Direct API Social Auth Setup

Q: I want to use Facebook with AuthRocket, but use the API directly. How do you recommend I do this?


A: Let’s approach this is 3 ways.

a) One is to go forward with the LoginRocket setup first just to get things going. Social Auth in particular can be tricky and it can be easier to debug this way if it gives you any trouble.

b) Use a hybrid approach. Handle everything else inside your app, but let LoginRocket quietly handle just the social auth. In this case, you’ll setup Facebook pretty much as documented on the Authenticating with Facebook page.

However, instead of using LoginRocket to perform any logins, you’ll still have the Login with Facebook button on your own site. That button will link back to LoginRocket, which will automatically build the proper URL for Facebook, redirect the user, and handle the incoming token from Facebook. LoginRocket will then handoff a normal AuthRocket login token to you using our standard Login Handler URL (which, if you’re handling password auth inside your app, you might not have and will need to create).

The URL for the Login with Facebook button will be roughly this:

https://yourapp.e1.loginrocket.com/auth/facebook

See: Initiate with Social Provider

c) The last approach is to skip LoginRocket completely and just go with your own code and our API. The differences in implementation (as compared to the Facebook Setup page) are as follows:

  • Skip step 1.

  • Perform steps 2-4 as listed, except where the instructions show to insert a *.loginrocket.com URL into Facebook, give it a URL for your own app instead. At that URL, your app will need to accept the inbound Facebook token/code and then send it back to us using the Authenticate Using a Provider’s Token method.

  • Perform step 5. Obviously instead of testing via LoginRocket, you’ll need to add a Login with Facebook button into your own app and test that way. The login button should use a URL from: List Authorization URLs. These URLs can’t be cached, so to improve performance, link back to your own app instead, and have your app query List Authorization URLs and issue a redirect. (This way the URL doesn’t have to be queried except when the user actually wanted it.)

  • Perform step 6.

  • One other note, if you’re using a Facebook SDK directly (mobile only; not recommended for web), you can also send us the post-authorized access_token pulled from the SDK using the Authenticate Using an Access Token API call instead of the API mentioned above for steps 2-4.

As you can see, the hybrid approach is simpler than the 100% API approach, but either works great once setup is complete.

Tagged with: social auth facebook

Questions? Find a Typo? Get in touch.