August 11th, 2010, 09:21 AM
Rest api with 3rd party single sign on
Hey all, perhaps somebody can come up with a solution to my woes.
I've created a website, that users can sign up for either by normal username/password, or with a 3rd party login (in this case facebook connect).
All is working great with the site, the normal users have name, email password in the db users table. facebook users have no password, but rather their facebook id number.
I've pretty much now finished making a rest/json api for 3rd party developers to create apps that will leverage the functionality of my site.
For the rest authentication I'm probably gonna user either basic http, or oauth (like twitter apis etc).
My problem is thus. Is there any way I can offer an authentication flow, for 3rd party devs to use, for users who have signed in to my site with facebook, and are not native users.
Hope this makes sense.
August 11th, 2010, 02:25 PM
Most API systems don't use the user's normal account login details to perform API authentication. They usually generate an API token (sometimes two tokens; one is constant as an identifier like a username and one can be re-generated manually if needed like a password). This gets around your problem since all authentication will be local to your site, and it's also more secure since people won't have their normal usernames and password embedded in application source code.