Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Mar 2011
    Posts
    148
    Thanks
    0
    Thanked 20 Times in 20 Posts

    Login the user with Facebook without revealing the APP ID

    Hi,
    In the Facebook documentation about Login the user with Facebook APP they say:

    "Because it requires you to include your App Secret you should not attempt to make this call client-side as that would expose this secret to all your app users. It is important that your App Secret is never shared with anyone".

    I understend it is about APP Secret, but what about the Developer ID?
    The developer ID is added in the URL address of the window for login the user with Facebook:
    Code:
    https://www.facebook.com/dialog/oauth?client_id=APP_ID&redirect_uri=...&state=...&scope=...
    The APP_ID can be copied and used by anyone.
    I tryed with JavaScript SDK, and with PHP SDK, but in both cases the developer ID appears in the address bar.
    I tryed also the get and display the page from that URL address using cURL, but of course not works.
    Is there any way to login the users in my web site using Facebook, without revealing the developer ID?
    Or, it doesn't matter if someone uses your Facebook APP ID?

  • #2
    The fat guy next door VIPStephan's Avatar
    Join Date
    Jan 2006
    Location
    Halle (Saale), Germany
    Posts
    8,927
    Thanks
    6
    Thanked 1,040 Times in 1,013 Posts
    The app ID can’t be used by anyone else because it is linked to a certain user account. At least that’s what I would think. Even though Facebook isn’t the vanguard of privacy measures it would be pretty stupid if one could just use another person’s app ID.

  • #3
    New Coder
    Join Date
    Apr 2011
    Location
    California
    Posts
    54
    Thanks
    0
    Thanked 2 Times in 2 Posts
    you could try using iframes? not a very good solution for the problem because it's still very much available but at least it's not in the address bar.
    App Developer, Front End Designer and Learner at>> Facebook App Development Company - Cygnis Media

  • #4
    Regular Coder
    Join Date
    Mar 2011
    Posts
    148
    Thanks
    0
    Thanked 20 Times in 20 Posts
    Thank you for the answer.
    In the end I belive it doesn't matter because if FB made their APP to work in this way, they know how that ID can be used.
    And I think it is the same ID that is already publicly.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •