Hi all,
I’ll try to be as brief as possible.
I’m looking into creating an app that will require it’s own backend (REST API and a database) to store some user data that can be shared across all the app’s users.
I’m looking into using facebook login to ease the sign-up process as much as possible.
What I’m still missing is a link between the facebook login and my own API.
I can write the API any way I want, but how would you go about connecting the facebook login in the app with an account on your own server/api/database?
Looking through the documentation, I understand when I do a facebook.login call in corona, I’m thinking I could use the token that comes back from the listener as an ID for the user, and use this to save that user’s info into my database.
However two questions arise:
-
if the token changes the next time I log in, how do I connect the user to his already existing profile, instead of creating a new, empty profile for him?
-
if the token did not change, then it would be a security issue - if someone guessed/retrieved your token, he could access my API using your token as it is the only identifier I have about the user… so he would be able to maliciously change the user data on my API as the token is the only credentials he needs.
has anybody built anything of this sort, and if so, can you point me how to make the connection between my server, and the apps facebook.login ? I can make the server connect to facebook api too if I need to (I will probably be building the API in PHP), I just don’t see how to put it all together.
Cheers!
Joe