5. Login to Facebook - TomGrill/gdx-facebook GitHub Wiki

FYI: When we talk about login in this article we actually talking about gaining an access token which authorizes us to do stuff on the user's behalf.

Facebook docs suggest to login once with basic permissions and request additional permissions only when required.

The basic permissions are "email", "public_profile" and "user_friends".

You can only request read OR publish permissions when logging in.

If you need read permissions use: signIn(SignInMode.READ, ...)

If you need publish permissions use: signIn(SignInMode.PUBLISH, ...)

Logging in with basic read permissions:

Array<String> permissions = new Array<String>();
permissions.add("email");
permissions.add("public_profile");
permissions.add("user_friends");

gdxFacebook.signIn(SignInMode.READ, permissions, new GDXFacebookCallback<SignInResult>() {
	@Override
	public void onSuccess(SignInResult result) {
		// Login successful
	}

	@Override
	public void onError(GDXFacebookError error) {
		// Error handling
	}

	@Override
	public void onCancel() {
		// When the user cancels the login process
	}

	@Override
	public void onFail(Throwable t) {
		// When the login fails
	}
});

To determine if user is logged in, send a token from SignInResult to the server. It is a string with 255 characters at max(facebook devs store it as varchar(255)).

On the server then call GET request with this URL https://graph.facebook.com/me?access_token=token_goes_here

Error result looks like this:

{
   "error": {
      "message": "Invalid OAuth access token.",
      "type": "OAuthException",
      "code": 190,
      "fbtrace_id": "" // Random characters here
   }
}

Valid will look like this

{
   "name": "Denis Virtuoso", // Account name and surname
   "id": "1567835371321450" // Account identity, same as profile id
}

It is advisable to crypt the data when you write it to the database. In order to protect privacy of the users when database leak will occur. It will eventually. It will.