I have seen this question asked a few times, and I can understand why there is a lot of confusion here. Its a bit of a computer security problem. While I can’t provide you with any lua code that does this, I can explain how the authentication scheme can work.
- The user logs into Facebook on their device via Facebook Connect.
- Facebook responds with an access token for the user
- The program running on the mobile device forwards the access token to your web server (in your case a PHP server).
- On the server side, the access token is used, to speak to facebook, doing a simple request for the “me” object, which tells us who that access token belongs to.
- The results in the me object can be used to determine/verify the user’s identity.
- Now the user is authenticated with the server, the server does work on behalf of the user and returns a response.
YOU MUST USE HTTPS to securely transmit the facebook access token. Otherwise, a man in the middle can steal someone’s access token and authenticate with your app (and possibly other things on facebook) as a different user.
Thats the jist of it, you can do some caching to optimize and not need to keep making slow requests to facebook. Or you can establish a session once you authenticate them the first time.
[import]uid: 38858 topic_id: 5599 reply_id: 23583[/import]
