Home/ Questions/Q 8226457
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T15:46:39+00:00

RFC 2617 specifies the HTTP Basic and Digest Auth standard and works as summarised

  • 0

RFC 2617 specifies the HTTP Basic and Digest Auth standard and works as summarised in Wikipedia’s "Example with explanation" subsection:

  • The client asks for a page that requires authentication but does not provide a username and password. Typically this is because the user simply entered the address or followed a link to the page.
  • The server responds with the 401 "client-error" response code, providing the authentication realm and a randomly-generated, single-use value called a nonce.
  • At this point, the browser will present the authentication realm (typically a description of the computer or system being accessed) to the user and prompt for a username and password. The user may decide to cancel at this point.
  • Once a username and password have been supplied, the client re-sends the same request but adds an authentication header that includes the response code.
  • In this example, the server accepts the authentication and the page is returned. If the username is invalid and/or the password is incorrect, the server might return the "401" response code and the client would prompt the user again.

Note: A client may already have the required username and password without needing to prompt the user, e.g. if they have previously been stored by a web browser.

I am performing login using OAuth2 draft-standard as implemented by Facebook.

Given a server with an exposed public API (e.g.: JSONRPC or REST), how could the client-side JavaScript frontend be written to include the sort of functionality as the previously mentioned RFC 2617 example, but for Facebook auth?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I have found an official (but unmaintained and now officially abandoned) repository of example client-side JavaScript library implementation examples, click here for most recent fork. Here is the JQuery example from that page:

    <head>
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <title>Connect JavaScript - jQuery Login Example</title>
  </head>
  <body>
      <h1>Connect JavaScript - jQuery Login Example</h1>
      <div>
          <button id="login">Login</button>
          <button id="logout">Logout</button>
          <button id="disconnect">Disconnect</button>
      </div>
      <div id="user-info" style="display: none;"></div>
      <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js">
    </script>
  <div id="fb-root"></div>
  <script src="http://connect.facebook.net/en_US/all.js"></script>
  <script>
      // initialize the library with the API key
      FB.init({
          apiKey: '48f06bc570aaf9ed454699ec4fe416df'
      });


      // fetch the status on load
      FB.getLoginStatus(handleSessionResponse);

      $('#login').bind('click', function () {
          FB.login(handleSessionResponse);
      });


      $('#logout').bind('click', function () {
          FB.logout(handleSessionResponse);
      });

      $('#disconnect').bind('click', function () {
          FB.api({
              method: 'Auth.revokeAuthorization'
          }, function (response) {
              clearDisplay();
          });
      });

      // no user, clear display
      function clearDisplay() {
          $('#user-info').hide('fast');
      }

      // handle a session response from any of the auth related calls
      function handleSessionResponse(response) {
          // if we dont have a session, just hide the user info
          if (!response.session) {
              clearDisplay();
              return;
          }

          // if we have a session, query for the user's profile picture and name
          FB.api({
              method: 'fql.query',
              query: 'SELECT name, pic FROM profile WHERE id=' + FB.getSession().uid
          },

          function (response) {
              var user = response[0];
              $('#user-info').html('<img src="' + user.pic + '">' + user.name).show('fast');
          });
      }
  </script>

    Feel free to suggest improvements. Optimally I would like to see:

    • Vanilla JavaScript implementation
    • JSONRPC calls to facilitate login on personal server-end
    • Routing (i.e.: redirect to signed-in user homepage on successful login)
    • 0