Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  1. The website will provide the user with an authorization link; the link will look like this: https://www.facebook.com/dialog/oauth?client_id=clientId&redirect_uri=uri&state=someUserIdentifier&scope=publish_stream%2Cread_stream%2Cuser_photos%2Cuser_videos%2Cuser_status%2Coffline_access%2Cmanage_pages%2Cread_insights
    which includes:
    1. client_id: the app id provided by facebook while creating the application
    2. redirect_uri: location of the page that will be called by the browser (via a redirect). This page will be the one processing the Facebook call when the user authorizes your application
    3. state: free parameter that facebook will retransmit in the redirect call. Use this parameter to identify the requesting user (a temporary key associated with the user would be a good example)
    4. scope: the set of permissions requested
  2. The user clicks on the link, gets a dialog and either
    1. clicks on authorize (the case we're interested in)
    2. or clicks on decline
  3. The Facebook dialog will redirect to the specified redirect_uri, including the state and a verifier code (using request parameters: state and code)
  4. The application at the redirect_uri will
    1. read the state parameter and identify the user
    2. obtain an access token, based on the provided code

...