Facebook Mobile Hack Demo

client-side-authentication.rb

# Login endpoint for client side flow
# Takes a token paremeter and creates a user if necessary
post "/auth" do
  client = Facebook.exchange_token(params[:token])
  user = User.from_facebook(client)
  session[:user] = user.uid
  redirect '/'
end

javascript-auth.js

$(function() {
  FB.init({
    appId   : App.appId,
    cookie  : true,
    oauth   : true
  });

  // If user is not logged in, we try to authenticate from Facebook.
  if (!App.userId) {
    
    // Query Facebook API for authentication data
    FB.getLoginStatus(function(response) {
      
      // The user already connected to the app, so we just need to 
      // send the access token to login the user.
      if (response.status === 'connected') {
        $('#access-token').val(response.authResponse.accessToken);
        $('#auth-form').submit();
      }
      else {
        // The user hasn't connected yet, so we redirect to the 
        // Facebook Authentication Dialog.
        window.location = App.authUrl;
      }
    });
  }
});

server-side-authentication.rb

# Callback endpoint for server side flow
# Takes a OAuth code parameter and creates a user if necessary
get "/auth" do
  client = Facebook.exchange_code(params[:code], url('/auth'))
  user = User.from_facebook(client)
  session[:user] = user.uid
  redirect '/'
end