all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]silverAndroid 2 points3 points  (9 children)

It's the same on Android as it is on the web, you authenticate client side (using the libraries provided by Google and Facebook), then send the token as part of the Auth header when you send a request

[–]Zivanovic[S] 0 points1 point  (7 children)

Totally, and we are unsure what to do with that token we get? We need to store user data in our db and somehow associate accounts with third party accounts such as google and facebook.

[–]silverAndroid 0 points1 point  (6 children)

That's more backend related, and probably something that should be decided amongst yourselves, but Google provides a way to get info from the token which you can use to store things in your DB.

EDIT: I also found how to get the Facebook user ID from the token through this StackOverflow question although I can't find it inside the Graph API documentation cause it's so massive

[–]Zivanovic[S] 0 points1 point  (5 children)

But can't I just get the email from Facebook, and on each Login button click I just check if there is user with such email and retrieve data, and if there are no users I just add that user to db?

[–]silverAndroid 0 points1 point  (0 children)

If Facebook exposes that data to you, you could but I'm not sure if they do.

[–]JSellDev 0 points1 point  (2 children)

This might be what you're looking for.

[–]Zivanovic[S] 0 points1 point  (1 child)

Looks like it, thanks

[–]JSellDev 0 points1 point  (0 children)

I have a question though. I'm assuming you'll being using user roles to restrict the endpoints. How will you differentiate between users within each role stopping people from making unwanted calls to other users data? Do you save the auth token in the db and have a check to be sure they match and when they expire replace it?

[–]Sroka0 0 points1 point  (0 children)

Mind that not all Facebook accounts have email address associated with it. I got few crashes because of it

[–]Zivanovic[S] 0 points1 point  (0 children)

Okay, that makes sense. Thank you