[? Music ?] [Code Racer] [OAuth and Facebook Applications]

With Code Racer, we decided that we were going to allow people to log in using Facebook.

This was going to be a lot easier and quicker than writing

our own authentication system.

But in order to understand how Facebook works,

first we have to understand the concept of OAuth.

The way OAuth works is with the concept of clients and resources.

Instead of me uploading all of my data to each different site I go to,

I can just have the servers talk to each other.

As an example, let's take a picture site called PicMonger,

and I want to give PicMonger access to my Facebook friend list and pictures.

Instead of giving PicMonger my Facebook login and password,

using OAuth I can just give them access to certain resources

and let Facebook protect that for me.

Let's say I actually do want to give PicMonger access.

In OAuth terms, I would be the client,

and Facebook has my data or resources,

and Facebook would be classified as the resource owner.

What would happen is I request authorization from the resource owner,

who in this case is Facebook.

The resource owner responds back with one of a few different grant types.

In this case, with using OAuth, we get back a code.

Finally, the client, in this case, me,

uses the authorization grant to get an access token from the authorization server,

and then the client sends the access token we get back

to the resource server, which then responds with the protected resource,

which in this case is my Facebook data.

Now that we know the basics of how Facebook and OAuth work,

let's go ahead and sign up to be a Facebook developer.

That will allow us to create applications that can be logged into via Facebook.

Once we're in Facebook, scroll down and click on the developer's link

at the bottom of the page.

This takes you to the Facebook developer site.

Click "Get Started."

Once the Tutorial page loads, click on "Step 1: Create a Facebook Application."

In order to do that, you'll need to go to the Developer App.

Then click on "Create a New App."

We'll call our application "Test Authentication,"

and agree to the Facebook platform policies after reading them thoroughly.

Then click "Continue."

At this point, you'll have to fill in the CAPTCHA.

Then click "Submit."

Now we can see our application preferences load.

We don't have to worry about the application display name

or application domain just yet.

We do have to set our preferences for how

the application will integrate with Facebook.

We're going to check the website button.

At this point, it will ask for a website.

Since we're going to be developing this application locally at first

on our own computer, we'll enter "local host" as the site URL.

Also, we're going to be using port 3000, so enter that here.

It's important to also add a trailing slash for the site URL

or else you'll encounter errors later on that can be difficult to debug.

Click on "Save Changes,"

and you come back to the application basic settings screen.

You can also customize the authentication dialog.

This is the Facebook authentication dialog that pops up

when your application requests access.

We don't want to change any of these things right now

since we're just doing an example.

If you wanted to add other developers and testers to the account,

you could do so inside of the roles screen.

Let's click back to settings.

We can see the name of our application up here.

We'll also need the application ID and application secret

when we start our test application.

That happens in the next video.