flash facebook game authentication

Question

I need to authorise my Flash game (which runs on Facebook) users against my game server. I’m able to get their data like id, access token, etc, from Facebook on the client (I’m using the Flash Facebook API) but I’m not sure how to authorize them on my game server (e.g. do a login with a database query). One scenario that I have on my mind:

If I could get the same access token from Facebook on both the client (which I already do) and the server (with, for example, a redirect URL, which I tried but does not seems to work), then I could easily compare the two tokens (together with the user IDs) and thus authorize the user.

Any ideas how I could achieve this or something similar?

UPDATE To put it simpler, I want to catch the token that is returned from Facebook on the server-side before it gets to the client (it can be a simple PHP script that parses the URL token parameter). Next, store it in the DB on the server, and when the client queries the server, I can do the comparison.

try facebook support/forums/google? – Mitch Wheat Apr 09 '12 at 02:00 — Mitch Wheat, Apr 09 '12 at 02:00
what's wrong in asking this question here? – Alex Apr 09 '12 at 02:24 — Alex, Apr 09 '12 at 02:24

score 1 · Answer 1 · edited May 23 '17 at 10:08

1

I think I found the solution to this. It’s explained in this answer. Basically, when I receive an access token on the client side, I will send it to the server (my game server) and then I will validate it against Facebook (i.e. https://graph.facebook.com/me?access_token=@accessToken). If it returns user data, then it's the correct token, else, it's invalid.

edited May 23 '17 at 10:08

Community

1
1

answered Apr 09 '12 at 13:18

Alex

129
1
1
8

score 0 · Answer 2 · answered Apr 09 '12 at 02:44

0

Why do you need to do this comparrison?, theres no need to compare two entries from the same source.

For example if the comparrison is to make sure if an user is logged in once on either your client webpage, or facebook use session times, check php for this.

If you need to compare any values I cant understand if you want to query twice from the same source.

if you want to update certain values that are not associated with facebook than i would create a second database on the fly which when the Application runs it will input your own data into a database for the client, also on every start of apliacation it could check this first.

This seems you are more looking at a serverside issue here and I recommend adding more info for why you need these queries and add "PHP" to your subjects related tags.

answered Apr 09 '12 at 02:44

joshua

676
1
5
19

The reason I need to do the comparison on both ends is because although I get user info on the client, I need to login the user on the server as well. I already use a socket server to transmit data, so I don’t want to use PHP as a backend solution unless it's a simple script. If, for example, I call the oauth of graph API manually (i.e. without using the flash API), I can pass the redirect URL to which the token will arrive after the authentication which in turn I can parse on the server side. I’m wondering if I can do something similar with the flash API. – Alex Apr 09 '12 at 03:02
To put it simpler, I want to catch the token that is returned from Facebook on the server-side before it gets to the client. Next, store it in the DB on the server, and when the client queries the server, I can do the comparison. – Alex Apr 09 '12 at 03:10

flash facebook game authentication

2 Answers2