OAuth???
OAuth (Open Authorization) is an open standard for token-based authentication and authorization on the Internet. OAuth, which is pronounced "oh-auth," allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password. OAuth acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared. The process for obtaining the token is called a flow.
Facebook OAuth-authentication flow
1. On access of an url or in welcome page the Facebook Login button is shown and the user will click the FB button to login into the Java web application. On click of that button a Facebook URL will be invoked.
2. Facebook will validate the application ID and then will redirect to its login page.
3. User will enter the FB login credentials and submit the form.
4. Facebook will validate the credentials and then redirect back to the browser with a request to forward to the redirect_url. Redirect_url is the URL in our application which will take care of further processing.
5. Browser will call the redirect url.
6. Redirect URL page will again call the Facebook to request for access_token.
7. Facebook on validation success will respond back with access_token.
8. Redirect URL page will again call the Facebook to request for user data by sending the access_token.
9. Facebook on validating the access_token will respond back with user data requested.
10. Redirect URL page will forward to a page showing user data in the client browser.
No comments:
Post a Comment