Facebook App AccessToken on Client Side

Question

Facebook App AccessToken on Client Side

516 views Asked by rakeshvenkata At 13 March 2014 at 18:28

Could Facebook page Accesstoken and Signed Request be exposed in client side aka javascript. ? is it a good option to store in db or in memory on server?

FB.login(function (response) {
if (response.authResponse) {
       FB.api('/me/permissions', function (perms_response) {
                                    call to server with this response.. 
                                    }
                                });
                            } else {
                                // User cancelled login or did not fully authorize.
                            }
                        }, { scope: 'manage_pages' }                    
);

Question is the response.authResponse.accessToken, response.authResponse.userID, response.authResponse.signedRequest are visible at the client or this needs to done in server side as well

Original Q&A

There are 1 answers

**Sahil Mittal** · Answer 1 · 2014-03-14T07:42:38+00:00

Of course you can, what's the difference?

Its just that these shouldn't be requested from the client-side since client-side is exposed.

The app access token is just like a password to your app, if it gets leaked to someone, he can edit/destroy/do anything with your app!

So what you are trying to do is NOT recommended.

To get the App Access Token-

You can get it directly from here: https://developers.facebook.com/tools/accesstoken/

You can make a call here to get that-

GET /oauth/access_token?
    client_id={app-id}
    &client_secret={app-secret}
    &grant_type=client_credentials

TechQA.

Facebook App AccessToken on Client Side

There are 1 answers

Related Questions in FACEBOOK

Related Questions in FACEBOOK-GRAPH-API

Related Questions in FACEBOOK-JAVASCRIPT-SDK

Related Questions in FACEBOOK-ACCESS-TOKEN

Related Questions in FBJS

Popular Questions

Popular Tags

Trending Questions