SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict
    Join Date
    Apr 2011
    Posts
    265
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Login the user with Facebook without revealing the APP ID

    Hi,
    In the Facebook documentation about Login the user with Facebook APP they say:

    "Because it requires you to include your App Secret you should not attempt to make this call client-side as that would expose this secret to all your app users. It is important that your App Secret is never shared with anyone".

    I understend it is about APP Secret, but what about the Developer ID?
    The developer ID is added in the URL address of the window for login the user with Facebook:
    Code:
    https://www.facebook.com/dialog/oauth?client_id=APP_ID&redirect_uri=...&state=...&scope=...
    The APP_ID can be copied and used by anyone.
    I tryed with JavaScript SDK, and with PHP SDK, but in both cases the developer ID appears in the address bar.
    I tryed also the get and display the page from that URL address using cURL, but of course not works.
    Is there any way to login the users in my web site using Facebook, without revealing the developer ID?
    Or, it doesn't matter if someone uses your Facebook APP ID?
    Free: Web Programming Courses HTML, CSS, Flash
    Web Programming: AJAX Course and PHP-MySQL Course video Lessons
    Good JavaScript and jQuery course for beginners

  2. #2
    #titanic {float:none} silver trophy
    molona's Avatar
    Join Date
    Feb 2005
    Location
    from Madrid to Heaven
    Posts
    8,237
    Mentioned
    239 Post(s)
    Tagged
    1 Thread(s)
    I'm not an expert in FB applications, I'm afraid. Still the way I understand it is that you use the APP ID and not the developer ID. What you hide is the App Secret.

    But then, you should wait for an answer of someone that works with FB apps to confirm what I say. I simply briefly read the documentation and in their JavaScript example I saw the App ID, not the developer ID

  3. #3
    SitePoint Addict
    Join Date
    Apr 2011
    Posts
    265
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Thank you for the answer.
    In the end I belive it doesn't matter because if FB made their APP to work in this way, they know how that ID can be used.
    And I think it is the same ID that is already publicly.
    Free: Web Programming Courses HTML, CSS, Flash
    Web Programming: AJAX Course and PHP-MySQL Course video Lessons
    Good JavaScript and jQuery course for beginners


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •