开发者

Securely transfer data from Facebook JavaScript SDK method FB.login to my server-side code

开发者 https://www.devze.com 2023-03-17 14:26 出处:网络
Using JavaScript SDK FB.login method I get user details in client JS code. I\'d like to transfer this data to my server-side script. The first idea is a plain AJAX call. The problem is that I can\'t v

Using JavaScript SDK FB.login method I get user details in client JS code. I'd like to transfer this data to my server-side script. The first idea is a plain AJAX call. The problem is that I can't verify from the server side that this data comes from authority (my JS that performs Facebook login) and not from someone th开发者_开发问答at abuses my AJAX endpoint.

P.S. I've found this solution: FB.login with PHP API (only access token is transfered and PHP SDK is used on the server)


The best way to do this is for your server to just get the data from FB directly. You may have to involve the user to gain access, but if the server is getting the data from FB directly, then there's no endpoint for people to abuse.

If you're going to get the data from FB in the client and then pass it to the server, then you'll have to use authenticated connections into the server and you'll have to use some form of authentication you trust where if anyone is found abusing the endpoint, you can immediately cut off their access and expunge their data. That's why lots of services use developer keys as a means of authenticating people into the endpoints. I don't personally know of any way that you could actually guarantee that the client is giving you good data.

0

精彩评论

暂无评论...
验证码 换一张
取 消