How to securely authorize a user via Facebook's Javascript SDK

Question

I want to let users log in on my website using their Facebook ID without reloading the page. This is why I use Facebook Javascript SDK. This scheme describes the authorizati

Answer 1

Once you've logged in a user via the JS SDK, a special cookie will be setup containing credential info (encoded with your secret key if I'm correct). This info can then be used via the PHP SDK getUser() method.

As long as your API (your ajax endpoint) is on the same domain as your app, you should receive this cookie whenever the user request your server.

Of course, you need to make sure the Javascript SDK is setup correctly and that you used the cookie: true config option, and that you give a valid channel file. If these requirement ain't met, you may have some trouble with cross-domain communication and 3rd party cookie in IE and Safari.

You can also check this related question: A proper approach to FB auth