How does facebook identify the user who is making the requests in the oAuth flow
Question
I have something I want to understand regarding the oAuth flow in facebook.
I have a facebook application.
When I reach my application site directly ( not through facebook ) ie enter my application site URL in the address bar, I reach my application. Let's say: https://myApp.com/fbApp
On the server side there's the oAuth flow ( sending a request for the "code" parameter and then with the "code" parameter another request for the "user access token").
I wanted to know how does Facebook knows who is the user that is making the request for the "code" parameter. I noticed that when I'm loged-in to facebook and I'm going to my site directly (as described above) I'm getting the "user access token".
When the first request to facebook is made for the "code" parameter, is their anything else being transferred behind the scenes?
1 answers
solution1
0 2012-11-29 19:43:55
Yes, when the first redirect request to Facebook is made in order to obtain the code parameter, the URI that is used to forward you on to Facebook includes a client id (see https://github.com/jcleblanc/oauth/blob/master/oauth2-php-facebook/index.php line 7). This client id refers back to an application that the site developer has created at https://developers.facebook.com/apps for their site.
After the code parameter is obtained, the site makes an HTTP POST request back to Facebook to exchange the code for an access token. In this request the client id and client secret are both transferred (see https://github.com/jcleblanc/oauth/blob/master/oauth2-php-facebook/complete.php line 10). These two keys, the client id and client secret, are the keys that direct reference the application that was created.
I hope that helps, Jon
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.