i've been looking oauth while, haven't implemented in of applications yet. i'm having trouble understanding full concept, still have few questions haven't found answer to, hope can me.
i want user able start application (wp8), login facebook / twitter / microsoft / ... . when gets authenticated, want save user own db can add user specific stuff preferences, posts, ... .
what need save in own db specify user? need save token or invalidated after while? or need specify user's name? other words: can use unique identifier?
and happens when user authenticate example facebook , deletes account?
and 1 more question, ever allow user connect application 2 different service providers? if so, how make coupling of these 2 providers 1 user in own db?
i hope questions clear enough! if not, don't hesitate ask more information!
kind regards,
gert
i assume have own back-end authenticate own users , wp8 application client.
first, let me distinguish between user credential , user profile. user credential validates user is, e.g. username/password, facebook user id supplied valid auth token. user profile, store in own database user.
you need distinguish between token use authenticate user , accesstoken facebook needs grant access user's data.
so... answer questions:
what need save in own db specify user?
create record user data (like preferences, , unique user id), , user's login method (e.g. facebook) , credential (e.g. facebook's user id). user's profile.
do need save token or invalidated after while?
you can store facebook accesstoken here if you've been granted "offline access" privileges facebook, used facebook's access you... not user's access app/back-end. user's access use mechanism similar cookie-based authentication - it's you. use accesstoken kind of "cookie", need check against facebook it's valid.
with other words: can use unique identifier?
you treat facebook's id unique (so long never allow account in your user profile db link same facebook account)
and happens when user authenticate example facebook , deletes account?
it's idea have users still create username/password combination works site , rely on facebook login convenience. in case, facebook provides "deauthorize callback url" when create app profile on facebook. called when user deactivates app or deletes account facebook. when receive call, send user email when auth link setup different credential not lose access.
would ever allow user connect application 2 different service providers? if so, how make coupling of these 2 providers 1 user in own db?
sure, that. you'd want allow twitter account well. you'd need add twitter user id field user profile database.
here's tip: create asp.net mvc4 project in visual studio - template includes example of how set user profile database oauth login.
hope gives high-level overview investigate further.
Comments
Post a Comment