Implementation Example: Facebook

Now that we understand how the OAuth 2 process works, let’s take a look at a practical example of the specification: the Facebook OAuth 2 implementation. In this example, we’ll step through the process again to capture an access token, use that access token to capture protected user resources, and refresh the access token if its lifespan is specified.

This process contains several steps, including:

  1. Constructing our common variables and functions to use in the process.

  2. Making a request to have the user authorize the application.

  3. Exchanging the user authorization grant for an access token.

  4. Making requests for protected user data using the access token.

These steps will give us a good overall view of how OAuth 2 functions.

Creating your application

Before we explore integrations of OAuth 2 using the Facebook platform and leveraging its Graph API, we need to start by creating a new application on Facebook to obtain the OAuth 2 keys we need to actually implement the example.

First, we’ll go to the Facebook developer page to create our new application. In your browser, navigate to http://www.facebook.com/developers/. At the top of that page, you’ll see a button to allow you to set up a new application, as shown in Figure 9-14. Click that button to begin. This should be in the same section that lists the applications that you have already created with Facebook (if any).

Figure 9-14. Facebook’s Set Up New App button

Enter in the application name and any other essential ...

Get Programming Social Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.