Forum OpenACS Development: Authentication app from Facebook to OACS site

Collapse
1: Authentication app from Facebook to OACS site
Posted by Iuri Sampaio on 08/22/12 02:38 AM
I found Hamilton's thread about social networking package and I'm glad
to know that this theme already started on OpenACS.
https://openacs.org/forums/message-view?message_id=3879362

My searching for this subject was based on trying to install the authentication app from Facebook to my website. So far, I figure that in order to log the user into my OACS site using facebook App, three things need
to happen:

First, Facebook needs to authenticate the user. This ensures that the
user is who they say they are.

Second, Facebook needs to authenticate my website. This ensures that the
user is giving their information to my site and not someone else.

Third, last but not least, the user must explicitly authorize my website
to access their information. This ensures that the users knows exactly
what data they are disclosing to my site.

I got stuck on the second step. I am blind on figuring out how to make
facebook aware of user's login info from my OpenACS website and send it
through.

how could I do that?
Do I need webservice for that?

Is there any development regarding this tools?

Collapse
2: Re: Authentication app from Facebook to OACS site (response to 1)
Posted by Dave Bauer on 08/22/12 03:11 AM
It depends on what you want to do

Do you want to

Allow signle signon using Facebook credentials?

Allow visitors to Like pages on your web site

Allow visitors to post to facebook from your web site?

https://developers.facebook.com/docs/guides/web/

The documentation is different for each application.

The APIs change all the time. Your best bet is to use the javascript APIs and if necessary store facebook information in your openacs database (ie: fid if your want authentication.)

Collapse
3: Re: Authentication app from Facebook to OACS site (response to 2)
Posted by Iuri Sampaio on 08/23/12 03:24 AM
Well I'm starting to develop the interaction with facebook. Thus, at first I will implement "single signon using facebook credentials".

Later, i will develop other tools of interactivity. That's for sure.

I visited the facebook develpoper's website. Actually I put it on my favorities. I also read the documentation and the javascript code for those tools you mentioned: Like, Posts and auth.

"The APIs change all the time. Your best bet is to use the javascript APIs and if necessary store facebook information in your openacs database (ie: fid if your want authentication.)"

How would it be done the first time of signon?

Let's say the user already has an account on facebook and an account on my site. But he's signing on my site with facebook credentials for the first time. Thus, my site doesn't have his facebook's info yet. How would he gets athenticated?

I was wondering the scenario:

Once we agrees on providing his facebook's credentials and submit his facebook user and pwd, the OACS side would be allowed to run an API and to get more data from facebook, such as his email and etc.

Then, I believe at this stage it's safe to get him into the OACS website. However, this would be a log in without pwd on the OACS side.

Would I care about it? Because the user already proved authenticity with his facebook credentials, so it shouldn't be a problem to get him signed in.

do I make sense?
If so, is it correct to design such a ad_proc to retrieve more that from facebook and then gets him signed on?

Do you agree?