fb ios sdk session for use with existing fb connect website

Question

How does my fb connect webserver authenticate a user that logged in via fb ios sdk? I have a website which uses facebook connect. In it, i do use the app secret to authenticate the user via a cookie created by the facebook javascript sdk via the facebook python library:

def get_user_from_cookie(cookies, app_id, app_secret):
    """Parses the cookie set by the official Facebook JavaScript SDK.

    cookies should be a dictionary-like object mapping cookie names to
    cookie values.

    If the user is logged in via Facebook, we return a dictionary with the
    keys "uid" and "access_token". The former is the user's Facebook ID,
    and the latter can be used to make authenticated requests to the Graph API.
    If the user is not logged in, we return None.

    Download the official Facebook JavaScript SDK at
    http://github.com/facebook/connect-js/. Read more about Facebook
    authentication at http://developers.facebook.com/docs/authentication/.
    """
    cookie = cookies.get("fbs_" + app_id, "")
    if not cookie: return None
    args = dict((k, v[-1]) for k, v in cgi.parse_qs(cookie.strip('"')).items())
    payload = "".join(k + "=" + args[k] for k in sorted(args.keys())
        if k != "sig")
    sig = hashlib.md5(payload + app_secret).hexdigest()
    expires = int(args["expires"])
    if sig == args.get("sig") and (expires == 0 or time.time() < expires):
        return args
    else:
        return None

Now, I'm wondering how to connect a user who logs in via the iphone to my website. Do I just send the access token over to my webserver and based on the the access token make a call to the graph(just bypass the above function)? If that is it, then what about all the validation the above function offers?

score 0 · Answer 1 · edited Jan 29 '19 at 18:15

If you want use Facebook iOS API you need:

Alloc and Init a Facebook object

Facebook *facebookObject = [[Facebook alloc] init];

Check permissions

NSArray *permissions = [NSArray arrayWithObjects:@"publish_stream", @"offline_access",nil];

Authorize facebook

[facebookObject authorize:APP_ID permissions:permissions delegate:self];

After that you can used NSUserDefaults to keep session like that :

To store session I use NSUserDefaults.

[[NSUserDefaults standardUserDefaults] setObject:facebookObject.accessToken forKey:@"AccessToken"];
[[NSUserDefaults standardUserDefaults] setObject:facebookObject.expirationDate forKey:@"ExpirationDate"];
[[NSUserDefaults standardUserDefaults] synchronize];

After that I can catch Access with :

facebookObject.accessToken    = [[NSUserDefaults standardUserDefaults] stringForKey:@"AccessToken"];

facebookObject.expirationDate = (NSDate *) [[NSUserDefaults standardUserDefaults] objectForKey:@"ExpirationDate"];

Like that you can keep session alive and the user enter login and password only once. I think that is why cookies.

@ronin, thx but i am already able to login via ios and request graph data. my question is how do i use that session with my existing facebook connect website. i want to login via the iphone, go to the webserver and grab data from the user account stored in my db. If i send the access token to my webserver, do i need other info besides the access token to make sure is valid? — prostock, May 11 '11 at 16:13
@David I think (but i'm not sure) the access token stored in your web server are sufficient to connect. — TheRonin, May 12 '11 at 09:10

score 0 · Answer 2 · answered May 12 '11 at 18:48

0

The cookie fetch and validation is useful for Google AppEngine or JavaScript SDK access.

For accessing user session initiated in iOS app, in Python SDK, just use:

graph = facebook.GraphAPI(access_token)
user = graph.get_object("me")

Hope that helps.

answered May 12 '11 at 18:48

Gurpartap Singh

2,744
1
26
30

thx, but if an access token is all i need why do we need the get_user_from_cookie function above? the cookie that gets parsed by the code in my post contains more than the access token... – prostock May 12 '11 at 22:53
get_user_from_cookie(cookies, app_id, app_secret) This method accepts cookies, app id and app secret. It compiles the app keys combination and generates a signature. Then it searches through cookies for stored signatures and compares with generated sig. If they match, the values stored for that app id are retrieved. If you really want to take user's access token from iOS, and use with Python SDK, it's the facebook.GraphAPI() method which should be used. – Gurpartap Singh May 13 '11 at 00:31
yah, that's what i'm not understanding....if all u need is an access token...why does fb go through the trouble of using get_user_from_cookie. they already have the access token, why do they need to go through all that trouble. – prostock May 13 '11 at 05:38
Dude, that's what is explained. The cookie method is NOT required when you already have the access token etc with you. It is used when you are dealing with user from a browser or app which implements cookies. – Gurpartap Singh May 28 '11 at 09:45

fb ios sdk session for use with existing fb connect website

2 Answers2

Linked