I'm building an app for which I need an API which I'm building in Flask. I've got Facebook login working in the app, which returns the facebook token. I then post that token to my own server with which I call the facebook api from my server to A) confirm the token is a correct facebook token, and B) get the user info from Facebook. This works fine now.
The next step is to actually keep the user logged in within Flask which, as far as I understand, I need to do with "a token". Since I already have a facebook token, I now wonder: can I simply store the facebook token somehow and use that as a token, or do I need create another token within Flask and supply that to the app?
And if I can indeed store that facebook token as a means to authenticate the user on the app, how should I store it? Simply in my database with the user? And can I then be sure that if a user sends that token along (via ssl of course), that he is the user which I have stored with that token in my DB?
All tips are welcome!
Aucun commentaire:
Enregistrer un commentaire