Forum OpenACS Development: Authentication app from Facebook to OACS site
to know that this theme already started on OpenACS.
My searching for this subject was based on trying to install the authentication app from Facebook to my website. So far, I figure that in order to log the user into my OACS site using facebook App, three things need
First, Facebook needs to authenticate the user. This ensures that the
user is who they say they are.
Second, Facebook needs to authenticate my website. This ensures that the
user is giving their information to my site and not someone else.
Third, last but not least, the user must explicitly authorize my website
to access their information. This ensures that the users knows exactly
what data they are disclosing to my site.
I got stuck on the second step. I am blind on figuring out how to make
facebook aware of user's login info from my OpenACS website and send it
how could I do that?
Do I need webservice for that?
Is there any development regarding this tools?
Do you want to
Allow signle signon using Facebook credentials?
Allow visitors to Like pages on your web site
Allow visitors to post to facebook from your web site?
The documentation is different for each application.
Later, i will develop other tools of interactivity. That's for sure.
How would it be done the first time of signon?
Let's say the user already has an account on facebook and an account on my site. But he's signing on my site with facebook credentials for the first time. Thus, my site doesn't have his facebook's info yet. How would he gets athenticated?
I was wondering the scenario:
Once we agrees on providing his facebook's credentials and submit his facebook user and pwd, the OACS side would be allowed to run an API and to get more data from facebook, such as his email and etc.
Then, I believe at this stage it's safe to get him into the OACS website. However, this would be a log in without pwd on the OACS side.
Would I care about it? Because the user already proved authenticity with his facebook credentials, so it shouldn't be a problem to get him signed in.
do I make sense?
If so, is it correct to design such a ad_proc to retrieve more that from facebook and then gets him signed on?
Do you agree?