Home/ Questions/Q 8969437
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T17:35:26+00:00

Ok, lets assume the following workflow: Client —-> Server (I Want to login via-facebook,

  • 0

Ok, lets assume the following workflow:

Client ----> Server (I Want to login via-facebook, here is the Auth Token from Js Sdk)
Server ----> Facebook (Get permissions list)
Server ----> Client (Redirect-login, to OK ALL DONE)

How do you go about from here, to ensure the client has a specific permission before you show them another page? Ie:

Client ----> Server (I want page at url XXX)
Server ----> Database (Permission list has the needed permissions for this url, so ok)
Server ----> Client (Permission list was ok, here is the page)

However, the client could at some point have revoked some permissions, or even removed access completely from the server. So, instead of storing the permissions to the DB we need to actually ask facebook each time we need to ensure access, like so:

Client ----> Server (I want page at url XXX)
Server ----> **Facebook** (Permission list has the needed permissions for this url, so ok)
Server ----> Client (Permission list was ok, here is the page)

Of course this workflow doesnt scale, would make load times tremendous, and is in general wrong. Is there an alternative way to ensure that the client is authorized (and for specific permissions) before loading the page?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can query the current permissions, /userid/permissions. (You can also just ask for specific permissions, using field expansion).

    And you can get automatic updates for a change in permissions granted to your app by a user, using real-time updates. (That way, you can store them in your database and keep them up-to-date without having to ask every single time.)

    • 0