具有最少api调用的Facebook应用程序的结构 [英] Structure of a facebook app with minimal api calls
问题描述
我阅读了有关FB登录,PHP登录,JS登录,Canvas应用登录的所有FB文章,但是我仍然不清楚.首次使用JavaScript登录后,如何保持用户登录?您会收到一个signed_request(可用于对用户ONCE进行身份验证(在画布应用程序的初始加载和登录时,对吗?),假设您使用该信息来验证服务器端用户.但是随后的页面加载如何?
I read all the articles on FB regarding PHP login, JS login, Canvas app login, but something remains unclear to me. How does one keep a user logged in after the initial login in JavaScript? You receive a signed_request (which you can use to authenticate the user ONCE (on initial load of a canvas app and on login, right?), let's say you use that information to verify the user server-side. Ok, so far.. But what about subsequent page loads?
基本上我的问题是..我可以使用PHP FB SDK来验证用户是否在没有API调用的情况下在每次页面加载时都经过身份验证吗?如何?有没有办法做到与画布兼容?
Basically my question is this.. Can I use the PHP FB SDK to verify a user is authenticated on each page load without an API call? How? Is there a way to do it that is compatible with canvas?
我不希望进行任何API调用的原因是因为我达到了一次限制,并且我的应用程序停了一整夜.不想再这样...
The reason I don't want any API calls is because I hit the limit once and my app went down for an entire night. Don't want that again...
我正在考虑的一种解决方法是存储用户令牌(无论如何我都想)并在会话/cookie中使用它来在PHP的每个页面加载时对用户进行身份验证,但是我不确定这是否最好的方法是,因为:使用我自己的会话/cookie,即使用户未登录FB也可以保持登录状态.另外,我认为FB不允许在画布应用中使用此功能.
A workaround I'm thinking of is to store the user token (which I want to anyway) and use that in a session/cookie to authenticate the user on every page load in PHP, but I'm not sure if this is the best approach, because: Using my own session/cookie would allow a user to stay logged in even if they are not logged in FB. Also, I presume FB wouldn't allow this for a canvas app.
我找到了这些相关问题,但信息来自2011年: PHP:通过更少的API调用使用Facebook OAuth Facebook登录:如何将JavaScript与PHP SDK结合?
I found these relevant questions, but the information is from 2011: PHP: Using Facebook OAuth with less API calls Facebook Login: How to combine JavaScript with PHP SDK?
推荐答案
您提到的解决方法是正确的方法.保存令牌,在令牌过期时使用和更新令牌-大多数公司坚持使用的方式.
The workaround you mentioned is the right way of doing it. Saving tokens, using and updating them as they become expired - the way most companies stick to.
仅在新用户或令牌已过期的情况下,才应使用OAuth.您使用的API并不重要.实际上,您可以通过JavaScript进行身份验证,然后将其传递给PHP以供进一步使用.
Only in cases of new users or expired tokens the OAuth should be used. The API you use is not important. You can actually retreive authentication through JavaScript and pass it to PHP for further usage.
干杯.
这篇关于具有最少api调用的Facebook应用程序的结构的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
