With the SDK, the client app receives a user access token containing the account identifier once the person has been successfully authenticated.
"In your app's dashboard, there is a switch labeled Enable Client Access Token Flow. When that switch is on, your client application will (after a successful login) directly receive a long-lived access token, which it is then responsible for securely passing to your server to be used in API calls," the developer's guide for Account Kit says.
An alternative method sends the client app an authorization code, which is passed to the application server and exchanged for the user access token. The user access token resides on the server and is used to authenticate server-to-server calls.
Developers can use the SDK to build and customize the login interface.
- The iOS SDK provides customizable view controllers to manage the flow, so developers simply need to present the view controller to get started.
- The Android SDK provides an activity, so the developer only needs to start the activity. There are two intent codes: successful login or failed login.
- The JS SDK provides a login API to manage the login flaw, so developers can call accountkit.login.
"You can use the Account Kit Graph API to retrieve and verify user access tokens, access basic account information, and delete accounts," Facebook said.
Sign up for CIO Asia eNewsletters.