[Catalyst-dev] RFC for Facebook Credential

[J. Shirley]

I'm writing a Facebook credential, and have encountered a bit of a
snag and looking for feedback on the best (or at least, most
appropriate way) of solving it.

The workflow in this case is:

1) User clicks "Login via Facebook"
2) User is taken to Facebook to provide username/password
3) User is redirected back to Catalyst application

The major difference between this workflow and OpenID, is the Facebook
step that the user has to "accept" the application.  At this point,
Facebook sends a POST request back to the authenticating application.

So, the request cycle is coming from two sources, where Facebook
provides the user information.  The only way to preserve this
information in step #3 is to cache the POST that Facebook sends in
step #2.

There is an auth_token on step #3, so it's trivial to implement the
cache cycle (step 2 stores $c->cache->{$auth_token} = $response, step
3 does my $user = $c->cache->{$auth_token})

But... it seems that requiring Cache to be loaded is less than ideal,
but I just can't think of any other way to do this.

(Also, there are other ways to authenticate via Facebook, and if
you're writing a Facebook -app- this isn't particularly necessary
since Facebook acts as a proxy.  I'm not addressing those other cases,
only this one specifically)

Thanks,
-J