Registering Client App in Facebooke

Registering Client App in Facebooke - OAuth

Registering App with Facebook

To register app in Facebook follow the link and create a new app. https://developers.facebook.com/

Once we created the app you can see the app details in the dashboard and the screen that looks something like this.

Here we can notice the Appid and Appsecret for the created Facebook app. [Client ID & Client Secret]

When registering a client app to configure with OAuth we have need to consider 5 main parts, such as client ID, client secret, redirection endpoint, authorization endpoint and token endpoint.

The "key" (that is, access token) is passed back via the redirection endpoint in step 4

Redirection endpoint:

It is a very important property in the client application. This helps the service providers to call back the application and to pass control back to your application and even send you important information.[tokens/error messages]

In OAuth authorization process [1st step] users need to login to the service provider’s authorization endpoint and authorize the client application [user consent page]. After user completed this process controls must be handed to the client application. This done via redirection endpoint.

We can give one/many redirection endpoint(s) to the app we are creating [Settings->Basic].

After set our redirection endpoint we have to find the service providers authorization endpoint as well as token endpoint. For Facebook, it built those properties in a library file and encourage us to use that SDK file [this SDK file interact with Facebook OAuth service]. Anyway the authorization and token endpoints of Facebook are:

Authorization endpoint -> https://www.facebook.com/dialog/oauth

Token endpoint -> https://graph.facebook.com/oauth/access_token

Now you are having all the necessary properties.

Client ID	2032416086987946
Client Secret	1fd424a4b9dac1b9c8b28974cd0b87e6 [sample secret ID]
Redirection endpoint	http://localhost:8080/my-web-app-2/callback.html
Authorization endpoint	https://www.facebook.com/dialog/oauth
Token endpoint	https://graph.facebook.com/oauth/access_token

Let’s build our application !!!

Comments

Bandit Wargame – Documentation

Basically wargames are providing the basic knowledge on the security concepts. It is a game that contain many tricks to break the borders to gain the access especially passwords (commands are mostly on the Linux CLI). You can find many wargames through the Internet and they are very interest and fun full too. “Bandit” is also a wargame which is for the beginners. You all can access that through the link given bellow. And this article is an document for this game. I have used Ubuntu as the operating system. Bandit – Clickhere . Level 0: Case study → Clickhere Here we have need to connect the host through the SSH (secure socket shell) server. The informations are provided as follows. Host name: bandit.labs.overthewire.org Port No: 2220 User name: bandit0 Password: bandti0 There are many ways to connect through the SSH server. Method 1: Download and run the “PuTTY SSH client”. ( https://the.earth.li/~...

How OIDC run on top of OAuth - Demo by a maven web application

As I said in the previous blog about OIDC, OIDC is running on top of OAuth in-order to provide authentication and authorization. When it comes to real scenario, we have need to clearly understand the flows between authorization server, and resource server. For OAuth it needs token introspection endpoint in-order to validate the token. But, in OIDC it doesn't need to have this introspection endpoint because OIDC response token (JWT) it contains the idtoken which contains information about the token to validate by the resource server. OIDC is running as authorization grant type is pretty much safe way for the web applications. Let's see how a real world application using this OIDC on top of OAuth. Note: I have created an sample application to provide the graphical interface for this explanation. When you are trying to login a online web application account you may see another login options also available. For example, login with Google, login with Facebook,etc. Those ...

Introduction to OAuth

What is OAuth? OAuth is a protocol that allows distinct parties to share information and resources in a secure and reliable manner. OAuth needs to consider the 2 concept to provide the informations in secure and reliable manner. They are authentication and authorization. Authentication -> Validating the person/system who need the information Authorization -> After authentication what action can be performed by the person/system. By maintaining this 2 concept OAuth is providing federated identity and delegated identity. Federated identity -> User can use his/her one application account to login another application. [Example: If a user having Facebook account then he can login Instagram with the same login as Facebook] Delegated identity -> One service can access another service resources. [Example: When creating a Facebook account with eMail address that will suggest the contacts in the eMail to add as friends] Without OAuth With OAuth User ...

IT Today

Search This Blog