Forum OpenACS Development: Re: Authentication app from Facebook to OACS site

Posted by Iuri Sampaio on
Well I'm starting to develop the interaction with facebook. Thus, at first I will implement "single signon using facebook credentials".

Later, i will develop other tools of interactivity. That's for sure.

I visited the facebook develpoper's website. Actually I put it on my favorities. I also read the documentation and the javascript code for those tools you mentioned: Like, Posts and auth.

"The APIs change all the time. Your best bet is to use the javascript APIs and if necessary store facebook information in your openacs database (ie: fid if your want authentication.)"

How would it be done the first time of signon?

Let's say the user already has an account on facebook and an account on my site. But he's signing on my site with facebook credentials for the first time. Thus, my site doesn't have his facebook's info yet. How would he gets athenticated?

I was wondering the scenario:

Once we agrees on providing his facebook's credentials and submit his facebook user and pwd, the OACS side would be allowed to run an API and to get more data from facebook, such as his email and etc.

Then, I believe at this stage it's safe to get him into the OACS website. However, this would be a log in without pwd on the OACS side.

Would I care about it? Because the user already proved authenticity with his facebook credentials, so it shouldn't be a problem to get him signed in.

do I make sense?
If so, is it correct to design such a ad_proc to retrieve more that from facebook and then gets him signed on?

Do you agree?