This Facebook Sequence Diagram demonstrates how a Facebook (FB) user can be authenticated in a web application to access their FB resources. Facebook employs the OAuth 2.0 protocol framework, which allows a web application (referred to as a "client") that is not usually the FB resource owner but is acting on behalf of the FB user to request access to resources controlled by the FB user and hosted by the FB server. The web application gains an access token instead of using the FB user credentials to access protected resources. Facebook requires that a web application be registered to receive an application ID (client id) and a secret (client secret).
