我如何在不同时间向Facebook请求不同的权限？ [英] How can I ask for different permissions from facebook at different times?

问题描述

Facebook建议，在使用Facebook登录名时，应首先要求用户提供尽可能少的权限，尤其要避免在用户需要通过您的网站发布内容之前请求发布权限- https://developers.facebook.com/docs/facebook-login/permissions/#optimizing 。

Facebook recommends that when using facebook login you should initially ask the user for as few permissions as possible, and in particular avoid requesting publish permissions until the user needs to publish something via your site - https://developers.facebook.com/docs/facebook-login/permissions/#optimizing.

我们一直在尝试使用python-social-auth的django应用程序实现此功能，但似乎无法在网站的不同位置请求不同的权限-范围是通过 SOCIAL_AUTH_FACEBOOK_SCOPE 设置来设置的，以后无法再请求其他范围（例如，将 publish_actions 排除在 SOCIAL_AUTH_FACEBOOK_SCOPE ，然后要求用户在尝试从您的网站发布到Facebook时提供该权限）。

We've been trying to implement this using python-social-auth's django app, but it seems that there's no way of asking for different permissions at different points in the site - the scope is set via the SOCIAL_AUTH_FACEBOOK_SCOPE setting, and it's not possible to ask for a different scope later (e.g. excluding publish_actions from SOCIAL_AUTH_FACEBOOK_SCOPE, and then asking the user to provide that permission when they try to post from your site to facebook).

没有人知道这是否有可能

Does anyone know if this is possible in the python-social-auth app, and if so, how?

推荐答案

（以下文字摘录自< a href = http://psa.matiasaguirre.net/docs/use_cases.html#multiple-scopes-per-provider rel = nofollow noreferrer> http://psa.matiasaguirre.net/docs/use_cases.html ＃multiple-scopes-per-provider ）

目前python-social-auth没有提供为单个后端定义多个范围的方法，通常需要这样做因为建议您询问用户可能的最小范围，并在实际需要时增加访问权限。可以添加一个扩展原始后端的新后端来完成该行为，有两种方法可以实现。

At the moment python-social-auth doesn't provide a method to define multiple scopes for single backend, this is usually desired since it's recommended to ask the user for the minimum scope possible and increase the access when it's really needed. It's possible to add a new backend extending the original one to accomplish that behavior, there are two ways to do it.

from social.backends.facebook import FacebookOAuth2


class CustomFacebookOAuth2(FacebookOauth2):
    def get_scope(self):
        scope = super(CustomFacebookOAuth2, self).get_scope()
        if self.data.get('extrascope'):
            scope += [('foo', 'bar')]
        return scope

此方法非常简单，它覆盖了该方法它在后端（ get_scope（））中返回范围值，并在列表中添加额外的值（如果由 GET 或 POST 数据（ self.data ）。

This method is quite simple, it overrides the method that returns the scope value in a backend (get_scope()) and adds extra values tot he list if it was indicated by a parameter in the GET or POST data (self.data).

将此新后端放置在项目中的某个位置，并用此新版本替换 AUTHENTICATION_BACKENDS 中的原始 FacebookOAuth2 。

Put this new backend in some place in your project and replace the original FacebookOAuth2 in AUTHENTICATION_BACKENDS with this new version.

可以通过定义第二个后端来做到这一点，该后端从原始对象扩展但覆盖名称，这意味着新的URL和新后端的新设置（由于使用了名称来构建设置名称），这也意味着提供程序中有新的应用程序，因为并非所有提供程序都可以选择定义多个重定向URL。为此，只需添加一个后端，如：

It's possible to do the same by defining a second backend which extends from the original but overrides the name, this will imply new URLs and also new settings for the new backend (since the name is used to build the settings names), it also implies a new application in the provider since not all providers give you the option of defining multiple redirect URLs. To do it just add a backend like:

from social.backends.facebook import FacebookOAuth2


class CustomFacebookOAuth2(FacebookOauth2):
    name = 'facebook-custom'

将此新后端放在您的某个位置项目，将原始 FacebookOAuth2 保留在 AUTHENTICATION_BACKENDS 中。现在，一组新的URL将起作用：

Put this new backend in some place in your project keeping the original FacebookOAuth2 in AUTHENTICATION_BACKENDS. Now a new set of URLs will be functional:

/login/facebook-custom
/complete/facebook-custom
/disconnect/facebook-custom

还有一组新的设置：

SOCIAL_AUTH_FACEBOOK_CUSTOM_KEY = '...'
SOCIAL_AUTH_FACEBOOK_CUSTOM_SECRET = '...'
SOCIAL_AUTH_FACEBOOK_CUSTOM_SCOPE = [...]

需要额外的权限时，只需将用户重定向到 / login / facebook-custom ，然后获得社交身份验证 user.social_auth.get（provider ='facebook-custom'）的新后端的条目，并使用 access_token 在其中。

When the extra permissions are needed, just redirect the user to /login/facebook-custom and then get the social auth entry for this new backend with user.social_auth.get(provider='facebook-custom') and use the access_token in it.

这篇关于我如何在不同时间向Facebook请求不同的权限？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！