2

TL;DR version:

Can you authenticate with Facebook without having a callback URL for a web application since the web application isn't actually running on a server.

Full explanation:

I'm working on building a connectedTV platform application where the "app" itself is a bunch of HTML/JS/CSS running locally (like File -> Open on your desktop browser) and I'd like to integrate Facebook into this.

The problem is that all of Facebook's OAuth calls for the web require you to have a callback URL to redirect the user to in order to complete authentication. Here's the gotcha -- there is no URL for this application -- it's a locally running webpage on the device.

I know this is what out-of-band authentication was designed for, but I can't seem to find any documentation on how to use this (or how to do a non-callback OAuth flow) with the Facebook OAuth system.

tkone
  • 22,092
  • 5
  • 54
  • 78
  • The solution needs to work if you're loading the web page through the browser's File->Open dialog opening an HTML file from your local file system. All the OAuth methods require you to have a server to redirect the call to, even the JavaScript API. (Unless there's an undocumented option to obtain the token without a redirect) – tkone Sep 29 '11 at 20:09

3 Answers3

4

You're describing desktop authentication or any situation where you are authenticating to FB without a server. The redirect URL you pass to the OAuth dialog is https://www.facebook.com/connect/login_success.html When the browser redirects you can get the access token. You can read all about it in the FB documentation, way at the bottom in the Desktop Apps section (https://developers.facebook.com/docs/authentication/)

Just reread your question and since the application runs inside a browser you will need to open another window to authenticate and get the access token from that.

  • 1
    Ugh! I can't believe I missed that. Man. Upvote & correct answer goes to rlm2 for pretty much telling me to RTFM, but in a much nicer way. – tkone Sep 30 '11 at 14:28
0

If you're doing HTML/Javascript, use their Javascript SDK. You can log the guy in simply by using FB.login and getting the access token from the callback from that.

Mike Ruhlin
  • 3,546
  • 2
  • 21
  • 31
  • Nope, this still tries to redirect to the URL specified in the application setup on the Facebook platform. Set up an app, and just do the minimum FB.init({'appId':'[your app id]'}); and then try a FB.login call. Then open this simple HTML page in your browser and try to login. You'll get an error because the URL you're calling the function from is not owned by your application. (Especially since it's a file:/// URL...) – tkone Sep 29 '11 at 20:05
0

I really don't think this is directly possible. Unless there is something totally undocumented, Facebook has no mechanism to send authentication data except by loading a url. I'm sure it's meant at least partly as a security measure, functioning as sort of a "whitelist" of where auth data will be sent.

The only way I can think of for you to work around it might be to set up a url on a server somewhere that could answer the redirect and store the auth data, and have your client-side code poll that server to get it. Kind of a proxy authentication service, in effect. You would probably have to open a second browser window with the Facebook auth screen in it, but in theory it could work.

Floyd Wilburn
  • 1,852
  • 2
  • 13
  • 6