83 lines
2.4 KiB
ReStructuredText
83 lines
2.4 KiB
ReStructuredText
Facebook
|
|
========
|
|
|
|
============== ===== ========
|
|
Authentication Users Password
|
|
============== ===== ========
|
|
✔ ✔
|
|
============== ===== ========
|
|
|
|
Presentation
|
|
------------
|
|
|
|
`Facebook <http://facebook.com>`__ is a famous social network service.
|
|
Facebook uses `OAuth2 <http://en.wikipedia.org/wiki/OAuth2>`__ protocol
|
|
to allow applications to reuse its own authentication process (it means,
|
|
if your are connected to Facebook, other applications can trust Facebook
|
|
and let you in).
|
|
|
|
You need
|
|
`Net::Facebook::Oauth2 <https://metacpan.org/release/Net-Facebook-Oauth2>`__
|
|
package.
|
|
|
|
You need to register a new application on Facebook to get an application
|
|
ID and a secret. See https://developers.facebook.com/apps on how to do
|
|
that.
|
|
|
|
Configuration
|
|
-------------
|
|
|
|
In Manager, go in ``General Parameters`` > ``Authentication modules``
|
|
and choose Facebook for authentication module. You can also use Facebook
|
|
as user database.
|
|
|
|
Then, go in ``Facebook parameters``:
|
|
|
|
- **Authentication level**: authentication level for this module.
|
|
- **Facebook application ID**: the application ID you get
|
|
- **Facebook application secret**: the corresponding secret
|
|
- **User field**: Facebook field that will be used as default user
|
|
identifier
|
|
|
|
If you use Facebook as user database, declare values in exported
|
|
variables:
|
|
|
|
- use any key name you want. If you want to refuse access when a data
|
|
is missing, just add a "!" before the key name
|
|
- in the value field, set the field name. You can show them using
|
|
`Facebook Graph API
|
|
explorer <https://developers.facebook.com/tools/explorer>`__ and have
|
|
a list of supported fields in the `Graph API User
|
|
reference <https://developers.facebook.com/docs/graph-api/reference/user/>`__.
|
|
For example:
|
|
|
|
- cn => name
|
|
- mail => email
|
|
- sn => last_name
|
|
|
|
|
|
.. attention::
|
|
|
|
Do not query user field in exported variables, as it is
|
|
already registered by the authentication module in ``$_user``.
|
|
|
|
|
|
.. attention::
|
|
|
|
Browser implementations of formAction directive are
|
|
inconsistent (e.g. Firefox doesn't block the redirects whereas Chrome
|
|
does). Administrators may have to modify formAction value with wildcard
|
|
likes \*.
|
|
|
|
In Manager, go in :
|
|
|
|
``General Parameters`` > ``Advanced Parameters`` > ``Security`` >
|
|
``Content Security Policy`` > ``Form destination``
|
|
|
|
|
|
.. tip::
|
|
|
|
You can use the same Facebook access token in your
|
|
applications. It is stored in session datas under the name
|
|
``$_facebookToken``\
|