How to authorize a user on the server via OAuth?

X

Xcopy2015-02-14 16:29:06

OAuth

Xcopy, 2015-02-14 16:29:06

Hello!
I am pushing a site where it will be possible to log in via OAuth of a third-party service (for example, facebook).
After passing the authorization procedure, I get an access token of the user from facebook.
The question is that I don't know how can I identify the user on my site itself? Through the same token? You just need to write it to yourself in the database and somehow throw it off to the user so that he writes it to his cookies and sends it to me every time the request is made, for example, in the http request header?
What if the token becomes obsolete, etc.?
Most likely, I misunderstand how user authentication works on sites via OAuth...
Please explain in a nutshell how users are authenticated in such cases?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

N

Nikolai Korabelnikov, 2015-02-14
@perminovma

OAuth gives you the ability to use facebook resources for your site. But this does not mean at all that your user will be able to authenticate on your site with a facebook account.
In other words, if your site needs to access a user's facebook contacts, then using OAuth you can implement this by making just one button for the user, clicking on which he will see the facebook authentication page. Once authenticated, the user will grant your site access to contacts.
In a nutshell, you can read about OpenID here:
habrahabr.ru/company/mailru/blog/115163
geektimes.ru/post/77648
What you describe is more like OpenID or SAML.