Code for re-inflating Facebook sessions on iOS You can replicate this behavior on Android and the web so that when a user signs into a different client, you can silently keep them connected. If it has changed, save the new token to your backend to keep the session alive. Re-create the Facebook/Google login sessions and issue a request.Load any recent third-party sign-in tokens from your backend.So, to wire the session back up, when a user who has logged in with Facebook (or connected his or her Facebook account) logs back in, your app should do the following: Or a different user might “Connect” his account to Facebook later, which should associate his Facebook session with his user account in the backend.īut when these guys sign in on another device, or if they sign out and sign back in (without tapping “Login with Facebook”), the Facebook SDK in the client might not know about their Facebook sessions anymore.Īdditionally, the only way to keep sessions alive is to refresh them in the client there’s no facility for doing this on the server. Once a user signs in with Facebook, she might sign in with another service under the same email address. Persisting Facebook “connectedness” across logins and devices Next we can talk about how to keep the Facebook session alive in the client as long as possible. Your client saves your backend’s auth token: Now you’re logged in and can talk to your own servers forever, or at least in a way you understand.Your backend issues a new authentication or session token.Your backend validates the token against Facebook’s servers.Your client gives your backend the token.Facebook SDK talks to Facebook backend to get a token.Rather than extending sessions by passing the original credentials to the backend, you should ask your backend for a new token using a separate refresh token.Īs a result, authentication flows with Facebook, Google, et al, should look something like this: Instead, you should implement your own session token strategy, and it should probably be made to resemble OAuth2. To avoid a critical mistake I made, here’s the most important thing: Don’t ever block your app’s startup on third-party authentication. In some cases, if you want to keep the session alive, you might have to prompt the user to authenticate with Facebook again. So, after signup, your app should not assume you can ever get another valid token from the Facebook SDK. ![]() The Facebook SDK can provide your app with an invalid session token due to cached data at the SDK or system level auth tokens expire due to user behavior like resetting passwords or manually invalidating apps under the user’s settings. Use your own long-lived session tokensįacebook sessions get invalidated all the time. ![]() Here’s what we’ve learned integrating Login with Facebook in Cluster. ![]() But it’s not overly clear the best way to go about it, and many examples on the web advocate the wrong strategy. Logging in with Facebook theoretically solves a lot of problems for app developers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |