Friday, May 19, 2017

OAuth 2.0 for Facebook Apps



OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.
First, we need to go to the Facebook developer site and create an application there.

Go to "My Apps" on top right corner and select "Create new app"
Then a window will be pop up. Then we can enter required details and "Click create app ID"
Now you can see Facebook login and "Get Started" button then click it.

Then you will see something like this. Click on "Get Started" in Audience Network.


In the setting, You need to provide App domain and website URL. Before setting the web URL you need to Add Platform first.
In "settings" provide a App Domain and a Website URL. To provide a Website you have to click on "+ Platform" and then click on website.

In the setting, You need to provide App domain and website URL. Before setting the web URL you need to Add Platform first.
In the dashboard, we can see our App ID and App  Secret
Now let's see how can we use these values to get information from Facebook.

1) response_type
     Code
     Code

2) client_id
     242861496196301
     242861496196301

3) redirect_uri
     http://localhost:8080/OAuthfbapp/
     http%3A%2F%2Flocalhost%3A8080%2FOAuthfbapp%2F

4) Scope
     public_profile user_posts user_friends user_photos
     public_profile%20user_posts%20user_friends%20user_photos

Now we cancombine these values and make the URL.

https://www.facebook.com/dialog/oauth?response_type=code&client_id=242861496196301
&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2FOAuthfbapp%2F&scope=public_profile%20user_posts%20user_friends%20user_photos


Enter that URL in the url bar of your web browser and hit enter. now you can see some thing like this. This is called as user consent page. In the consent page, you can edit what is application going to get your side.

I'm not going to edit this because i'm the owner of this application. then i clicked "Continue as Harshani"

after that this page will appear.
This page appear, becuase for generally we don't have a project whitch support http://localhost:8080/fbappOAuth/
But when we cheack the URL, we cann authorization code is sent to us from Facebook.
( code=.......)

Obtain access token

To get the access token we need to have onther four parameters.

1) grant_type
     authorization_code

2) client_id
     242861496196301

3) redirect_uri
     http%3A%2F%2Flocalhost%3A8080%2FOAuthfbapp%2F

4) code (this code is what u get before step in URl)

 AQBZ6xcvW9SCMyXgecApZGAbZAbyHaf7dDQFd1-xlfVdORP165pGhGmwtutqNMoux_mK7LafvtzziJLf2pIlzHCrG2A4p95G9HtBxS9KV2SkQplB2x1lWIafvUB8lcXnMX6Dlv_F5Bla-XWglUmz8KQUcU-e6Cxj26Xl-nraGkfe4OnW2s-Ac-gDTQQvCmDkHsZsWpF6YgUgffPXwZcn_OpD_iHMxHD8tIj4lERqTLdl2Wgd2r3F3HKxXeatSze3Y7W2QunzzFXwSTnaPw0rnxrQeFlXud_2Bodf_nifMGmZA6yo9tJvKMihcW3zMb1ZhXiNUwPFHsZVISw6SzR7tURZ#_=_

In the HTTP headers, we need to add authorizaton header with App ID and App secret

App ID:   242861496196301
App secret: 3801ca5d29ed06d15dca51e99ce8b4be

App ID:App secret
242861496196301:3801ca5d29ed06d15dca51e99ce8b4be

Now we have to encode the whole value using https://www.base64encode.org/ encorder.
MjQyODYxNDk2MTk2MzAxOjM4MDFjYTVkMjllZDA2ZDE1ZGNhNTFlOTljZThiNGJl

To get access token we need to have specify the token endpoint.

we need to install REST Client plugin in our web browser.
After that provide those values to REST Client and obtain access token.


Retrive resources using access token

Method - GET
URL: https://graph.facebook.com/v2.9/me/feed?limit=25  
Authorization: Bearer <access token value>

This will give user's timeline posts.You will get JSOn response. 
You can limit the number of results using the limit query parameter.



This all was did the manually. Now let's see, how to implement an application which can retrieve these information and output to the user. 



If you are not logged into Facebook only you will see the index page. Otherwise you will directly  go to i.php which shows the results. 


This page is the main page where user directs to.

Test Images

Below images  are being used for the   Hashtag Generator and Content Authenticator research .