Facebook Authorization with Node

In this course, we ask the tough questions. Like, what IS Facebook Authorization?

• You have probably logged in to an application with Facebook before!
• Based on Process called OAuth
• Process where login / registry process is handled by Facebook

We briefly discuss OAuth, the basis of Facebook Authorization.

• “OAuth is an open standard for authorization”
• Currently on OAuth 2.0
• Summary: lets you log in to sites with Facebook, Google, etc.

We rap about the numerous advantages of working with this Facebook authentication.

• User never enters a password on your site
• Often, user only needs to log in to Facebook once no matter how many apps are authorized
• Liability of storing user’s personal data and password eliminated

Next, we take a look at the reasons you might not want to authenticate via Facebook.

• Facebook may change their API at any time
• Facebook can disable your app for no known reason
• Third parties may know when users access your app

Don't want to authorize with Facebook? Well, you're missing out! But in the spirit of fairness, we take a look at some alternatives in this video.

We learn and demo the process of getting set up with an app on Facebook, a prerequisite of Facebook authorization.

• Creating a Facebook app is easily done via the developer’s page on Facebook

• After app is made, an app ID will be provided for us

We learn to distinguish between public and private information, as it relates to Facebook.

We learn and demo the adding of app domains, which allows us to integrate with Facebook's many security features.

• App domains tell Facebook which websites are allowed to identify themselves as your app
• Apps not served from the correct domain will not be validated by Facebook

In this video we will begin constructing the Node project. Please see the resources for a download of the full project. (You can also copy along by watching the video.) If you download the complete project, remember to run NPM install and also replace the App ID with your own.

• package.json and .gitignore file will be created via CLI arguments
• Express will be installed to serve any pages we want
• The Request library is used to validate user-supplied data with Facebook

We demo the creation of the server file, necessary for any Node application to serve up web pages.

• The “server” file will create a server whenever the file is run by Node
• Server will continue to “listen” on specified port until process ends

We finally implement a login button, getting us one step closer to true Facebook authorization.

• Login button code is provided by Facebook and needs to be included mostly as-is in order to work
• Replace dummy App key with own

We modify our hosts file, allowing us to test our Facebook authorization locally. This is a windows demo. If  you are working from a Mac, please follow the instructions in the resources section or use a tool called GasMask.

• Facebook will not authenticate from localhost domain
• Hosts file allows the localhost domain to be accessed by different URLs in the browser

We learn about token Auth fraud, and how unsuspecting developers can fall victim to it.

• Lax security allows a user to masquerade as any other user

In this video we explain the process of validating tokens with Facebook, and then demonstrate how to do manually using Google Chrome.

• All user-provided credentials must be validated with the Graph API

In this video, we implement the first part of the Auth Service, a tool we will use to let Node automatically handle the validation we had to do manually before.

• Request library will be used to query Facebook API each time a request is made

In this grand finale, we complete and test our Authorization Service, put ourselves in the shoes of the user and prove the validation works.

We quickly review what we've learned in this course.

• How to create a Facebook app
• How to test Facebook authentication locally
• How to prevent Facebook auth fraud

We discuss various tools you can use to continue learning. See resources for links to these sites.

• NodeConf
• Facebook Developer Documentation
• Oauth Wikipedia Page / Spec

A quick video to say, thanks for watching!