How to authenticate a user in an android app that uses Facebook login

Question

How to authenticate a user in an android app that uses Facebook login

Navigation

#1 by (4 votes)
#2 by (0 votes)

4

I'm creating an Android application where the user will have to register to access the content of the application (a login). To do this, I use the famous Facebook Login by default. When the user logs in via the Facebook button, I trigger my REST service that will register it in the remote database. That is where my doubts arise:

In my remote database, I currently have the fields username , email and password . Since I'm using Facebook Login (OAuth), what would be the correct / expected / default way to do this?
Even using facebook login, is it good practice after the success of Facebook login I call an activity for user to fill username and senha ? Makes sense? Or as the facebook login already did the hard work of authenticating the user, I just need to have the email field in my database?

I'm kind of lost on this, and I would like guidance from you.

android facebook oauth2

asked by anonymous 25.06.2015 / 21:38

2 answers

0

THE BASIC FOR AN IMPLEMENTATION:

Facebook App - Set up, create a simple login link.
Facebook SDK - Configure the SDK to use the api.
Facebook App ID - Use the ID of your app:

1 - Open res / values / strings.xml

2 - Add a new string named facebook_app_id and put id in it.

3 - Open AndroidManifest.xml and add this:

<uses-permission android:name="android.permission.INTERNET"/>

4 - Add a meta-data element to the application:

<application android:label="@string/app_name" ...>
    ...
    <meta-data android:name="com.facebook.sdk.ApplicationId" android:value="@string/facebook_app_id"/>
    ...
</application>

5 - To use Facebook Login or Share, simply add FacebookActivity to your manifest:

<activity android:name="com.facebook.FacebookActivity"
          android:configChanges=
                 "keyboard|keyboardHidden|screenLayout|screenSize|orientation"
          android:theme="@android:style/Theme.Translucent.NoTitleBar"
          android:label="@string/app_name" />

ANSWERING YOUR QUESTIONS:

To interact with MySQL database, we need to build an API first. The work of the API is to get the client's request, interact with the database, and finally give the response back to the client.

⇒ GET / POST methods ⇒ Interacting with database, inserting / fetching data. ⇒ Finally will give response back in JSON format

Tutorial

Font

26.06.2015 / 15:43

Is there any way for a div to take on the role of scroll? Organize list with more than one criterion in case of a tie

score 4 · Accepted Answer

Hello,

I'msettingupadatabasethatlookslikewhatyouwant,theonlydifferenceisthatinmyapplication,theusercanloginviaFacebook,Google,ormyapplication'sauthenticationsystem,andiftheaccounts(Facebook,Google,myApp)belongtothesameowner(detectedviaemail),sotheywillhavethesamesingleuserintheapplication.Iammodelingthedatabasetosupport,regardlessofhowmanyauthenticationmediaIwilluse.

Inmycase,thesameusercanhave2accounts,ex:Facebook,Google.Oreven3accounts,ex:Facebook,Google,MyApp.

Explaininghowitworks:Eachuser"user" can have one or more "identity", cade "identity" is a means of connection used by the user. In the "identity" table, there is the "user_id" column that points to the user, the column "adapter" indicates the medium used (facebook, google, my_app), and hash is stored the user ID that is returned by Facebook or Google when using their APIs. In case it is an access through your own login system (my_app), then the hash will store the password that it has registered, encrypted with bCrypt, in my case.

At the time of login, you must acquire the access email, either by your application (inserted by your login system), ie by Facebook or Google, their own API returns the email as well. So, in the login logic of your REST service, you should check if this email already exists in the "user" table, because if it is, it means the user already exists, right? In this case you will get the ID of this user will check if there already exists an "identity" for the connection medium used. To do this, make sure the adapter matches, if it matches well, check that the hash also matches, if it matches, legal! It means that the user already has an account, and logged in using that account. If you do not have this "identity" then you must register. The same is true if the user does not exist, then you will have to register both the user and the identity itself.

Editing: I talked and talked and I do not think I answered your main questions. So here goes:

For the first question, I think what I wrote above answers. I put a picture too.

For the second doubt, I do not see need to make the user fill in username and password, it does not really make sense, considering that if the user has chosen to sign in via Facebook, it is because he does not want to be creating user and password. In addition, this entire login process is done in a secure Facebook environment, the API takes care of all this, you just need to take care of the part of storing the user in the DB if the connection succeeds. What is perhaps interesting to do, is a step to finalize the registration, if you want to know some additional information that is not returned by Facebook.

Any questions or suggestions, I'll be following!