Question regarding facebook auth in TodoLite app

[Traun Leyden]

User question via email:

I have seen facebook auth in the todolite phonegap app….Is this for sync-gw user authentication or general user authentication?

The Facebook auth is for both user creation and authentication.  

Here's how it works:

1. TodoLite calls the Facebook SDK API to authenticate the user with Facebook, and ends up getting an access token back from Facebook

2. TodoLite calls Couchbase Lite to start a replication, and uses the Authenticator.createFacebookAuthenticator() method to do this, passing the Facebook access token.

3. Couchbase Lite sends a POST request to the Sync Gateway /db/_facebook endpoint, which is handled by handleFacebookPOST()

4. With the incoming POST request pending, Sync Gateway takes the access token and contacts the Facebook Graph API directly, passing in the access token and getting back the Facebook user id and email

5. It will check if there is an existing Sync Gateway user corresponding to that Facebook user id (it used to be based on email in older versions of Sync Gateway).  If that Sync Gateway user does not already exist, it will create it.  Then it creates a session and returns the session id in a cookie on the response to the POST request to the /db/_facebook endpoint.

6. Couchbase Lite stores the session cookie and uses it to authenticate future requests to the Sync Gateway.

If the user then opens the app up on another device and logs in via facebook, the same steps as above will happen, except that in step 5. the user will already exist and so will not be created.

HTH