The last days Ive postet some questions about login-in with facebook. Today I need help with the basic architectural idea of SIGN UP Users with client side authentification and server-side storing additional data.
Since im writing an app that should provide user registration and login via facebook Ive got the facebook-sdk up and running on my client side (ember-project).
Now Im possible to get user-related data (name, email, fb-user-id) from FB as well as an token. So now I want to "register"/create a new record on my (own)server-backend to store additional user-data. A common use-case I quess.
Well the abstract design idea I dont understand so far is to handle that authentification. I mean: When the client calls some API on my own REST-Server like "POST /users/234" (for creating a new entry), is it enough to assume, that the data which arrives the Server-Backend (Facebook user-id/token pair) is valid?
Can I just put a new entry in my database including the FB-User-ID or do I have to validate that credentials also on my server-side to be sure that the data (e.g. "name John Doe with token 123456asdfg") is valid? Okay, Im pretty sure I have to double-check that but im wondering what the next steps would be now? After my server managed validate the token and user-id agains facebooks-server do he (the server) have to open a session to the client on its own or is it enough to always recieves the FB-token from the client-side (transportet via Headers in the REST-Calls or something) and validate it ALWAYS for every action/business logic on the server-side agains facebook?
Aucun commentaire:
Enregistrer un commentaire