Facebook Oauth注销 [英] Facebook Oauth Logout
问题描述
我有一个使用Oauth 2与Facebook集成的应用程序。
我可以使用FB进行授权,并且完美地查询其REST和Graph API,但是当我授权使用FB创建活动浏览器会话。然后我可以注销我的应用程序,但与FB持续的会话仍然存在,所以如果其他人使用浏览器,他们将会看到以前的用户FB帐户(除非以前的用户手动注销FB)。
我授权的步骤是:
- 致电[LINK:graph.facebook。 com / oauth / authorize?client_id ...]
如果用户的浏览器不启用,此步骤将打开一个Facebook登录/连接窗口已经有一个活跃的FB会话。一旦他们登录到Facebook他们重定向到我的网站一个代码,我可以交换一个oauth令牌。
- 调用[LINK:graph.facebook.com/oauth/access_token?client_id ..]与代码(1)
现在我有一个Oauth令牌,用户的浏览器登录到我的网站,并进入FB。
- 我打电话给的API做的事情:即[LINK:graph.facebook.com/me?access_token = ..]
让我的用户说想要注销我的网站。 FB条款和条件要求我执行单一注销,所以当用户注销我的网站时,他们也会从Facebook注销。有论据是这有点尴尬,但是如果有任何方式实现这一点,我很乐意遵守。
我已经看到建议: p>
A。我使用Javascript API注销:FB.Connect.logout()。好的,我尝试使用它,但它没有工作,我不知道如何可能,因为我不使用Javascript API在我的网站上。该会话不是由JavaScript API维护或创建的,所以我不知道它应该如何过期。
B。使用[LINK:facebook.com/logout.php]。这是前一段时间在Facebook论坛的管理员建议的。给出的例子与旧的方式获得FB会话(非oauth),所以我不认为我可以在我的情况下应用它。
C。使用旧的REST api expireSession或撤销授权。我尝试了这两个,当他们确实过期Oauth令牌时,它们不会使浏览器当前使用的会话无效,因此它没有任何效果,用户没有退出Facebook。
我真的有点松了一口气,Facebook的文档很差,含糊不清,很差。在论坛上的支持是不存在的,目前我甚至不能登录到Facebook论坛,除此之外,他们自己的FB Connect集成甚至不能在论坛本身上工作。不会激发很多信心。
Ta可以提供任何帮助。
Derek
ps。必须将HTTPS更改为LINK,没有足够的业力发布可能足够公平的链接。
我有同样的问题。我也使用oauth登录(我使用的是RubyOnRails),但是要注销,我使用这样的链接使用JavaScript:
< a href =/ logoutonclick =FB.logout();>注销< / a>
这首先调用 onclick 函数并执行在Facebook上注销,然后调用我的网站的正常 / logout 功能。
虽然我也喜欢服务器端解决方案,但至少它做我想要的,它在两个网站上登录。
我也是Facebook的整合新手,并首次使用它,但我的一般感觉是文档很漂亮,很多过时的东西。
I have an application that integrates with Facebook using Oauth 2.
I can authorize with FB and query their REST and Graph APIs perfectly well, but when I authorize an active browser session is created with FB. I can then log-out of my application just fine, but the session with FB persists, so if anyone else uses the browser they will see the previous users FB account (unless the previous user manually logs out of FB also).
The steps I take to authorize are:
- Call [LINK: graph.facebook.com/oauth/authorize?client_id...]
This step opens a Facebook login/connect window if the user's browser doesn't already have an active FB session. Once they log-in to facebook they redirect to my site with a code I can exchange for an oauth token.
- Call [LINK: graph.facebook.com/oauth/access_token?client_id..] with the code from (1)
Now I have an Oauth Token, and the user's browser is logged into my site, and into FB.
- I call a bunch of APIs to do stuff: i.e. [LINK: graph.facebook.com/me?access_token=..]
Lets say my user wants to log out of my site. The FB terms and conditions demand that I perform Single Sign Off, so when the user logs out of my site, they also are logged out of Facebook. There are arguments that this is a bit daft, but I'm happy to comply if there is any way of actually achieving that.
I have seen suggestions that:
A. I use the Javascript API to logout: FB.Connect.logout(). Well I tried using that, but it didn't work, and I'm not sure exactly how it could, as I don't use the Javascript API in any way on my site. The session isn't maintained or created by the Javascript API so I'm not sure how it's supposed to expire it either.
B. Use [LINK: facebook.com/logout.php]. This was suggested by an admin in the Facebook forums some time ago. The example given related to the old way of getting FB sessions (non-oauth) so I don't think I can apply it in my case.
C. Use the old REST api expireSession or revokeAuthorization. I tried both of these and while they do expire the Oauth token they don't invalidate the session that the browser is currently using so it has no effect, the user is not logged out of Facebook.
I'm really at a bit of a loose end, the Facebook documentation is patchy, ambiguous and pretty poor. The support on the forums is non-existant, at the moment I can't even log in to the facebook forum, and aside from that, their own FB Connect integration doesn't even work on the forum itself. Doesn't inspire much confidence.
Ta for any help you can offer. Derek
ps. Had to change HTTPS to LINK, not enough karma to post links which is probably fair enough.
I am having the same problem. I also login using oauth (I am using RubyOnRails), but for logout, I do it with JavaScript using a link like this:
<a href="/logout" onclick="FB.logout();">Logout</a>
This first calls the onclick function and performs a logout on facebook, and then the normal /logout function of my site is called.
Though I would prefer a serverside solution as well, but at least it does what I want, it logs me out on both sites.
I am also quite new to the Facebook integration stuff and played around the first time with it, but my general feeling is that the documentation is pretty spread all over the place with lots of outdated stuff.
这篇关于Facebook Oauth注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
