Hello, I've made a API with Laravel. I've implemented JWT for login and know I need to implement a Facebook Login. My APIs are being used on different platforms: Web, Android and iOS.
I've used Socialite before, but seems to be for web only. I don't know how to mix Facebook Login with JWT, which library to use, or how the flow has to be.
So you have: Facebook - Android Application - Your web server. And your web server needs to know that you are the Facebook user you are presenting. The problem is that you can not trust the Android client for any data it gives to you.
I solved the problem like this:
Authenticate user to Facebook from Android application,
Get the FB auth token to the android app,
Forward the authentication token & facebook UID from Android to web server,
On web server, make Facebook API call with the submitted token.
If the Facebook API call from web server returns valid authentication, and the user id is equal to the one submitted by Android application, your server can trust the id (& you can be sure that the Android authentication real)
So, after I have a valid authentication, all the requests must be done with the Facebook Token? Or, as the user is validated, could use the JWT for all the next requests?
@pdellepiane I have the same question, buddy :( Have u solved this? How can I authenticate facebook_id and new token being sent from Android app? Any ideas would be appreciated!
it works for me :
//find the user using his details.
$user = User::where('email','=',Input::get('email'))->where('fb_id','=',Input::get('fb_id'))->first();
@pdellepiane After access token verification you can generate the access token like normal login(JWT) and can pass that as the response so that every next request the client can attach the access token in header authentication. There is no need of passing fb access token.
