Google/Facebook Oauth的唯一ID [英] Unique ID for Google/Facebook Oauth
问题描述
我从Facebook和Google获得了唯一且不变的令牌吗?
Are there any unique and unchanging tokens available to me from Facebook and Google?
一旦我从Oauth登录中获取了令牌和用户信息,就由我来搜索数据库中包含该电子邮件的用户,并创建一个帐户(如果该帐户不存在).
Once I get the tokens and user information back from Oauth login, it is then up to me to search my database for a user with that email and create an account if it does not exist.
问题是,即使oauth令牌(因此电子邮件是真实的),当我查找用户时,我仍然想在数据库查询中使用第二个令牌.
The problem is, even if the oauth token and therefore email is authentic, I still want to use a second token in the database query when I look up the users.
在创建用户时,Google和Facebook是否具有可以与电子邮件捆绑在一起的任何唯一ID字段,以帮助确保登录过程的安全性?
Do Google and Facebook have any unique ID fields that I can bundle with the email when I create users to aid in the security of my login process?
p.s.如果有任何已知的验证或令牌生成包可能对我有帮助,我将使用Mean stack和passportjs.
p.s. I am using Mean stack and passportjs if there are any known validation or token generation packages that might help me.
谢谢.
推荐答案
两个提供程序都公开一个唯一的用户ID.
Both providers expose a unique user ID.
-
Google 文档:
[...],您可以从以下位置安全地检索和使用用户的唯一Google ID sub 声明.
要检索Facebook user_id,请致电:
To retrieve the Facebook user_id, make a call to:
https://graph.facebook.com/me?fields=id&access_token=xxx
这篇关于Google/Facebook Oauth的唯一ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!