As a general facebook user, when we go to use an facebook application, we get an window titled ‘Request For Permission’ . After clicking ‘Allow’ button, we can enter the application. This is an very usual scenario. Its a very important stage for developing an facebook application, where couple of things must be noticed very carefully for creating the process in the most suitable way. Here, I will give some important tips which you should follow while creating an facebook based application and implementing facebook authentication.
Need facebook api authentication at all?
In many cases its possible to integrate facebook’s provided functionality for social optimization of your site very easily, without any need of authentication process. This are provided by facebook as simple html code snippet, which are iframe based. Those code on iframe automatically detect a member’s session and provide options to contribute to the site by his activities. These are very well known activities , such as ‘Like’,'Share’,'Comment’,'Live streams’ etc. So, if your need are something around these, you shouldn’t be worry about implementing authentication at all.
Ask for proper extended permissions:
Now, we need user authentication actually so that we can access some of user’s private information and also write data to users facebook streams. You should remember that, your application is getting permission that doesn’t mean that you can access whatever you want. There are a lot of facebook api methods, which requires special extended permission before they can be accessed. So, first measure your application purpose first, what kind of permissions you may need and then add them while implement the authentication process.
For how long you want user to authenticate:
You must have to remember that, in general traditional authentication, session time to access private data from your is limited and it gets expired after a certain time. If you want user to access your application in future without authenticate again, you will have to get an ‘offline_access’ extended permission, which doesn’t have any expiry time, so you can save that against a user and use as many times as you need. Best and easiest way to do this, is to save the access token in cookie with a long expiation duration and retrieve that whenever user tries to access the application.
Do your application requires offline access permissions?
You also need to determine whether you will need access to user profile for retrieve private data, publish data to user’s time line etc when user isn’t online/not using the application. If you need so, you will require to get ‘offline_access’ extended permission as like the previous point.However, it won’t be enough to save the save the access token in cookie this time as you will need accessing this beyond user interactions. Best way to get this done is to save the access token to database along with user id so that you can retrieve that later when needed.
FOr official documentation, you can facebook authentication overview. If you are trying ti find out pratical way/code samples to implement facebook api authentication(specially retrieve the access token as this the main part) and you are a C# developer, then refer to my another article on getting facebook api access token in c#. Hope this will help you. If you need anything else, let me know. Happy coding