Apple登录:Apple是否永久返还“用户"凭证? [英] Apple Sign In: Is 'user' credential returned by Apple permanent?

问题描述

我能够成功访问Apple作为其新版(WWDC '19-iOS 13)使用Apple库登录所返回的凭据.

I am able to successfully access the credential returned by Apple as part of it's new (WWDC '19 -- iOS 13) Sign In With Apple library.

可以通过以下委托方法访问凭据:

The credential is accessed in this delegate method:

extension ViewController: ASAuthorizationControllerDelegate {
    func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {
        if let appleIDCredential = authorization.credential as? ASAuthorizationAppleIDCredential {
         //here is credentials . 
        }
    }
}

然后使用"user"属性提取用户ID:

One then uses 'user' property to extract the user id:

credential.user 
//returns, for example, '000046.20082df1df9a41b78cd1552979288e19.2346' (dummy value)

对于特定的AppleID(也许是特定的应用程序)，此用户"属性是否被理解为静态/永久?

(我正在访问同步API，并希望从该44个字符的Apple用户"凭据中对用户凭据进行硬编码.)

(I am accessing a sync API and would like to hardcode user credentials from that 44 character Apple 'user' credential.)

推荐答案

ASAuthorizationAppleIDCredential的用户标识符属性是Apple ID和开发团队之间的稳定唯一标识符.应用程序吊销不会影响用户ID的稳定性.这也意味着，在开发人员团队的一组应用程序中，用户ID相同，从而使其最适合开发人员应用程序之间的同步.

The user identifier property of ASAuthorizationAppleIDCredential is a stable unique identifier between an Apple ID and Developer Team. Application revocations will not affect the stability of the user ID. This also means that among a developer team's set of applications the user ID will be the same, making it optimal for synchronization among a developer's apps.

将应用程序从一个开发人员团队转移到另一个开发人员团队，确实会导致用户标识符发生更改，因为每个团队的作用域是一个稳定的用户标识符.

Transferring an application from one developer team to another will indeed cause the user identifier to change, since it's scoped as a stable user identifier per team.

转让使用Apple登录功能的应用程序的最佳做法是使用Apple API端点将旧团队的用户ID与新团队的用户ID映射.如果由于某种原因开发人员不使用API​​端点，则 AuthenticationServices 通过接受ASAuthorizationAppleIDRequest中的旧用户ID来支持应用程序传输，并将返回新的用户ID.

The best practice when transferring an app that uses Sign in with Apple will be to use an Apple API endpoint to map the user IDs for the old team with user IDs for the new team. If for some reason a developer does not use the API endpoint, AuthenticationServices supports application transfers by accepting the old user ID in an ASAuthorizationAppleIDRequest and the new user ID will be returned.

通常， AuthenticationServices 会做正确的事情.但是，如果用户删除与Team A关联的应用程序(并使用Apple登录该应用程序)，然后重新安装现在与Team B关联的应用程序，则将两个用户ID关联起来的唯一方法是使用API端点.

Generally, AuthenticationServices will do the right thing. However, if a user deletes an app associated with Team A (and used Sign in with Apple for said app), then reinstalls the same app now associated with Team B, the only way to associate the two user IDs will be by using the API endpoint.

资料来源:我是负责与Apple一起登录的团队的工程师.

Source: I'm an engineer on the team responsible for Sign in With Apple.

这篇关于Apple登录:Apple是否永久返还“用户"凭证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！