Facebook Oauth Code Stream

https://developers.facebook.com/docs/facebook-login/security/

There is a video on this page that talks about security issues associated with logging into Facebook. After about 13 minutes, he talks about the oauth code stream. The idea is that if you only make requests from the server, you must generate code that can then be exchanged for an access token on the server.

To do this, you set the response_type parameter to the code in the request parameters.

My question is: how do you do this with the SDK? The video assumes that you need to set the “Client Identification” parameter to “false” in the settings:

I did this, but on the Chrome network tab, I can see that the SDK is still setting response_type to token. The result is this error:

What am I missing?

TL DR I want to use the Facebook login dialog to get an access code that I can exchange for an access token on the server.

+5

facebook oauth facebook-graph-api facebook-javascript-sdk

Joseph Fakelastname Feb 09 '17 at 20:54

No one has answered this question yet.

See related questions:

1571

How does Facebook disable developer tools?

852

What is the difference between OpenID and OAuth?

390

Design for Facebook authentication on an iOS app that also accesses a secure web service

210

OAuth 2.0: Benefits and Uses - Why?

151

What is the difference between OAuth authorization code and implicit workflows? When to use each?

61

Facebook OAuth 2.0 "code" and "token"

32

WebApi ASP.NET Identity Facebook Login

2

Android facebook login get code not access token

1

Facebook Recent logins disrupt OAuth flow

0

Does Facebook Oauth 2.0 Expire authorization code?

Source: https://habr.com/ru/post/1264038/

All Articles