S
S
serious9112018-05-31 09:53:02
Android
serious911, 2018-05-31 09:53:02

Authorization through social networks and RESTful API in a mobile application?

I am working on a mobile application in which I need to authorize through social networks (Facebook, VK, OK, etc.), as well as interact with my own API server.
Connected the SDK from Facebook and made authorization through Facebook as described in the documentation . Everything works well and as a result of authorization I get an access_token and information about the FB user. Approximately similarly, authorization will also take place through other social networks. networks.
Next, I need to somehow authorize on my own server for further use of the API. The question is how to do it correctly and safely?
The problem is that this is not the usual authorization via email / password, where after registration / authorization, the user can issue some kind of token and send it in each request to the API. You can also request confirmation of your e-mail address. Here, after authorization through FB, I receive access_token, id and other information about the user, and then, based on this data, I need to create a new user in my database or issue an existing one. That is the problem.
It will look like a normal POST request to my server, in which information about the user (id, name, etc.) will be sent, but how to confirm this information? You can not confirm and everything will work, but if some attacker finds out how and where to send such a request to my server, then he can easily generate hundreds / thousands of users on my server and I will not be able to find out if these are real users. This is not authorization via OAuth, where I receive information about the user via callback from FB/VK servers.
Tell me, please, how to do it right? And also how to make further interaction with the API server in terms of security (creating tokens, signing requests, checking tokens, etc.).
Thank you.

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question