Explain how FB connect authentication works
I am working on a site that will allow users to create an account. Then website developers will be able to integrate that authentication system into their site and allow users to login with my sites login credentials. I am wanting to do it similar to the way facebook connect works so that the users site does not nee开发者_运维技巧d to redirect to my site to login then we do a callback back to the page they came from.
I know facebook uses cookies but I am not sure how they are checking to see if they are logged in.
Things I have noticed:
- If logged into facebook.com then you navigate to userssite.com that has Facebook Connect it will show you as logged in.
- If you log out of userssite.com it will also log you out of facebook.
- If you are logged out of facebook.com and login to userssite1.com then navigate to userssite2.com it will have you logged into that site as well.
Because of this, it looks like they are using cross domain cookies or something but I am not sure how to do this.
Can someone with knowledge of how Facebook Connect works exactly, explain how I can achieve this functionality in my own system?
Facebook is moving largely to a OAuth 2.0 based solution. Our authentication guide and the official OAuth 2.0 draft spec are good places to start.
Facebook Connect requires that you create a new facebook application to log in users and authenticate them, so you are not really "away from facebook". When you add the facebook init code:
FB.init({ appId: AppID, status: true, cookie: true, xfbml: true });
and the facebook connect code:
<!-- Facebook required -->
<div id="fb-root"></div>
<!-- Facebook connect required -->
<script src="http://connect.facebook.net/en_US/all.js"></script>
You link your application to facebook. If something in your facebook application is incorrect (application id, site URL or Canvas URL in your facebook app) then the application will not work. And all login calls, for example will throw an error.
Don't think of it as a completely separate entity from facebook. The application is very well linked into facebook.
Try making a facebook application using connect. Then you can look at what scripts are attached to root and the connect script. That may give you a better idea of what is going on (there very large though)
More information from facebook/developers here
This webpage may also be helpful
精彩评论