Facebook的如何验证移动应用 [英] How does Facebook verifies mobile apps
问题描述
假设你建立它使用Facebook登录原生Android应用程序。对于首先你必须建立一个Facebook应用程序和配置您的Android应用程序包名,类名,重点哈希。我假定应用程序的真实性通过该密钥散列验证。但问题是,我们在配置Facebook应用程序,此键后,我们从来没有配置它在我们的移动应用程序或将其发送给Facebook,当我们进行API调用。那么,如何Facebook的验证,这是一个正在API调用原始应用?
Assume that you build a native android app which uses Facebook login. For that first you have to build a Facebook app and configure Package Name, Class Name, Key Hashes of your android app. I assume the authenticity of app is validated through this Key hash. but the problem is after we configure this key in Facebook app, we never configure it in our mobile app or send it to Facebook when we make API calls. So how does the Facebook validates that this is the original app which is making the API call?
推荐答案
当你把一个应用到设备上(无论是通过Eclipse /的IntelliJ或通过建立一个.apk文件)你用钥匙签名。当你使用SSO通过Facebook登录,原生的Facebook应用程序可以调用应用程序的签名,并将其传递到得到验证服务器。
Whenever you put an app onto a device (whether via eclipse/IntelliJ or by building a .apk) you're signing it with a key. When you log in via Facebook using SSO, the native Facebook app can get the signature of the calling app, and passes it to the server to get verified.
这篇关于Facebook的如何验证移动应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
