flash facebook game authentication

Question

I need to authorise my Flash game (which runs on Facebook) users against my game server. I’m able to get their data like id, access token, etc, from Facebook on the client (I’m using the Flash Facebook API) but I’m not sure how to authorize them on my game server (e.g. do a login with a database query). One scenario that I have on my mind:

If I could get the same access token from Facebook on both the client (which I already do) and the server (with, for example, a redirect URL, which I tried but does not seems to work), then I could easily compare the two tokens (together with the user IDs) and thus authorize the user.

Any ideas how I could achieve this or something similar?

UPDATE To put it simpler, I want to catch the token that is returned from Facebook on the server-side before it gets to the client (it can be a simple PHP script that parses the URL token parameter). Next, store it in the DB on the server, and when the client queries the server, I can do the comparison.

Answer 1

I think I found the solution to this. It’s explained in this answer. Basically, when I receive an access token on the client side, I will send it to the server (my game server) and then I will validate it against Facebook (i.e. https://graph.facebook.com/me?access_token=@accessToken). If it returns user data, then it's the correct token, else, it's invalid.

Answer 2

Why do you need to do this comparrison?, theres no need to compare two entries from the same source.

For example if the comparrison is to make sure if an user is logged in once on either your client webpage, or facebook use session times, check php for this.

If you need to compare any values I cant understand if you want to query twice from the same source.

if you want to update certain values that are not associated with facebook than i would create a second database on the fly which when the Application runs it will input your own data into a database for the client, also on every start of apliacation it could check this first.

This seems you are more looking at a serverside issue here and I recommend adding more info for why you need these queries and add "PHP" to your subjects related tags.