That's actually the Facebook token. Facebook's JS API will give you a
token that lasts for about an hour. You have to use your app's ID and
secret to make a server-side request and upgrade that short token to a
long-lived (~60 day) token.
I'm not acting as an OAuth provider, just storing credentials and that
token in a local database.
Sebastian Bensusan <mailto:sbe...@gmail.com>
December 15, 2014 at 3:05 PM
Thanks Sam.
The gist is very helpful (as well as the Friend + Liberator post). I
see you are generating and maintaining your own tokens (" exchange for
long-lived token").
Did you write custom code for this or is there some library I should
look at?
Sebastian
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient
with your first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to clojure+unsubscr...@googlegroups.com
<mailto:clojure+unsubscr...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
Sam Ritchie <mailto:sritchi...@gmail.com>
December 15, 2014 at 6:54 AM
I've just implemented this with Facebook login on a single-page app
using Om and Sente. I'm planning on writing it up (who ISN'T planning
on writing up all their open source stuff in glorious detail? Imagine
the blog posts!!), but before I get around to code I can offer my
little state flow chart I wrote up before coding:
https://gist.github.com/sritchie/8e137d8727f409826005
Facebook has a nice guide on how to think about this:
https://developers.facebook.com/docs/facebook-login/multiple-providers
The trickiness has to do with allowing users to merge accounts.
Not sure if it's clear from that gist, but we decided to auto-generate
usernames for users that signed up with Facebook, and not set a
password at all. If a user goes into their profile and tries to unlink
Facebook, if they haven't set a password, an alert'll pop up saying
"Whoops! You need to set a password to unlink."
Pinterest does a nice job making signup with another provider or your
account really easy.
Sebastian Bensusan <mailto:sbe...@gmail.com>
December 15, 2014 at 4:50 AM
Users should also be able to authenticate using my site credentials OR
Linkedins. I thought friend-oauth would be useful to allow the
Linkedin authentication.
I am a little lost on where to start. I could start from my own auth
and then add Linkedin to it with friend, or start with friend and add
my own auth service around it.
On Monday, December 15, 2014 11:42:36 AM UTC+1, David Della Costa wrote:
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient
with your first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to clojure+unsubscr...@googlegroups.com
<mailto:clojure+unsubscr...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
Dave Della Costa <mailto:ddellaco...@gmail.com>
December 15, 2014 at 3:42 AM
I'm a bit confused--if you are building your own oauth2 server (correct
me if I misunderstood--you want users to use oauth2 to authenticate
against your own service?), what purpose does a Friend workflow have in
this context? Seems like you could skip Friend altogether.
DD
Sebastian Bensusan <mailto:sbe...@gmail.com>
December 15, 2014 at 1:40 AM
Hi Dave,
I am planning to use friend-oauth2 to handle "third party workflows".
It is exactly what I need to consume third party oauth services, but
from what I understood from the source code, it doesn't help me offer
my own oauth service. I'm struggling with the design for an oauth
service that integrates directly with friend.
Thanks for your answer!
Sebastian
On Monday, December 15, 2014 6:58:55 AM UTC+1, David Della Costa wrote:
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient
with your first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to clojure+unsubscr...@googlegroups.com
<mailto:clojure+unsubscr...@googlegroups.com>.
For more options, visit https://groups.google.com/d/optout.
--
Sam Ritchie (@sritchie)
Paddleguru Co-Founder
703.863.8561
www.paddleguru.com <http://www.paddleguru.com/>
Twitter <http://twitter.com/paddleguru>// Facebook
<http://facebook.com/paddleguru>
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
---
You received this message because you are subscribed to the Google Groups "Clojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to clojure+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
