Understanding the "Login with Facebook" Authorization Flow

Learn the authorization flow of "Login with Facebook" in detail.

The typical OAuth2 flow

The “Login with Facebook” flow runs very much according to the OAuth2 protocol, proceeding as you would expect. If you are not familiar with OAuth2, we will walk through an example here to illustrate how the “Login with Facebook” flow works. By the end of this lesson, you will be equipped to navigate OAuth2 flows not only for Facebook but also for other providers including:

  • Google
  • Twitter
  • GitHub
  • StackExchange

Previously we talked about the difference between authentication and authorization. Recall that authentication is the verification of a user’s identity, while authorization is that user giving permission to access their resources. This all comes into play when we talk about OAuth2 and Facebook Login.

Owners, resources, servers, and clients

In the OAuth2 world, any piece of data is a resource. A user’s name, email address, most recently liked post, list of friends — each of these are resources. The resource owner is the user.

Facebook ...

Get hands-on with 1400+ tech skills courses.