Facebook Login for authentication and authorization

As we mentioned in the previous lesson, our web application will need to use Facebook Login for authentication and authorization since we intend to use the Graph API to access Facebook data on behalf of our users.

We are going to set aside the authentication part for now, since authorization is the part that is much more critical to our needs for this course.

You will recall that authorization is the determination of the kinds of resources that a person (or in our case: our web application) has permission to access. These resources include data our application can read and operations that our application can perform.

Authorization with tokens

In Facebook Graph API, presenting the access token demonstrates the authorization to access any given resource. Certainly, getting your hands on a proper access token requires navigating through some authentication steps and transacting back and forth with Facebook. While we are going to cover those details in a later lesson, what matters right now is this: If you have a proper token, Facebook will give you access to the corresponding resources.

Do you remember the example about the backstage concert pass in the previous lesson? When a person finally showed up at the backstage VIP entrance, the security guard didn’t ask that person to verify their identity (to authenticate themselves). It didn’t matter who that person was or how they even got their hands on a backstage ...