Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication Simon Cross Partner Engineer facebook.com/sicross An Overview.

Published byRoss Morris Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication Simon Cross Partner Engineer facebook.com/sicross An Overview."— Presentation transcript:

1 Authentication Simon Cross Partner Engineer facebook.com/sicross An Overview

2 Facebook Platform Graph API User, App, Page, Credits, Places, Ads Standards HTTP, HTML5, JSON, OAuth, Open Graph WebsitesMobile Apps on Facebook Social PluginsDialogs

3 Permissions Auth Dialogs Server-side Auth Client-side Auth SDKs Mobile SSO “It’s All About The Access Token”

4 ID Name Friends Picture Gender Username Locale Permissions Default, Basic User data

5 { data: [ ] } Permissions Without Permissions, if you query the API for anything more than the basic user data, you’ll get:

6 Permissions Ask for the permissions you NEED - but not more ~60 Permissions user_likes user_birthday user_events user_photos user_checkins email... friends_likes friends_birthday friends_events friends_photos friends_checkins... publish_stream publish_checkins create_event manage_pages offline_access... Full list at developers.facebook.com/docs/authentication/permissions

7 Permissions The more permissions you request, the lower your conversion ratio ~3% reduction in conversion for each additional permission But some permissions have a bigger effect than others: email, user_birthday, stream_publish, offline_access etc Ask for only the permissions you actually need You can always ask for more later Tips

8 Server Side Auth Flow User’s Browser Your AppFacebook GET Your app’s frontpage Redirect GET OAuth Dialog User’s Browser Your AppFacebook 302 Redirect GET Your app’s callback URL GET /oauth/authorize Access Token GET /me?access_token=... API Response Render user data in page

9 Server Side Auth Flow GET https://www.facebook.com/dialogs/oauth? client_id=YOUR_APP_ID& redirect_url=http://yourapp.com/callback& display=page|popup& scope=perm_one,perm_twohttp://yourapp.com display=popupdisplay=page

10 Client Side Auth Flow User’s Browser Your AppFacebook GET Your app’s frontpage GET OAuth Dialog User’s Browser Your AppFacebook 302 Redirect including Access Token in URL fragment GET /me?access_token API Response, render user data in page GET /me?access_token=... API Response Render user data in page User clicks a call-to-action to login GET /ajax_api.php?access_token=...

11 Client Side Auth Flow GET https://www.facebook.com/dialogs/oauth? client_id=YOUR_APP_ID& redirect_url=http://yourapp.com/callback& display=page|popup& response_type=token& scope=perm_one,perm_twohttp://yourapp.com/callback& http://yourapp.com/callback#access_token=166942940015970%7C2.sa0&expires_in=64090 Response is a 302 redirect to:

12 Javascript SDK

13 Mobile SDKs

Download ppt "Authentication Simon Cross Partner Engineer facebook.com/sicross An Overview."

Similar presentations

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board
The How of OAuth OAuth Hackathon – Six Apart

The How of OAuth OAuth Hackathon – Six Apart
Integrating Facebook into iOS Apps 08/25/2011 North Atlanta iOS Developers Meetup Group Presentation.

Integrating Facebook into iOS Apps 08/25/2011 North Atlanta iOS Developers Meetup Group Presentation.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Overview of Twitter API Nathan Liu. Twitter API Essentials Twitter API is a Representational State Transfer(REST) style web services exposed over HTTP(S).

Overview of Twitter API Nathan Liu. Twitter API Essentials Twitter API is a Representational State Transfer(REST) style web services exposed over HTTP(S).
AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013

AAI for Apps Using AAI with your Smartphone Daniel Latzer Zürich, April 2013
Attie Naude 14 May 2013 Windows Azure Mobile Services.

Attie Naude 14 May 2013 Windows Azure Mobile Services.
Setting Up Your Facebook Account. Step 1: Ensure you have a valid email account to use for your login. Eg. Hotmail, Gmail, Me etc.

Setting Up Your Facebook Account. Step 1: Ensure you have a valid account to use for your login. Eg. Hotmail, Gmail, Me etc.
The Graph API Simon Cross Partner Engineer facebook.com/sicross An Overview.

The Graph API Simon Cross Partner Engineer facebook.com/sicross An Overview.
Making Euros Fred Fang Partner Engineer facebook.com/fang A How-To for Ads + Credits.

Making Euros Fred Fang Partner Engineer facebook.com/fang A How-To for Ads + Credits.
Social Channels Cat Lee Program Manager, Developer Relations facebook.com/cat Driving traffic to your app.

Social Channels Cat Lee Program Manager, Developer Relations facebook.com/cat Driving traffic to your app.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:

OAuth 2.0 By “PJ” (JP on meetup.com) iOS and PHP developer, and occasional lawyer Contact me via:
OULU ADVANCED RESEARCH ON SOFTWARE AND INFORMATION SYSTEMS Teppo Räisänen | Oulu University of Applied Sciences Facebook API Teppo Räisänen

OULU ADVANCED RESEARCH ON SOFTWARE AND INFORMATION SYSTEMS Teppo Räisänen | Oulu University of Applied Sciences Facebook API Teppo Räisänen
1Proprietary and Confidential AirVantage API – Getting started David SCIAMMA – June 13th 2014.

1Proprietary and Confidential AirVantage API – Getting started David SCIAMMA – June 13th 2014.
Using Evernote and Google Docs in your web or mobile application (and potentially Dropbox and Skydrive) By Peter Messenger Senior Developer – Triple Point.

Using Evernote and Google Docs in your web or mobile application (and potentially Dropbox and Skydrive) By Peter Messenger Senior Developer – Triple Point.
REST Security with JAX-RS

REST Security with JAX-RS
The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems San-Tsai Sun and Konstantin Beznosov University of British Columbia.

The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems San-Tsai Sun and Konstantin Beznosov University of British Columbia.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Facebook Applications Teppo Räisänen. Facebook Applications Facebook provides many Software Development Kits (SDK’s) – PHP SDK – iOS SDK – Android SDK.

Facebook Applications Teppo Räisänen. Facebook Applications Facebook provides many Software Development Kits (SDK’s) – PHP SDK – iOS SDK – Android SDK.

Similar presentations

Ads by Google