Blog | G5 Cyber Security

Facebook Login Integration

G5 Cyber Security

TL;DR

Yes, you can let users log in to your app using their Facebook accounts. This guide explains how to set it up, covering the basics of creating a Facebook App, configuring your app settings, and integrating the login process into your code.

Step 1: Create a Facebook App

  1. Go to Facebook for Developers and log in with your Facebook account.
  2. Click on “My Apps” then “Create App”.
  3. Choose an app type (usually “Consumer”) and give it a name.
  4. Enter a contact email address and click “Create App”.

Step 2: Configure Your Facebook App Settings

  1. Navigate to your app’s dashboard on the Facebook for Developers website.
  2. Go to “Products” and add “Facebook Login”.
  3. In the Facebook Login settings:
    • Valid OAuth Redirect URIs: Add the URL where Facebook will redirect users after login (e.g., https://your-app-url/callback). This is crucial!
    • Deauthorize Callback URL: Add a URL to handle deauthorizations if needed.
  4. Under “Settings” > “Basic Info”, ensure your app has a privacy policy URL and terms of service URL (even placeholder ones are fine initially).

Step 3: Get Your App ID and Secret

  1. In the Facebook Login settings, find your **App ID**. You’ll need this in your code.
  2. Go to “Settings” > “Basic Info”. Click on the “App Secret” field to reveal it (you may need to confirm your identity). Keep this secret safe!

Step 4: Integrate Facebook Login into Your Code

The exact implementation depends on your programming language and framework. Here’s a general outline using JavaScript as an example:

JavaScript SDK Setup

<script src="https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v17.0" async defer crossorigin="anonymous"></script>

Initialize the SDK

window.fbAsyncInit = function() { FB.init({ appId: '{your-app-id}', cookie: true, xfbml: true, version: 'v17.0' }); };

Login Button

<button onclick="FB.login(function(response) { if (response.authResponse) { // User logged in successfully console.log('Successfully logged in!', response); } else { console.log('User cancelled login or did not grant permission.'); } });">Login with Facebook</button>

Get User Information

FB.getLoginStatus(function(response) { if (response.status === 'connected') { FB.api('/me?fields=id,name', function(data) { console.log('User ID:', data.id); console.log('User Name:', data.name); }); } else { // Handle cases where the user is not logged in or has denied permissions } });

Step 5: Handling Permissions

  1. Request necessary permissions from users during login (e.g., email, public profile).
  2. Use the scope parameter in your FB.login() call to specify the required permissions. Example: FB.login(..., { scope: 'email,public_profile' });

Step 6: Server-Side Verification (Important!)

Never trust client-side data alone! Always verify the access token on your server to ensure it’s valid and belongs to your app.

  1. Use a Facebook SDK for your server-side language (e.g., PHP, Python, Node.js).
  2. Exchange the short-lived access token received from the client for a long-lived token.
  3. Validate the user’s identity using the Graph API.

Step 7: Testing

  1. Test your integration thoroughly with different Facebook accounts.
  2. Use the Facebook Login Tester tool on the Facebook for Developers website to simulate login scenarios.
Exit mobile version