Facebook Oauth 登出 [英] Facebook Oauth Logout
问题描述
我有一个使用 Oauth 2 与 Facebook 集成的应用程序.
I have an application that integrates with Facebook using Oauth 2.
我可以通过 FB 进行授权并完美地查询他们的 REST 和 Graph API,但是当我授权时,会使用 FB 创建一个活动浏览器会话.然后我可以很好地注销我的应用程序,但是与 FB 的会话仍然存在,所以如果其他人使用浏览器,他们将看到以前的用户 FB 帐户(除非以前的用户也手动注销了 FB).
I can authorize with FB and query their REST and Graph APIs perfectly well, but when I authorize an active browser session is created with FB. I can then log-out of my application just fine, but the session with FB persists, so if anyone else uses the browser they will see the previous users FB account (unless the previous user manually logs out of FB also).
我采取的授权步骤是:
- 致电 [链接:graph.facebook.com/oauth/authorize?client_id...]
如果用户的浏览器还没有活动的 FB 会话,则此步骤将打开 Facebook 登录/连接窗口.一旦他们登录到 Facebook,他们就会使用我可以交换 oauth 令牌的代码重定向到我的网站.
This step opens a Facebook login/connect window if the user's browser doesn't already have an active FB session. Once they log-in to facebook they redirect to my site with a code I can exchange for an oauth token.
- 使用 (1) 中的代码调用 [LINK: graph.facebook.com/oauth/access_token?client_id..]
现在我有一个 Oauth 令牌,并且用户的浏览器已登录到我的网站和 FB.
Now I have an Oauth Token, and the user's browser is logged into my site, and into FB.
- 我调用了一堆 API 来做事:即 [LINK: graph.facebook.com/me?access_token=..]
假设我的用户想退出我的网站.FB 条款和条件要求我执行单点注销,因此当用户退出我的网站时,他们也会退出 Facebook.有人认为这有点愚蠢,但如果有任何方法可以真正实现这一点,我很乐意遵守.
Lets say my user wants to log out of my site. The FB terms and conditions demand that I perform Single Sign Off, so when the user logs out of my site, they also are logged out of Facebook. There are arguments that this is a bit daft, but I'm happy to comply if there is any way of actually achieving that.
我看到了以下建议:
A.我使用 Javascript API 注销:FB.Connect.logout().好吧,我尝试使用它,但它没有用,我不确定它到底是怎么用的,因为我没有在我的网站上以任何方式使用 Javascript API.会话不是由 Javascript API 维护或创建的,所以我不确定它应该如何过期.
A. I use the Javascript API to logout: FB.Connect.logout(). Well I tried using that, but it didn't work, and I'm not sure exactly how it could, as I don't use the Javascript API in any way on my site. The session isn't maintained or created by the Javascript API so I'm not sure how it's supposed to expire it either.
B.使用 [链接:facebook.com/logout.php].这是前一段时间 Facebook 论坛的管理员建议的.给出的示例与获取 FB 会话(非 oauth)的旧方法有关,因此我认为我不能将其应用于我的情况.
B. Use [LINK: facebook.com/logout.php]. This was suggested by an admin in the Facebook forums some time ago. The example given related to the old way of getting FB sessions (non-oauth) so I don't think I can apply it in my case.
C.使用旧的 REST api expireSession 或 revokeAuthorization.我尝试了这两种方法,虽然它们确实使 Oauth 令牌过期,但它们不会使浏览器当前使用的会话无效,因此它没有任何影响,用户不会从 Facebook 注销.
C. Use the old REST api expireSession or revokeAuthorization. I tried both of these and while they do expire the Oauth token they don't invalidate the session that the browser is currently using so it has no effect, the user is not logged out of Facebook.
我真的有点不知所措,Facebook 文档是零散的、模棱两可的,而且非常糟糕.论坛上的支持是不存在的,目前我什至无法登录 facebook 论坛,除此之外,他们自己的 FB Connect 集成甚至在论坛本身上都不起作用.不会激发太多信心.
I'm really at a bit of a loose end, the Facebook documentation is patchy, ambiguous and pretty poor. The support on the forums is non-existant, at the moment I can't even log in to the facebook forum, and aside from that, their own FB Connect integration doesn't even work on the forum itself. Doesn't inspire much confidence.
希望您能提供任何帮助.德里克
Ta for any help you can offer. Derek
ps.不得不将 HTTPS 更改为 LINK,没有足够的 karma 发布链接,这可能足够公平.
ps. Had to change HTTPS to LINK, not enough karma to post links which is probably fair enough.
推荐答案
我遇到了同样的问题.我也使用 oauth 登录(我使用的是 RubyOnRails),但对于注销,我使用 JavaScript 使用如下链接进行登录:
I am having the same problem. I also login using oauth (I am using RubyOnRails), but for logout, I do it with JavaScript using a link like this:
<a href="/logout" onclick="FB.logout();">Logout</a>
这首先调用 onclick 函数并在 facebook 上执行注销,然后调用我网站的正常 /logout 函数.
This first calls the onclick function and performs a logout on facebook, and then the normal /logout function of my site is called.
虽然我也更喜欢服务器端解决方案,但至少它做了我想要的,它让我在两个站点上都退出了.
Though I would prefer a serverside solution as well, but at least it does what I want, it logs me out on both sites.
我对 Facebook 集成内容也很陌生,并且第一次尝试使用它,但我的总体感觉是文档非常分散,有很多过时的内容.
I am also quite new to the Facebook integration stuff and played around the first time with it, but my general feeling is that the documentation is pretty spread all over the place with lots of outdated stuff.
这篇关于Facebook Oauth 登出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
