I am building a simple Cordova App, and I am using Facebook Login to allow users to login and start using the app. The App talks to a Laravel-based API. I use JWT authentication between the two ends.
Now, I am not very clear on the (secure) mechanism I should implement to allow users to register and login through "Facebook Login", and the way this should work with the User model, and the JWT authentication.
Here's what I have in mind, tell me if it's the way to go:
- User opens the app for the first time. Clicks the "login with Facebook" button. I request the "email, public_profile" information in the login request.
- After the access is granted I submit the user id and info (name, email, ...) to the api/register, where I create a new user with the passed info.
- Then the api responds with the JWT token back, for later requests.
So, this is registration, for the login process I am thinking of doing the following:
- The user opens the app, I then check for the loginStatus, if "connected" I then send the retrieved token to the server for authentication.
-
The server receives the token, and then sends a Facebook Graph API "/me" request with this token to retrieve the user id. If the user id equals the one stored in the database a JWT token is created and sent back.
I am sure I am missing something, and I want this to be as secure as possible. What is the optimal way to handle a situation like this?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire