I’m looking at .Net code which performs a facebook login, using the C#/.Net library wrappers.
I would like to pass an identifier into the log-in attempt, with the goal of having facebook pass it back to me once the user has been authenticated.
I’m constructing the redirect url for the request manually, and I’ve tried both of the following without much success:
oAuthClient.RedirectUri =
new Uri( "http://localhost:3434/fbOAuth?token=" + HttpUtility.UrlEncode( token ) );
//fails when attempting to get access token -
//"oAuthClient.ExchangeCodeForAccessToken( code )" throws an exception.
var loginUri = oAuthClient.GetLoginUrl( new Dictionary<string, object>
{ { "state", returnUrl }, {"app_data", HttpUtility.UrlEncode(token)} } );
//doesn't pass app_data back to my application
How do you pass arguments to your application as part of the facebook login process?
I use the Facebook C# SDK for building Facebook apps too. What I don’t use is their authentication stuff. In my experience, authentication is the hardest part of the overall Facebook app implementation. Getting it right for all devices and all browsers is hard.
You can use the
stateparameter to pass data of your choosing to Facebook as part of the server-side OAuth design. The Facebook C# SDK chose to use thestateparameter to provide context of where to redirect the user on the completion of authentication. That is not how Facebook intendedstateto be used. From https://developers.facebook.com/docs/authentication/ :In my own server-side Facebook OAuth implementation, I generate a GUID, concatenate some state info such as the controller to return to, encrypt that string, and pass it as the state parameter.
When it comes back I decrypt it and away I go. You could do something like that to pass whatever stateful app-specific data you want.
The server-side OAuth design is pretty straightforward and well documented at the page linked above.