Android的Facebook登录和Web服务器 [英] Android Facebook login and to web server

问题描述

我开发一个Android应用程序，以及一个网站（确实有与Android客户端通信以及）。我想用FB登录，但我看到的问题是这样的：

I'm developing an Android app as well as a website (that does have communication with the Android client as well). I want to use FB login, but the problem I see is this:

客户端，使用FB登录，然后得到一个access_token。

Client, Use FB login and then gets an access_token.

如何客户端和Web服务器进行通信只使用该access_ code，因为Web服务器需要知道哪个帐户的客户端是指。我也想实现在网站上FB登录为好。

How does Client and Web Server communicate just using this access_code since the Web Server needs to know which account the Client is referring to. I also want to implement FB login on the web site as well.

一种方法，我的想法是：

One method I was thinking was:

客户端登录： 1）使用FB登录并获得access_token。 2）使用access_token得到一些用户信息。 3）给Web服务器access_token和用户信息。 4）Web服务器也执行与access_token相同的FB的操作和检索用户信息。 5）验证用户信息的匹配，并确定基于该用户帐户。 6）建立客户端和Web服务器之间的另一个access_token该链接。

Client Login: 1) Use FB login and get access_token. 2) Use access_token to get some User info. 3) Give access_token and User info to web server. 4) Web server also performs the same FB operation with the access_token and retrieves the User info. 5) Validate the User info matches and determine the user account based on that. 6) Establish another access_token between Client and Web Server for this link.

难道这甚至让更多的有效的或者只是做了登录和检索用户的电子邮件地址作为实际的帐户，并告诉Web服务器，这是要使用的帐户。

Does this even make it any more valid or perhaps just doing the login and retrieving the user email address as the actual account and tell the Web Server this is the account to use.

或其它方式已经有人这样做？

Or has someone done this in another way?

推荐答案

有关您的客户端/服务器，你应该使用自己的客户端编号之间的通信。
不要在access_token Facebook的接力给你，因为它在几个场景改变。
收到电子邮件也不是一个完整的解决方案，因为用户可以决定不给你他们的邮件。

For the communication between your client/server you should use your own client Id.
Don't relay on the access_token facebook gives you because it changed in several scenarios.
Getting the email is also not a full solution because users can decide not to give you their mail.

在一般需要实现Facebook连接到两侧。

In general you need to implement Facebook Connect on both sides.

1.连接至Facebook
从用户2.注册权限（读这里的权限： HTTP：//developers.facebook .COM /文档/参考/ API /许可/ ）
3.Register它作为你的用户，并给他一个ID（您可以使用Facebook的uid如果你想）。

1.Connect to facebook
2.Get permissions from the user (read about permissions here: http://developers.facebook.com/docs/reference/api/permissions/)
3.Register it as your user and give him an id (you can use facebook uid if you want).

用户返回到您的网站/应用程序时，你需要重新登录了他，得到他的uid和查询您的服务器的用户详细信息。

When the user returns to your site/app you need to login him again, get his uid and query your server for the user details.

一件事有关access_token，你需要它来查询Facebook的API。你可以从Facebook的每一次使用Facebook的得到它的用户登录你的网站/手机或可以请求offline_access权限的用户，然后你就会有相同的access_token，直到用户在Facebook的等更改其密​​码（阅读更多关于它的文档）。
这种方法可以让你查​​询的Facebook的API，虽然目前没有登录到您的网站的用户。

One thing about the access_token, you need it to query facebook's api. you can get it from facebook every time a user login to your site/mobile using facebook or you can request the user for offline_access permission and then you'll have the same access_token until the user changes their password at facebook etc. (read more about it on the docs).
This method allows you to query facebook api's although the user isn't currently logged in to your site.

这篇关于Android的Facebook登录和Web服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！