I am building a javascript front-end and a Rails REST API backend. Users can only login using Facebook. What is the best architecture for something like this? I am a Rails and REST newbie but here’s what I’m thinking so far:
- Login on the client using the FB javascript library
- Send a request to /users/current. Include the FB token in the request. (Is this URL restful?)
- On the server
- If the token is valid, fetch the users info and transmit the JSON back (id, pic, name, etc)
- If the token is invalid, transmit an error back
Could someone please point me in the right direction? Thanks!
That is correct, I’m actually developing an application using same concept but through Google login.
What you are looking for is OAuth 2.0 for Facebook or OpenID if you plan to incorporate federated login.
So yeah, basically what you said is correct. You get the authorization token from the client, send request to the server which you should have a authentication method that checks for the validity of the token by sending a GET request for user info to facebook with that token. After you get the response, you should return the information in JSON or an error depending on the data you get back from the GET request.
Facebook OAuth 2.0
That should point you in the right direction. Hopefully this helps.