user308808
Reputation:
How does facebook single sign-on work under the hood?
I am using the new javascript sdk and I am developing locally (ie. no hosted server).
I was successfully able to get the access token which the js api stores in a cookie for localhost domain. However what I don't understand is:
- How fb js is able to set a cookie for localhost. Doesn't this violate same origin policy?
- If fb uses Oauth 2.0 protocol for authentication/authorization, how is the single sign-on able to retrieve the access token even when though I haven't specified a callback url and there are no redirect from my main page.
Can someone demystify what is happening under the hood here?
Upvotes: 4
Views: 1869
Answers (1)
daaku
Reputation: 2807
FB JS is able to set cookies on localhost because you're including the FB JS SDK on your domain via a <script> tag there by giving them access to your cookies (much the same way Google Analytics writes cookies for your domain).
OAuth 2.0 involves a redirect to your website, there's really no other way for Facebook to return the code necessary for your app to retrieve the access_token.
Upvotes: 2
Related Questions
- How does SSO (Single Sign On) work
- How does social oauth really works?
- How does facebook token works?
- O-auth flow explanation in the case below?
- About the "Login with Facebook" mechanism
- About Facebook Login Procedure
- iphone SSO Facebook implementation
- Facebook client-side OAuth 2.0 questions
- Explain how FB connect authentication works
- How does CAS Authentication and Facebook connect for SSO works?