访问我的网站后,是否可以使用Facebook的oAuth服务,而不会让用户登录到Facebook? [英] Is it possible to use Facebook's oAuth service without leaving users logged in to Facebook after they visit my site?
问题描述
我依靠可通过NuGet下载的FB api包装器。
几个我看到的例子包括一个可以通过API调用的Facebook注销方法,让FB知道用户已经从我的网站注销了,我认为这应该是做正确的事情。但是,该方法似乎已经从库中删除(和API?)。
是否有其他方法我应该调用,为了正确的事情发生或者,或者,人们使用某种解决方法?
它看起来有点不诚实,要求人们使用他们的FB登录访问我的网站,只有让他们偷偷保持登录到FB后,他们已经退出我的
以下使用的解决方法(手工制作注销URL)。小心你的url编码
根据 Facebook的开发者TOS (项目#6),当用户退出您的网站(并使用Facebook登录)时,您需要将用户登出Facebook。
请考虑以下用例:
用户通过公共计算机(库)访问您的网站并选择登录(使用Facebook登录)访问未登录的用户不可用的限制功能。用户进行业务,然后注销。如果您没有将其登出Facebook,他们的帐户现在可以在公共计算机上使用,因此如果新用户在初始用户离开后使用公用计算机,则新用户可以访问初始用户的Facebook信息。
不知道NuGet,但是使用 Facebook的PHP SDK ,您只需要调用Facebook的注销功能生成一个带有下一个参数的URL,并且access_token。因此,当用户点击退出链接时,他们将被重定向到Facebook,注销,然后重定向到您的网站以完成注销过程。
注销链接示例:
https://www.facebook.com/logout.php?next=http%3a%2f%2fextapi.yourhost。 COM%2flogout&安培; RD = HTTP%3A%2F%2fyourhost.com%2flogout&安培; =的access_token AAACRZBIZAGE18BAEyQ8AcmRKGGtmeYlw4MFYjuDHfTlZBSZA3pZAJ5xnKABELBmkOroaxlDsoPgFVHPvvkfZAFRQarCRL0Fhy7UrZCAZAfRFtvwBo4lY4s4X
说明:
- next:这是用户在注销Facebook之后被重定向到的链接(这将是您在Facebook注册的域名)
- rd:T他是一个任意的url参数,所以当用户重定向回我的网站时,我可以将它们重定向到另一个着陆页(注销页面除外)。
- access_token:access_token是否生成当您在
中登录用户时,由Facebook通过
I've got a test MVC site set up, and configured to log users in to it using Facebook's authentication systems. Once users log out of my system, how do I ensure that the right thing happens wrt to the users being logged in to Facebook (ie, they revert to whatever state od logged in they were before visiting my site)?
I'm relying on the FB api wrappers that are available to download through NuGet.
Several of the examples I see include a facebook logout method that can be called through the API, to let FB know that user(s) have logged out of my site, which, I assume, is supposed to "do the right thing". However, the method seems to have been removed from the library (and from the API?).
Is there some other method I should be calling, in order for the "right thing" to happen? Or, alternatively, some sort of workaround that people use?
It sees a bit disingenuous to ask people to access my site with their FB logins, only to have them surreptitiously remain logged in to FB after they've logged out of my site.
Used workaround below (hand crafting a logout URL). Be careful of your url encoding
According to Facebook's developer TOS (item #6), you are required to log the user out of Facebook when the user logs out of your site (and used Facebook to login).
Consider the following use case:
A user accesses your site via a public computer (library) and opt to login (using facebook login) to access restricted features not available to users who are not logged in. The user conducts their business, then logs out. If you do not log them out of Facebook, their account is now available on the public computer, so if a new user uses the public computer after the initial user leaves, the new user could access the initial user's Facebook information.
Not sure about NuGet, but using Facebooks PHP SDK, you simply need to call Facebook's logout function which should generate a url with a next param, and access_token. So when the user clicks the logout link, they will be redirected to Facebook, logged out, then redirected back to your site to complete the logout process.
Example logout link:
Explained:
- next: This is the link the user will be redirected to after they are logged out of Facebook (this will be the domain you have registered with Facebook)
- rd: This is an arbitrary url param so when the user is redirected back to my site, I can redirect them back to another landing page (other than logout page).
- access_token: Is the access_token generated by Facebook when you logged the user in
这篇关于访问我的网站后,是否可以使用Facebook的oAuth服务,而不会让用户登录到Facebook?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
