Facebook login using Facebook JavaScript SDK: How is it working under the hood? How is my application (running on mydomain.com) able to get user details from another domain (facebook.com). I was under the impression that the OAuth2 login always needs a redirect to the app server. Is it using implicit flow? even implicit flow needs a redirect to the app server, isn't it? Or is it not using OAuth2 at all?
Asked
Active
Viewed 101 times
0
-
1The actual login part, with the user interaction, needs to happen under the OAuth provider’s domain. But after that, it’s just cookies and cross-domain requests in the background. – CBroe Apr 09 '20 at 08:02
-
Thanks @CBroe. I understand the first part. My question is, if I am sending an XHR request or Rest requests to another domain (facebook.com) will that request send cookies/sessionids (facebook session) along. – so-random-dude Apr 10 '20 at 17:50
-
1Depends on the specifics of the request. CORS must be enabled, the cookies must have been set with appropriate parameters in the first place, and the code might need to explicitly set a flag to send credentials cross-domain. – CBroe Apr 14 '20 at 06:22
-
@CBroe . Thanks for the tip. On a quick googling I came across this one https://stackoverflow.com/questions/46288437/set-cookies-for-cross-origin-requests . Is this what's happening. – so-random-dude Apr 14 '20 at 20:42