Facebook Token Login
Florentina Holcombe
To access WhatsApp Cloud API, you need a User Access Token. We have already seen how to Generate a Permanent Access Token from Business Settings. Now in this blog, we will see how to generate access tokens programmatically using Facebook Login.
This User Access Token is needed any time we call the API to read, modify or write a specific person's data on their behalf. User Access Tokens are generally obtained via a login dialog and require a person to permit your app to obtain one. Let's see this in action using a Facebook login.
To get the OAuth Access Token, firstly, we need to make an HTTP GET request to the Authorization endpoint to get the authorization code. And then we exchange this authorization code with the access token by making another HTTP GET request to the Token endpoint.
Once you hit the Authorization endpoint, you will be taken to the login dialog where you have to authenticate with Facebook. Once you allow this request, you will be redirected to the redirect URI with the authorization code.
The above access token we got in response is a short-lived user access token. These access tokens will be valid for only one hour and you can debug these access token with Facebook Access Token Debugger. We can get a long-lived token by exchanging this short-lived token. The long-lived user access token will be valid for 60 days.
And thus your thirst for more options when creating access tokens has been quenched! Our exceptional developers have shown you how to create an access token through API using a Facebook login and your gratitude is quite palpable. Remember to come back soon as we dive further into the warm, comforting, some even say soothing, waters of further integration between WhatsApp and Salesforce.
If you are interested in learning more about how we can address your complex business needs through our innovation and thought leadership, please reach out to in...@cloudperitus.com or visit our website www.cloudperitus.com.
Amazon Cognito identity pools integrate with Facebook to provide federated authentication for your mobile application users. This section explains how to register and set up your application with Facebook as an IdP.
Amazon Cognito identity pools federation isn't compatible with Facebook Limited Login. For more information about how to set up Facebook Login for iOS without exceeding the permissions set for Limited Login, see Facebook Login for iOS - Quickstart at Meta for Developers.
To add Facebook authentication, first follow the appropriate flow below to integrate the Facebook SDK into your application. Amazon Cognito identity pools use the Facebook access token to generate a unique user identifier that is associated with an Amazon Cognito identity.
To create your own custom schema of attributes to principal tags, choose Use custom mappings. Then enter a Tag key that you want to source from each Claim that you want to represent in a tag.
To add Facebook authentication, first follow the Facebook guide and integrate the Facebook SDK into your application. Then add a Login with Facebook button to your Android user interface. The Facebook SDK uses a session object to track its state. Amazon Cognito uses the access token from this session object to authenticate the user, generate the unique identifier, and, if needed, grant the user access to other AWS resources.
The Facebook login process initializes a singleton session in its SDK. The Facebook session object contains an OAuth token that Amazon Cognito uses to generate AWS credentials for your authenticated end user. Amazon Cognito also uses the token to check against your user database for the existence of a user that matches this particular Facebook identity. If the user already exists, the API returns the existing identifier. Otherwise, the API returns a new identifier. The client SDK automatically caches identifiers on the local device.
To add Facebook authentication, first follow the Facebook guide and integrate the Facebook SDK into your application. Then add a Login with Facebook button to your user interface. The Facebook SDK uses a session object to track its state. Amazon Cognito uses the access token from this session object to authenticate the user and bind them to a unique Amazon Cognito identity pools (federated identities).
When you implement the logins method, return a dictionary that contains AWSIdentityProviderFacebook. This dictionary acts as the key, and the current access token from the authenticated Facebook user acts as the value, as shown in the following code example.
When you instantiate the AWSCognitoCredentialsProvider, pass the class that implements AWSIdentityProviderManager as the value of identityProviderManager in the constructor. For more information, go to the AWSCognitoCredentialsProvider reference page and choose initWithRegionType:identityPoolId:identityProviderManager.
When you implement the logins method, return a dictionary containing AWSIdentityProviderFacebook. This dictionary acts as the key, and the current access token from the authenticated Facebook user acts as the value, as shown in the following code example.
To add Facebook authentication, follow the Facebook Login for the Web and add the Login with Facebook button on your website. The Facebook SDK uses a session object to track its state. Amazon Cognito uses the access token from this session object to authenticate the user, generate the unique identifier, and, if needed, grant the user access to other AWS resources.
The Facebook SDK obtains an OAuth token that Amazon Cognito uses to generate AWS credentials for your authenticated end user. Amazon Cognito also uses the token to check against your user database for the existence of a user matching this particular Facebook identity. If the user already exists, the API returns the existing identifier. Otherwise a new identifier is returned. Identifiers are automatically cached by the client SDK on the local device.
To add Facebook authentication, first follow the Facebook guide and integrate the Facebook SDK into your application. Amazon Cognito uses the Facebook access token from the FB object to generate a unique user identifier that is associated with an Amazon Cognito identity.
On September 25th, 2018, Facebook learned from its engineering team that a security vulnerability compromised around 50 million accounts. While the investigation is still in progress, Facebook already has defined the attack surface and vulnerabilities that led to the attack along with identity data that was compromised.
Through this vulnerability, attackers were able to steal Facebook access tokens. An access token is a credential that can be used by an application to access an API. Its main purpose is to inform the API that the bearer of this token has been authorized to access the API and perform specific actions. In this case, an attacker could have used the Facebook access tokens to take over accounts.
As a result of these security measures, about 90 million users will have to log back into the Facebook platform. Other applications that use Facebook login are also impacted and will require users to re-authenticate. Facebook wants to remain transparent and direct in the acknowledgment and communication of this security breach. Once affected users log back into their accounts, they will receive a notification at the top of their News Feed with an explanation of what has happened and what actions were taken.
As a final precaution, Facebook has turned off the "View As" feature to run a security review as part of their investigation. As the security investigation is on its early stage, Facebook has yet to determine if any of the compromised accounts had their data accessed or misused. The identity or location of the attackers is also unknown at this time. Facebook vows to keep users updated on the evolution of the investigation.
On a statement on his personal page, Mark Zuckerberg, Facebook CEO, issued a statement summarizing the nature of the data breach. Part of his statement includes the assessment that new tools need to be developed to prevent attacks like this from being successful:
"We face constant attacks from people who want to take over accounts or steal information around the world. While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place. If you've forgotten your password or are having trouble logging in, you can access your account through the Help Center."
Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit
4a15465005