How can I tell if a user is already logged in with Facebook or not?

#1

When using Facebook with register: true, how is it possible to know if the user is authenticated or not so I don’t present them the Facebook login dialog each time?

Best,

Kevin

[Edit: Moved to Sync Gateway category]

#2

You can check the GET :4984/db/_session endpoint.

It works with the following config file and curl commands:

{
  "log": ["*"],
  "databases": {
    "db": {
      "server": "walrus:",
      "users": {
        "GUEST": {"disabled": true},
        "chef123": {"password": "letmein"}
      }
    }
  }
}

With the correct password, you can log in and get back a 200 OK:

curl -vX POST -H 'Content-Type: application/json' \
       :4984/db/_session \
       -d '{"name": "chef123", "password": "letmein"}'

* Hostname was NOT found in DNS cache
*   Trying ::1...
* Connected to  (::1) port 4984 (#0)
> POST /db/_session HTTP/1.1
> User-Agent: curl/7.37.1
> Host: :4984
> Accept: */*
> Content-Type: application/json
> Content-Length: 42
> 
* upload completely sent off: 42 out of 42 bytes
< HTTP/1.1 200 OK
< Content-Length: 106
< Content-Type: application/json
* Server Couchbase Sync Gateway/1.1.0 is not blacklisted
< Server: Couchbase Sync Gateway/1.1.0
< Set-Cookie: SyncGatewaySession=481fd89a06a964cd3a25c72a63abdbef9932f1b7; Path=/db/; Expires=Sat, 18 Jul 2015 14:17:04 UTC
< Date: Fri, 17 Jul 2015 14:17:04 GMT
< 
* Connection #0 to host  left intact
{"authentication_handlers":["default","cookie"],"ok":true,"userCtx":{"channels":{"!":1},"name":"chef123"}}⏎

With a valid token:

curl -vX GET -H 'Content-Type: application/json' \
                                          --cookie 'SyncGatewaySession=3b458610b327fec75a438a5a9636a52649d23196' \
                                          :4984/db/
* Hostname was NOT found in DNS cache
*   Trying ::1...
* Connected to  (::1) port 4984 (#0)
> GET /db/ HTTP/1.1
> User-Agent: curl/7.37.1
> Host: :4984
> Accept: */*
> Cookie: SyncGatewaySession=3b458610b327fec75a438a5a9636a52649d23196
> Content-Type: application/json
> 
< HTTP/1.1 200 OK
< Content-Length: 157
< Content-Type: application/json
* Server Couchbase Sync Gateway/1.1.0 is not blacklisted
< Server: Couchbase Sync Gateway/1.1.0
< Date: Mon, 20 Jul 2015 10:52:36 GMT
< 
* Connection #0 to host  left intact
{"committed_update_seq":7,"compact_running":false,"db_name":"db","disk_format_version":0,"instance_start_time":1437389206620456,"purge_seq":0,"update_seq":7}⏎  

With an expired token:

curl -vX GET -H 'Content-Type: application/json' \
                                          --cookie 'SyncGatewaySession=3b458610b327fec75a438a5a9636a52649d2319' \
                                          :4984/db/
* Hostname was NOT found in DNS cache
*   Trying ::1...
* Connected to  (::1) port 4984 (#0)
> GET /db/ HTTP/1.1
> User-Agent: curl/7.37.1
> Host: :4984
> Accept: */*
> Cookie: SyncGatewaySession=3b458610b327fec75a438a5a9636a52649d2319
> Content-Type: application/json
> 
< HTTP/1.1 401 Unauthorized
< Content-Type: application/json
* Server Couchbase Sync Gateway/1.1.0 is not blacklisted
< Server: Couchbase Sync Gateway/1.1.0
< Www-Authenticate: Basic realm="Couchbase Sync Gateway"
< Date: Mon, 20 Jul 2015 10:51:11 GMT
< Content-Length: 50
< 
* Connection #0 to host  left intact
{"error":"Unauthorized","reason":"Login required"}⏎ 

Another way to do it is to register on the change event listener of the replication. If it sends an error with status code 401, you can prompt the user with a login screen (see todolite for a code sample).

James

#3

Hi James,

Thanks for the reply. It sounds like for Facebook credentials- registering on the change event listener of the replication is the way to go.

Best,

Kevin

#4

Hi @jamiltz,

Could I see your same example using /_facebook_token and associated curls?

Kind regards,
David