I am developing an app that is similar to Tinder:
I am trying to develop an app, and I have until now a simple vertifation logic, I am pretty sure that this is not the best solution, but I would like to know what you think about it:
1) The user recieves a unique access token from Facebook SDK and sends it to the server that I created. The access token saved in the user schema and updated every time the user logged in.
2) Every time the user sends a post request, our server checks that the access token is correct, and if not it doesn't response.
3) It checks the user id, and only shown imaged can be checked.
Now what i am asking is:
Is it a good security solution?
What do you think about it?
I am trying to develop an app, and I have until now a simple vertifation logic, I am pretty sure that this is not the best solution, but I would like to know what you think about it:
1) The user recieves a unique access token from Facebook SDK and sends it to the server that I created. The access token saved in the user schema and updated every time the user logged in.
2) Every time the user sends a post request, our server checks that the access token is correct, and if not it doesn't response.
3) It checks the user id, and only shown imaged can be checked.
Now what i am asking is:
Is it a good security solution?
What do you think about it?