Login without using the FB.login()
Question
I wondered if there was a way to login to Facebook via the oAuth (get-request) instead of using the FB.login().
The reason I would complicate the login is because of the FB.logout() problem. It is too cocky to logout someone from Facebook, just because they want to logout from my site. On the other hand, deleting the user from my application*, will prompt them to accept my terms everytime, which also doesn't seem to be very pro.
What I was imaging was:
- I get the information needed from the GET-call
- I store the session-cookies
- I delete them if the user wants to logout
Once I retrieve the userid + access_token, I can get all the other information by simply making the JSON calls (no?).
It also bugs me in general that facebook stores so many cookies (what are they doing?)..
I tried to search this, but no luck this far.
*as proposed in this topic by DMCS: Can't Logout of my Facebook OAuth Session without logging User Out of Facebook
1 answers
solution1
0 2012-11-09 05:41:51
You can use the server side flows which, but you will have to adhere to the same policy.
Either way, it sounds like you are using FB's session data to control the auth state, something which is a very bad idea - you should only use the data provided by Facebook as an initial claim, which you then convert into a local claim with corresponding auth tokens/session cookies etc.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.