LSTANCZYK
3/21/2017 - 4:43 PM

Using a facebook token to authenticate your web api

Using a facebook token to authenticate your web api

public class TokenValidationAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
        var token = actionContext.Request.Headers.GetValues("Token").First();
        if (this.IsTokenValid(token))
        {
            base.OnActionExecuting(actionContext);
            return;
        }

        actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden)
                                     {
                                         Content = new StringContent("Unauthorized User")
                                     };
    }

    public bool IsTokenValid(string token)
    {
        using (var client = new WebClient())
        {
            var result =
                client.DownloadString(
                    string.Format(
                        "https://graph.facebook.com/debug_token?input_token={0}&access_token={1}",
                        token,
                        YourFacebookApiKey));
            var facebookToken = JObject.Parse(result);

            return (bool)facebookToken["data"]["is_valid"];
        }
    }
}