胖鸭 2011-01-07 09:11
浏览 342
已采纳

在 iOS 应用程序中设计 Facebook 身份验证,也可以访问安全的网络服务

Goal: Allow a user to authentication with Facebook into an iOS application which requires access to a protected web service that I'm running.

Assumptions: There is a native authentication (and registration) system in place for those users that opt not to use Facebook for sign in.

Details:

  • Assume we want to offer the option for a user to sign in with Facebook without creating a separate account/credential for our system.
  • Because we support our own native auth mechanism (username and password) we have our own user IDs and issue an authentication token that is used for subsequent interactions after the initial credential validation.

I'm surprised that Facebook doesn't have best practices for this in their developer documentation. All the existing documentation is either assuming you are building FB auth into a website, or a standalone mobile app with no service that requires authentication.

Here's my initial thoughts on how this would be designed but want validation on whether it's correct.

  1. Client pops the Facebook iOS Login
  2. UI User signs in with Facebook credentials and gets access token
  3. iOS App passes access token to our server
  4. Our server talks to FB graph API using access token to (a) validate the token and (b) get the FB user ID for that access token.

    e.g. Our server would call https://graph.facebook.com/me/?access_token=XYZ which would return profile info in a JSON object

  5. Assuming it's valid, our server extracts the User ID from the JSON object and checks whether the user already has an account. If so, we issue our own auth ticket to client to use for that session. If user doesn't have an account, we create a new one with the Facebook User ID, assign our own unique UserID and issue our auth ticket.

  6. Client then passes auth ticket back on subsequent interactions that need authentication.

This seems like the right approach to me but not sure if I'm missing something insanely basic and going down the wrong (complicated) path.

转载于:https://stackoverflow.com/questions/4623974/design-for-facebook-authentication-in-an-ios-app-that-also-accesses-a-secured-we

  • 写回答

4条回答

      报告相同问题?

      相关推荐 更多相似问题

      悬赏问题

      • ¥20 51单片机实训实验报告
      • ¥15 C# 循环读写数据中途突然变慢
      • ¥15 用Java实现双端队列
      • ¥150 ID3决策树实现分类
      • ¥15 multisim10安装后,找不到NI License Manager的程序来安装许可证
      • ¥15 C++银行卡系统 Help!
      • ¥15 R语言数据分析的相关问题
      • ¥15 模型导入SP后贴图纹理只有一个,拆了四张UV的,怎么解决?
      • ¥15 检索带order by 非常慢
      • ¥20 python 爬虫 token 加密方式