从Android的Facebook的注册流程 [英] Facebook registration flow from Android
问题描述
我开发有它自己的注册流程,一个Web + Android应用程序。
我很容易地集成Facebook登录在网站,遵循本页面 HTTPS方案二://开发商.facebook.com /文档/ user_registration /流/
现在,我需要一键验证与FB的Android应用程序。主要的一点是,在Android应用程序进行身份验证后,我需要从我的服务器发送,当用户希望做一些操作所需的权限检查某些特定的Cookie。
问题是,我无法通过Facebook的令牌验证:从我所看到的,该令牌会即使是从其他应用程序所采取的工作,所以我不能发送私人数据的信任只有FB令牌(即使是通过SSL发送) ,因为它可能是另一个应用程序pretending它的用户。
是否有任何注册流程类似于上面用于验证Android应用的人吗?
或有任何意见,解决这个问题?
I'm developing a webapp+android app that has its own registration flow - simple authentication using email and password. I easily integrated the facebook login from the website, following the second scheme in this page https://developers.facebook.com/docs/user_registration/flows/ Now, I need to 1-click authenticate the Android application with fb. The main point is that, after the Android app is authenticated, i need to send from my server some specific cookies that are needed for permissions checks when the user wants to do some operations. The problem is that I cannot authenticate through the facebook token: from what i see, the token would work even if it was taken from another application, so I cannot send private data trusting only the fb token (even if it was sent by SSL), since it could be another app pretending it's the user. Is there any registration flow similar to the one above for authenticating android apps? Or there is any advice to overcome this issue?
推荐答案
好吧,Facebook已经通过德precating的offline_token,并提供从客户更长的访问令牌解决了这个问题。此令牌可以验证服务器端对我的应用程序ID和应用程序的秘密这一新的端点:
Ok, facebook has fixed this by deprecating the offline_token and providing a longer access token from the client. This Token can be validated server side against my app id and app secret with this new endpoint:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
这样我就可以肯定用户身份。
so I can be sure about the user identity.
这篇关于从Android的Facebook的注册流程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
