Is the Facebook JavaScript API suitable to create user accounts?

I want users to be able to register on my mobile (web based) app and login using their Facebook account. Is this possible using the JavaScript API?

The user can login using Facebook, and the userID and auth code of that user can be sent to my server to create the account, but I see a security flaw because then anyone could then log in as anyone by sending a userID and their own auth code. So can user accounts not be done with the JavaScript API and only with a server side API?

Answers


All Facebook requests are also signed with a secret key that belongs to the app you've registered to handle Facebook sign-ups on your website, so you can use that to verify it comes from Facebook and not someone else.

This is also outlined in the registration documentation


Strictly speaking, it is not possible for the Facebook SDKs to explicitly create a new user. However, when you implement a 'Login with Facebook' button (see here for JS and here for PHP), Facebook's OAuth dialog appears, which will prompt the user to log in (if they are not already) or to sign up with Facebook, thereby creating a new account, albeit not under your control.


Need Your Help

NaN replacement in node.js with an integer

javascript node.js socket.io

I am using following code to update database in node.js

WITH statement in dynamic sql

sql-server stored-procedures with-statement dynamicquery

I need to store a query as a stored procedure in SQL Server.