Facebook无需重定向验证？ [英] Facebook Authentication Without Redirect?

问题描述

有没有办法使用Facebook身份验证（OAuth 2.0）而不重定向？

Is there a way to use facebook authentication (the OAuth 2.0) without redirecting?

我没有使用Facebook登录按钮，所以我应该重定向到 https://www.facebook.com/dialog/oauth ？
client_id = YOUR_APP_ID& redirect_uri = YOUR_URL，但我不想将我的用户重定向到我的网页之外。有没有办法在弹出窗口中打开此网址（如何做这个btw？），然后捕获sessionChange事件就像使用正常的Facebook登录按钮？

我正在使用jQuery和金字塔。

I am not using the facebook login button, so I am supposed to redirect to https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL, but I don't want to redirect my user outside of my page. Is there a way to open this url in a popup window (how do I do that btw?), and then catch the sessionChange event just like when working with the normal facebook login button?
I am using jQuery and Pyramid.

谢谢！

推荐答案

用户具有有效的访问令牌，换句话说，在某个时候登录到您的站点。 FB给你前端的会话数据，所以得到这样：

You can check if the user has a valid access token, in other words, was logged on to your site at some point. FB gives you the session data on the front end so get it like this:

    FB.getLoginStatus(function(response){
        //send the response to the back end in a json string
    });

然后使用旧版签名验证的修改版本在后端进行验证。它接缝工作。请让我知道，如果我错过了一些东西。
它只会告诉您用户标识，访问令牌与您的站点匹配。不需要卷曲电话。
它不告诉你，如果会话实际上是当前有效的，但是不要依赖它为您的银行系统或任何东西。

Then validate it on the back end using a modified version of the legacy signature validation. It seams to work. Please let me know if I'm missing something. It only tells you that the user id, access token match for your site. No curl calls needed. It doesn't tell you if the session is actually currently valid though so don't rely on it for your banking system or anything.

function validateFB_sessionObj($sessionObj){//pass me the session data object
   $sessionObj = $sessionObj->session;
   global $fb;//pull in the secret fb keys
   if (!is_object($sessionObj) || !isset($sessionObj->uid) || !isset($sessionObj->access_token) || !isset($sessionObj->sig)){
//       warning("facebook session object is lacking something", $sessionObj);
       return false;
   }
   $expectedSig = generateSig($sessionObj, $secret);
   if ($sessionObj->sig = $expectedSig){
     //  status("fb signature looks good");
       return true;
   } else {
    //   warning("facebook signature looks wrong", $sessionObj);
       return false;
   }
}

function generateSig($params, $secret){
   $string = $params->access_token . $params->uid . $secret;
   return md5($string);
}

这篇关于Facebook无需重定向验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！