dthh5038 2012-08-22 10:34
浏览 60
已采纳

在iPhone应用程序和第三服务器中的FB身份验证

my company is developing a system that works as follows:

there is an iphone/mobile app and a php server that offers rest services.

in the mobile app,the user can register/login in 2 ways:

  1. username/password couple
  2. facebook account

while the point 1. is quite clear, i am in difficulty with the point number 2:

from what i understand , the sequence should be something like the following:

1 - the app sends to fb user data, and fb in some way that i don't care authenticate the user and answer with "ok, it's you". 2- the app must now request to the php server some user data.

how can i authenticate the communication between the server and the app, after the user has logged with fb in the app ?

i can't just ask "send me the data of the user fbid" because with a simple request that could be retrieved by anyone.

  • 写回答

1条回答 默认 最新

  • douzi7890 2012-08-22 12:19
    关注

    That's why you use the "secret key" (part of facebook settings).

    When a user logs in via your app, they give approval to share info with your app and get given a token - the token is a session id. That session Id can only be used by that user, from that phone with your app - unless you have the "secret key".

    The phone then passes that session ID to the server.

    The server then passes the token, along with the secret key, and facebook gives the server back the same information as it would the user on the phone. That's how it authenticates.

    Anyone else (other than the user on the phone) not having the secret key, and the token is useless.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?