 5,961
  • 5
  • 39
  • 63

3 Answers3

2

You can use the Google Identity Toolkit which offers federated login including Facebook for websites, as well as for iOS and Android apps.

You just need to register with Facebook as a Facebook developer, create an app in their developer console (which means just registering one, not actually writing a Facebook-specific one) to obtain and cross-register the necessary credentials:

Dan Cornilescu
  • 39,470
  • 12
  • 57
  • 97
  • This is something I have missed. Thanks for the links. I do not have any website, only iOS and Android apps that need to have signed in users in order to use my web service API that runs on GAE. – murrekatt Aug 25 '15 at 18:48
  • Are you meaning GIT only works for a website login with Facebook, not an app that logs in with Facebook to use my web service? – murrekatt Aug 25 '15 at 18:59
  • Sorry, I assumed the GAE app is a website. I'll update the answer. – Dan Cornilescu Aug 25 '15 at 19:00
  • So the GAE app is just a web service REST API with no web pages. – murrekatt Aug 25 '15 at 19:03
  • The backend may still need GIT integration if you need user validation. If so you'd probably be using the website recipe. – Dan Cornilescu Aug 25 '15 at 19:10
  • With Google Identity Toolkit, your iOS/Android app will get a Identity Toolkit ID Token (https://developers.google.com/identity/toolkit/web/required-endpoints#decoding_the_identity_toolkit_id_token) once the user signs in with Facebook. As Dan said, your mobile app then sends the ID Token to your web service API on AppEngine, and your API only needs to locally validate the signature of the ID Token using Identity Toolkit Java/Python/Php/Go/Ruby/Nodejs libraries. – Jin Liu Aug 25 '15 at 22:02
  • @JinLiu thanks. Could you also elaborate a bit on "locally validate the signature..."? How is this done? – murrekatt Aug 26 '15 at 05:47
  • The Google Identity Toolkit ID Token is signed by the RSA-SHA256 algorithm, therefore your server can calculate the token signature using the cached public key without making any outgoing RPCs. For security reasons, Google Identity Toolkit generates a new public/private key pair and discard the old ones every several days. Your server only needs to download the new key when the old key expires, whose frequency is almost negligible comparing to verify every incoming request. See https://github.com/google/identity-toolkit-java-client for a Java implementation example. – Jin Liu Aug 27 '15 at 01:44
1

If you want facebook login in your app, then you must have to create a facebook app at https://developers.facebook.com/apps/. Use the users' facebook id, so that it will be convenient to you to keep the track of the user.

Rajat
  • 10,977
  • 3
  • 38
  • 55
  • Yes, so I have seen that...so in the case of a backend on GAE, an iOS app as well as an Android app, how many Facebook apps does one need to create? – murrekatt Aug 25 '15 at 18:06
  • Just a single one for both iOS and android. – Rajat Aug 25 '15 at 18:07
  • What about the backend on GAE? – murrekatt Aug 25 '15 at 18:21
  • As you have told in your question, you don't need any facebook information of the user, then just keep the facebbok id in your database. – Rajat Aug 25 '15 at 18:24
  • So what's the flow? App talks to Facebook and gets authenticated, then app talks to my backend passing something from Facebook. How can my backend know this is valid? Sounds like it would need to also communicate with Facebook? – murrekatt Aug 25 '15 at 18:42
  • After the user authenticated from the facebook then only you will get the information from the facebook, if the user is not authenticated from facebook then the delegate methods of facebook framework will acknowledge you. – Rajat Aug 25 '15 at 18:48
1

According to the documentation you should create an app on Facebook , in order to get users to login via Facebook from your IOS app you should have an app on Facebook so the user could give permissions to , and later on if the user wants to delete the app (EX the user does not want the app to fetch his info anymore ) he can go to his Facebook account and delete the app from his apps

Abd Al-rhman Taher Badary
  • 725
  • 6
  • 16
  • And if I also have an Android app? And will the backend also need that as it probably need to call some Facebook API in order to validate the user somehow? – murrekatt Aug 25 '15 at 18:08