Home/ Questions/Q 7708187
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T00:32:50+00:00

i I can not understand one thing.. On my website there is a button

  • 0

i I can not understand one thing..

On my website there is a button with FB.login method from facebook’s api JS SDK.

When the user first visits my website, clicks on the button – get some data from his facebook’s profile, and then we’ll check at my server in the database is there user with this id, or not? If no – write a new row. Also we create the user’s profile on my website.

Now the question, when the next time the user visits our website (and clicks on a button, if he is not logged in) – how to identify him to combine with his profile on our website? For example, to show him his profile, or that he could change anything in it…

In the usual authorization we compare the password and user’s login in the database, here is no such possibility. AccessToken changes all the time. Thought just check user’s FB id, but then, perhaps, anyone will be able to substitute his FB id, and enter in his profile, is not it?

What tricks are used in this case?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Regardless if user visits your site first time or not you always use the FB.login method. This method validates if the user has relation with your application and gives you an access token when the user has accepted your app.

    When using facebook login to authenticate users, the user register in your database does not contain password, you only have facebookid to relate facebook account with the profile of your website. The facebook id can be obtained using the accesstoken provided by FB.login method in the server side or through javascript like next example taken of facebook docs.

    FB.login(function(response) {
if (response.authResponse) {
   console.log('Welcome!  Fetching your information.... ');
   FB.api('/me', function(response) {
      console.log('Good to see you, ' + response.name + '.');
   });
 } else {
   console.log('User cancelled login or did not fully authorize.');
 }
});

    In the response object you can get the facebook id (response.id).

    • 0