#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2010
    Posts
    8
    Rep Power
    0

    Rest api with 3rd party single sign on


    Hey all, perhaps somebody can come up with a solution to my woes.

    I've created a website, that users can sign up for either by normal username/password, or with a 3rd party login (in this case facebook connect).

    All is working great with the site, the normal users have name, email password in the db users table. facebook users have no password, but rather their facebook id number.

    I've pretty much now finished making a rest/json api for 3rd party developers to create apps that will leverage the functionality of my site.

    For the rest authentication I'm probably gonna user either basic http, or oauth (like twitter apis etc).

    My problem is thus. Is there any way I can offer an authentication flow, for 3rd party devs to use, for users who have signed in to my site with facebook, and are not native users.

    Hope this makes sense.

    Cheers
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Most API systems don't use the user's normal account login details to perform API authentication. They usually generate an API token (sometimes two tokens; one is constant as an identifier like a username and one can be re-generated manually if needed like a password). This gets around your problem since all authentication will be local to your site, and it's also more secure since people won't have their normal usernames and password embedded in application source code.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around

IMN logo majestic logo threadwatch logo seochat tools logo