The Facebook example is structurally very similar to the Twitter example we just saw. Facebook has two different API standards, the original REST API and the Facebook Graph API. While both are currently supported, the Graph API is the recommended way to develop new Facebook applications. Tornado supports both APIs in the auth module, but we will focus on the Graph API in this example.

In order to prepare for this example, you will need to sign in to Facebook’s developer site and create a new application. You will be asked to name your application and asked to prove you are not a robot. In order to authorize users from your own domain, you will need to specify your application’s domain name. Then click the “Website” box under the “Select how your app integrates with Facebook” heading. You will need to enter your site’s URL here as well. For a more complete guide to setting up a Facebook app, the developer guides are a good start: https://developers.facebook.com/docs/guides/web/.

Once your application is set up, you will use the application ID and secret provided in the Basic Settings page to connect to the Facebook Graph API.

Recall from the previous section that the single sign-on workflow will direct a user to the Facebook platform to authorize the application, and Facebook will use an HTTP redirect to send the user back to your server with an authorization code. Once you receive the request with the code, you must request the authorization ...