Is there a way to give access to FB public app for a few dedicated FB users?

Question

Is there a way to specify only a small number of FB user profiles that can login with my FB Web app? With a possibility to manage the list making FB API calls (add a user to a list or remove it).

A preferred algorithm is as follows.

1. A user gives me a link (or id) to her FB profile (https://www.facebook.com/profile.php?id=[ID] or https://www.facebook.com/john_doe)
2. I make a FB API call and save this account eligible to login with my app.
3. A user then logs in with my app on the app's web page with FB login button. And my app accepts the login since the user is allowed to login.

I would like to avoid setting up a local DB and store allowed user ids with it. Because since v2.0 FB made it impossible to match real user id with app scoped user id. I mean:

1. A user gives me her real user id.
2. I store it in my local DB.
3. Then the users logs in with my app, but both FB.login and FB.api(/me) return app scoped user id, not a real user id. And it is not the one that is stored in my local DB. And there are no means to map it with a real one. So I won't be able to distinguish a user.

Is there some best practice to solve it?

Answer 1

I would do it like this:

• Let everyone use the login button
• by default, users do not have access but can "request" it
• you build a backend, where you list all user requests
• in the backend, you can approve/deny users
• after that, users can go further in your app

Your solutions will not work, because you cannot get access to the username (john_doe) or the "real" id with the API.