Skip to main content

OAuth 2.0 framework


What is OAuth 2.0?


OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.
This informational guide is geared towards application developers, and provides an overview of OAuth 2 roles, authorization grant types, use cases, and flows.
This specification and its extensions are being developed within the IETF OAuth Working Group.

How does Social Login work?

Social Login is a simple process, with the following steps.
  1. The user enters your application and selects the desired social network provider.
  2. A login request is send to the social network provider.
  3. Once the social network provider confirms the user’s identity, a current user will get access to your application. A new user will be registered as a new user and then logged into the application.
How to use this?

  • Setup a Facebook app
  • Get your Facebook App ID and App Secret
  • Copy these keys into your AuthO settings
  • Enable the Facebook social connection in AuthO

Step 1:

Login to facebook as Facebook Developer. Then "add a new app" 

Step 2:

Give Display name for the app and enter the email address.


Step 3:

Then click setup under Facebook,

Step 4:

Under the Facebook Login menu on the left, click on Settings to open the Application OAuth Settings page.

Step 5:

Enter this URL in Valid OAuth redirect URL's box 

https://YOUR_AUTH0_DOMAIN/login/callback

Step 6:

Then click the App Review tab in left side option panel. Next you can make your app public by using first option on the main panel.

Step 7:

Click the Settings and go basic setting then you can have your App ID & App Secret

Step 8:

Click show to reveal the App Secret, then they ask the Facebook password again. 
Select all the attributes & permissions you want to enable in your app.Then click the Application tab and select the applications you wish to enable. After that  Save it.

Step 9:

Now you can test your conection.You can have a this kind of icon on AuthO dashboard.


Click try icon,


Again click the Continue as *** Button then you can have a window "It works!!!" 


Access Facebook API

Once you successfully authenticate a user, Facebook includes an Access Token in the user profile it returns to Auth0.

You can then use this token to call their API.

In order to get a Facebook Access Token, you have to retrieve the full user's profile, using the Auth0 Management API, and extract the Access Token from the response. 

For detailed steps refer to Call an Identity Provider API.

Once you have the token you can call the API, following Facebook's documentation.
For more information on these tokens, refer to Identity Provider Access Tokens.

Comments

Post a Comment

Popular posts from this blog

Cross-site-Request-Forgery-protection-in-web-applications-via-Double-Submit-Cookies-Patterns

Implementation of the Double Submit Cookie Pattern is bit similar to the implementation of the Synchronizer Token Pattern. So before reading this post, It is better to read the last post about the "implementation of Synchronizer Token Pattern". The link for the previous post is as fallows https://hyperstella.blogspot.com/2018/05/cross-site-request-forgery-protection.html Double submit cookie pattern does not store the token value in the server side.It store the token value inside the cookie in the client side. In this post we are going to show the implementation process of  Double Submit Cookie Pattern , You can see a sample project (Github) :-  https://github.com/MalikDilsh/Cross-site-Request-Forgery-protection-in-web-applications-via-Double-Submit-Cookies-Patterns Step 1: First of all you have to  Create a web application similar to the Synchronizer Token Pattern. Because the implementation process of the double submit cookie pattern is mostly equal, ther...
1 comment
Read more
 SMSC Gateway Overview An SMS gateway is a platform or service that allows you to send and receive text messages (SMS) using telecommunication networks. It acts as an intermediary between computer systems or applications and mobile network operators, enabling the exchange of SMS messages. Here are some key points about SMS gateways: Functionality: SMS gateways provide the necessary infrastructure and protocols to enable communication between computer systems and mobile networks. They typically offer APIs (Application Programming Interfaces) that developers can use to integrate SMS functionality into their own applications, websites, or systems. Sending SMS: With an SMS gateway, you can send SMS messages programmatically from your own application or system. You need to interact with the gateway's API, providing the recipient's phone number, message content, and other relevant parameters. The gateway then delivers the SMS to the intended recipient through the mobile network. Rece...
Post a Comment
Read more