3

We are currently introducing facebook and twitter login functionality for our users both on our website as well as mobile app.

The current issue I have is with facebook tokens, I have noticed that when a user tries logging through facebook the token returned on my website and mobile app are different.

What is the best way to manage these tokens to prevent duplicate registration of users. Each user when logs in creates a basic profile in our database which is linked to the access token. I also use offline_access permission.

Now when this user uses the mobile app a different token is returned and a duplicate profile may be created. How do I prevent this situation, I need the same profile to be detected on the website as well as mobile.

user160108
  • 930
  • 3
  • 8
  • 38
  • if you mean the FB User ID by "token", then my app is returning the same token on the desktop and mobile and can detect the user easily. – Arjun Bajaj Feb 19 '12 at 10:06

2 Answers2

4

The way you do it is, don't identify users by their access tokens, but by their Facebook user ids.

Just GET https://graph.facebook.com/me?access_token=ACESS_TOKEN and you will be returned the basic information about the user, which includes their Facebook user id.

Julio Santos
  • 3,837
  • 2
  • 26
  • 47
  • 1
    Better still, `https://graph.facebook.com/me?access_token=ACCESS_TOKEN&fields=id` as this will return only the Facebook user id, which is all you need. – Clafou Jan 15 '14 at 23:26
0

Just like what Julio said, refer this question for more information. You should use the generated token to verify fb user id

Devise Omniauth and Iphone/Android App

Community
  • 1
  • 1
Anish
  • 319
  • 4
  • 9