Registering Client App in Facebooke

Registering Client App in Facebooke - OAuth

Registering App with Facebook

To register app in Facebook follow the link and create a new app. https://developers.facebook.com/

Once we created the app you can see the app details in the dashboard and the screen that looks something like this.

Here we can notice the Appid and Appsecret for the created Facebook app. [Client ID & Client Secret]

When registering a client app to configure with OAuth we have need to consider 5 main parts, such as client ID, client secret, redirection endpoint, authorization endpoint and token endpoint.

The "key" (that is, access token) is passed back via the redirection endpoint in step 4

Redirection endpoint:

It is a very important property in the client application. This helps the service providers to call back the application and to pass control back to your application and even send you important information.[tokens/error messages]

In OAuth authorization process [1st step] users need to login to the service provider’s authorization endpoint and authorize the client application [user consent page]. After user completed this process controls must be handed to the client application. This done via redirection endpoint.

We can give one/many redirection endpoint(s) to the app we are creating [Settings->Basic].

After set our redirection endpoint we have to find the service providers authorization endpoint as well as token endpoint. For Facebook, it built those properties in a library file and encourage us to use that SDK file [this SDK file interact with Facebook OAuth service]. Anyway the authorization and token endpoints of Facebook are:

Authorization endpoint -> https://www.facebook.com/dialog/oauth

Token endpoint -> https://graph.facebook.com/oauth/access_token

Now you are having all the necessary properties.

Client ID	2032416086987946
Client Secret	1fd424a4b9dac1b9c8b28974cd0b87e6 [sample secret ID]
Redirection endpoint	http://localhost:8080/my-web-app-2/callback.html
Authorization endpoint	https://www.facebook.com/dialog/oauth
Token endpoint	https://graph.facebook.com/oauth/access_token

Let’s build our application !!!

Comments

How OIDC run on top of OAuth - Demo by a maven web application

As I said in the previous blog about OIDC, OIDC is running on top of OAuth in-order to provide authentication and authorization. When it comes to real scenario, we have need to clearly understand the flows between authorization server, and resource server. For OAuth it needs token introspection endpoint in-order to validate the token. But, in OIDC it doesn't need to have this introspection endpoint because OIDC response token (JWT) it contains the idtoken which contains information about the token to validate by the resource server. OIDC is running as authorization grant type is pretty much safe way for the web applications. Let's see how a real world application using this OIDC on top of OAuth. Note: I have created an sample application to provide the graphical interface for this explanation. When you are trying to login a online web application account you may see another login options also available. For example, login with Google, login with Facebook,etc. Those ...

Bandit Wargame – Documentation

Basically wargames are providing the basic knowledge on the security concepts. It is a game that contain many tricks to break the borders to gain the access especially passwords (commands are mostly on the Linux CLI). You can find many wargames through the Internet and they are very interest and fun full too. “Bandit” is also a wargame which is for the beginners. You all can access that through the link given bellow. And this article is an document for this game. I have used Ubuntu as the operating system. Bandit – Clickhere . Level 0: Case study → Clickhere Here we have need to connect the host through the SSH (secure socket shell) server. The informations are provided as follows. Host name: bandit.labs.overthewire.org Port No: 2220 User name: bandit0 Password: bandti0 There are many ways to connect through the SSH server. Method 1: Download and run the “PuTTY SSH client”. ( https://the.earth.li/~...

'OpenID Connect' Client App Creation on Auth0

If we are going to use OIDC (OpenID Connect), we have need to know the definitions of OAuth and OIDC. Because OAuth is for authorization and OIDC is on top of OAuth to provide authentication. So, OIDC is providing authorization and authentication. What is OAuth? The OAuth 2.0 authorization framework enables third-party applications to obtain limited access to a web service. [To see more on OAuth itwithcs.blogspot.com: Click here ] What is OpenID Connect? OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. It uses simple JSON Web Tokens (JWT), which you can obtain using flows conforming to the OAuth 2.0 specifications. What are Identity Servers? Identity server are the core part of any identity and access control i...

IT Today

Search This Blog