Google/Facebook Oauth的唯一ID [英] Unique ID for Google/Facebook Oauth

问题描述

我从Facebook和Google获得了唯一且不变的令牌吗?

Are there any unique and unchanging tokens available to me from Facebook and Google?

一旦我从Oauth登录中获取了令牌和用户信息，就由我来搜索数据库中包含该电子邮件的用户，并创建一个帐户(如果该帐户不存在).

Once I get the tokens and user information back from Oauth login, it is then up to me to search my database for a user with that email and create an account if it does not exist.

问题是，即使oauth令牌(因此电子邮件是真实的)，当我查找用户时，我仍然想在数据库查询中使用第二个令牌.

The problem is, even if the oauth token and therefore email is authentic, I still want to use a second token in the database query when I look up the users.

在创建用户时，Google和Facebook是否具有可以与电子邮件捆绑在一起的任何唯一ID字段，以帮助确保登录过程的安全性?

Do Google and Facebook have any unique ID fields that I can bundle with the email when I create users to aid in the security of my login process?

p.s.如果有任何已知的验证或令牌生成包可能对我有帮助，我将使用Mean stack和passportjs.

p.s. I am using Mean stack and passportjs if there are any known validation or token generation packages that might help me.

谢谢.

推荐答案

两个提供程序都公开一个唯一的用户ID.

Both providers expose a unique user ID.

• Google 文档:

[...]，您可以从以下位置安全地检索和使用用户的唯一Google ID sub 声明.

要检索Facebook user_id，请致电:

To retrieve the Facebook user_id, make a call to:

https://graph.facebook.com/me?fields=id&access_token=xxx

这篇关于Google/Facebook Oauth的唯一ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！