Social Login with Facebook







Social login is a form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google+, to sign into a third party website instead of creating a new login account specifically for that website.

Social login is often implemented using the OAuth standard. OAuth is a secure authorization protocol which is commonly used in conjunction with authentication to grant 3rd party applications a "session token" allowing them to make API calls to providers on the user’s behalf. Sites using the social login in this manner typically offer social features such as commenting, sharing, reactions and gamification.



Step 1 : Create an application in the developer account on Facebook.
  • Provide a display name for your application and your contact email and create the application.
  • Once your app is created, associate “Facebook Login” with it.
  • Under the Settings of the “Facebok Login”, select the platform 'Web' for this app. And you need to provide the Redirection Endpoint URL.
  • This URL should be within your client web application and Facebook will send all responses to this URL. However, for trying out this flow, you don’t need to have a working URL available. You can simply provide a dummy URL here for the moment. The same URL you add here should be sent along with requests in next steps.
  • In the Dashboard, you can see the App ID and the App Secret for your app. In OAuth terminology, we call the same as Client ID and Client Secret, or Consumer Key and Consumer Secret.

  • Now we have successfully registered our app in facebook and configured it. You need to take down the App ID and App Secret which is generated for your app and also the Redirection Endpoint URL which you defined where we will use these three values in next steps when making requests to facebook for retrieving user resources.

Step 2 : Create a Login page (login.php).


Step 3 : Create a config.php file.
  • Start a session and call autoload.php from Facebook SDK.
  • Go to https://developers.facebook.com/ and get the client ID (app id), client secret (app secret) and API version from the application that you created.

 Step 4 : In login.php set the redirect URL and Scope and get the authorization URL from the facebook.
  • Set the redirect URL to fb-callback.php file.
  • Set the permissions to 'email'.
  • Permissions are how you ask someone if you can access that data.
  • Your app has requested a person's email address but that request also automatically asks for access to a person's public profile.

 Step 5 : Create the fb-callback.php and retrieve the user information from the user.
  • In here, we get the access token, to retrieve the user information.
  • If there is no access token, we redirect back to login.php.
  • With the access token, we can retrieve the user information and redirect to index.php to view them.

 Step 6 : Create the index.php file to display the data retrieved using the below code.


Step 7 : Run the Application.




So this is the result.



Source code : Social Login with Facebook
Reference : https://www.youtube.com/watch?v=1DgzTWr3F2I

Comments

Post a Comment

Popular posts from this blog

Intrusion Detection System Vs. Intrusion Prevention System

Image
Intrusion Detection System (IDS) is a computer security system that monitors network traffics for malicious activities and alert the network administrator when malicious activities detected. IDS performs a passive monitoring and implement in passive/promiscuous mode. IDS can detect the malicious activities but cannot prevent it. IDS have these capabilities include: Monitoring about malicious activities Auditing about malicious activities Forensics about malicious activities Reporting about malicious activities Figure 1: Intrusion Detection System Attacker sends a malicious traffic via internet to the target host. Data packets will reach to both network and IDS. In IDS, packet will be inspected by sensor. Store the log report on management console. Intrusion Prevention System (IPS) is a computer security mechanism that inspect a network traffics for malicious activities (security threats or policy violations) and take actions for detected activities. IPS have capab
Read more

Cross Site Request Forgery Prevention - Synchronizer Token Pattern

Image
With the Synchronizer Token approach, the server embeds a dynamic hidden variable in an input form. When the form is submitted, the server can check to make sure that the hidden variable is present and that it is the correct value. In login.php, we have to generate a session identifier and set it as a cookie inside the web browser. At the same time it generates the “CSRF token” and saves it in the server side. The generated token is mapped to the session identifier. In profile.php, You will see the form which you have to fill out a form providing your name, IT No and the faculty. What you can see is that there is a hidden field in this form which has the value of the received CSRF token. When this page loads, it executes an Ajax call which calls CSRF.php via a JavaScript which invokes the endpoint for obtaining the CSRF token created. What happens in the endpoint; which is submit.php in our case, it accepts the HT
Read more