是否可以使用Facebook的oAuth服务而无需在用户访问我的网站后让他们登录Facebook? [英] Is it possible to use Facebook's oAuth service without leaving users logged in to Facebook after they visit my site?
问题描述
我已经建立了一个测试MVC网站,并配置为使用Facebook的身份验证系统将用户登录到该网站.一旦用户退出我的系统,如何确保登录到Facebook的用户会发生正确的事情(即,他们恢复到访问我的网站之前已登录的状态)?
我依赖可以通过NuGet下载的FB api包装器.
我看到的几个示例都包括一个可以通过API调用的facebook注销方法,以让FB知道用户已经注销了我的网站,我认为这应该做对了"事物".但是,该方法似乎已从库(以及从API?)中删除.
为了使正确的事情"发生,是否应该调用其他方法?或者,或者人们使用的某种解决方法?
要求人们使用FB登录名访问我的网站,只是让他们在退出我的网站后秘密地保持登录FB,这似乎有些不明智.
下面使用了变通办法(手工制作注销URL).请注意您的网址编码
根据 Facebook的开发人员TOS (项目6),当用户退出您的网站(并使用Facebook登录)时,您需要将其退出Facebook.
考虑以下用例:
用户通过公用计算机(库)访问您的站点,并选择登录(使用Facebook登录)以访问未登录用户不可用的受限功能.用户开展业务,然后注销.如果您不将其注销,则他们的帐户现在可以在公用计算机上使用,因此,如果新用户在初始用户离开后使用该公用计算机,则新用户可以访问初始用户的Facebook信息.
不确定NuGet,但是使用 Facebooks PHP SDK ,您只需要调用Facebook的注销函数,该函数应生成带有下一个参数的网址,和access_token.因此,当用户单击注销链接时,他们将被重定向到Facebook,注销,然后重定向回您的网站以完成注销过程.
示例注销链接:
- 下一个:这是用户注销Facebook后将重定向到的链接(这是您在Facebook中注册的域)
- rd:这是一个任意的url参数,因此当用户重定向回我的网站时,我可以将其重定向回另一个登录页面(而不是注销页面).
- access_token:是您在用户登录时由Facebook生成的access_token
I've got a test MVC site set up, and configured to log users in to it using Facebook's authentication systems. Once users log out of my system, how do I ensure that the right thing happens wrt to the users being logged in to Facebook (ie, they revert to whatever state od logged in they were before visiting my site)?
I'm relying on the FB api wrappers that are available to download through NuGet.
Several of the examples I see include a facebook logout method that can be called through the API, to let FB know that user(s) have logged out of my site, which, I assume, is supposed to "do the right thing". However, the method seems to have been removed from the library (and from the API?).
Is there some other method I should be calling, in order for the "right thing" to happen? Or, alternatively, some sort of workaround that people use?
It sees a bit disingenuous to ask people to access my site with their FB logins, only to have them surreptitiously remain logged in to FB after they've logged out of my site.
Used workaround below (hand crafting a logout URL). Be careful of your url encoding
According to Facebook's developer TOS (item #6), you are required to log the user out of Facebook when the user logs out of your site (and used Facebook to login).
Consider the following use case:
A user accesses your site via a public computer (library) and opt to login (using facebook login) to access restricted features not available to users who are not logged in. The user conducts their business, then logs out. If you do not log them out of Facebook, their account is now available on the public computer, so if a new user uses the public computer after the initial user leaves, the new user could access the initial user's Facebook information.
Not sure about NuGet, but using Facebooks PHP SDK, you simply need to call Facebook's logout function which should generate a url with a next param, and access_token. So when the user clicks the logout link, they will be redirected to Facebook, logged out, then redirected back to your site to complete the logout process.
Example logout link:
Explained:
- next: This is the link the user will be redirected to after they are logged out of Facebook (this will be the domain you have registered with Facebook)
- rd: This is an arbitrary url param so when the user is redirected back to my site, I can redirect them back to another landing page (other than logout page).
- access_token: Is the access_token generated by Facebook when you logged the user in
这篇关于是否可以使用Facebook的oAuth服务而无需在用户访问我的网站后让他们登录Facebook?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
