Understanding Authorization and Authentication

From Facebook Developer Wiki

Jump to: navigation, search

You've built your application, now you need to get your users engaged. Where do you start?

When a user visits your canvas page or your site, you can provide that user with as much interaction as you want without having them authorize your application or connect to your site. In the case of applications, you already get some user data when the user first visits your canvas page -- the user's public search listing data (see Automatic Authentication for details).

You should authorize a user when you need to get more data from that user than is available in the public search listing, when you want to communicate with the user via notifications or email, or when you want to publish to the user’s profile or stream.

There are two components at work here: authorization and authentication. Authorization is when a user agrees to your application or site’s terms of service, and is a one time event. Authentication is the act of verifying the login status of a user visiting your application or site, and if necessary, logging that user in. Often, the two are intertwined in the same action, like when a user connects accounts between a website and Facebook.

In general, the login process is similar among the various Facebook products (applications on Facebook, Facebook Connect, Facebook Connect for iPhone, Facebook Mobile, Facebook desktop applications). This article discusses the shared commonalities as well as the differences among them.

You also may need to prompt your users for additional, extended permissions so your application can perform actions like publish posts to the user’s stream, upload photos on the user’s behalf, or send email or SMS to the user.

How Do I Implement Authorization?

To get started, read the article appropriate to the type of application or site you are building:

Retrieved from "http://wiki.developers.facebook.com/index.php/Understanding_Authorization_and_Authentication"
reference