How to securely login to my android app using facebook id?

Question

How to securely login to my android app using facebook id?

I use Facebook authentication for my Android app.

I authenticate the user in my application using the facebook id [via HTTP Post to Web API with facebook-id]. Therefore, if someone finds out the facebook id of any user in my application, he can easily send the URL that gave them access to the application.

Is there any recommended way to do this?

+6

android security facebook facebook-android-sdk

Eldhose john Jul 10 '12 at 14:20

source share

2 answers

Oungureanu liviu · Answer 1 · 2012-07-10T14:35:53+0000

After you have made a login to login, facebook will provide you with an authtoken that is unique, but it will expire someday. Based on this token, create a temporary "session_key" (it can be md5 (facebook_token + user_id), save this session_key in db and send it back to your application.

With each application request to your server, you must send this session_key and username. On the server side, you should check if session_key is in your database and if it is assigned "user_id".

If everything is in order, you can continue the action, otherwise return an error message.

When the user logs out, delete this session_key (it will be restored when he logs in using facebook).

Hope this helps.

Eldhose john · Answer 2 · 2012-07-18T13:16:51+0000

When a user logs in to Facebook, he gives you an authentication token and facebook id. Check on your application server whether the token belongs to the user [via https://graph.facebook.com/me?accesstoken=]. Give him access, if valid.

How to securely login to my android app using facebook id?

More articles: