A servlet that handles requests for logging in via Facebook OAuth,
including handling login callbacks from the Facebook Authorization server.
GET facebookLogin/popup
- This endpoint is reached from the client-side popup when the user clicks login.
- This servlet sends back a redirect to Facebook's login and authorization page.
GET facebookLogin/token
- The callback URL from Facebook after the user has accepted or declined authorization.
- If the user has declined, Facebook returns an error parameter in the callback URL.
1. In this case, we return some javascript code that closes the popup.
- If the user has accepted, Facebook returns a one-time auth code parameter in the callback URL.
1. In this case, we make a GET back to Facebook with the auth code, and injected app information.
2. Facebook returns an access token string in a query response.
3. We then need to verify this access token, which also requires making another GET to Facebook for an app token.
4. Facebook returns this app token in a query string response.
5. Once we have both tokens, we make a GET to Facebook to verify the access token.
6. This returns a JSON that has keys is_valid and user_id.
7. If is_valid is true, we know that the token is authentic and are able to take the user_id and generate a security token.
8. Lastly, we return the security token client-side via some javascript, where it is also stored locally.