如何在iOS应用中合并本地用户和Facebook用户

Question

I want to give the opportunity for a user of an app to register/login with Facebook or by creating an account. I know that I can get the user's Facebook account email address, and their first and last names. That's basically the only information for creating a 'local' app account, apart from a password. How can I make sure that if that person logs in to Facebook on another device, that their two devices are linked to the same 'local' account? (ie if they choose to sign in with Facebook with 2 devices, I only want one local account to be created on my server for that user).

Ideally, I want the login schemes for both to be identical. So if that user logs in with Facebook, I can check (securely) that the FB account is linked to a 'local' account, and automatically log that device in without making the user type in a password. Is this possible?

Edit: The 'local' users will be stored in a database on my server, and the front end will be done in Python running alongside the API for the app. Note that 'local' is just referring to the fact that it uses my app web service rather than an external social network.

Answer 1

You can do that within your users database as per below:

assuming you store the user data in a table named userinfo , this table should contain user e-mail, first name, etc..

Add another column in this table named fbemail.

If users signs in using web service, his email will be saved in the email field & the fbemail should be null, if signs in using FB, then both email & fbemail should be the extracted email.

when the user uses FB login, check the fbemail field, if not found, then this is a new user, add his data, if not, then this is a returning user, no need to add his data.

Answer 2

Option 1.

You can identify your Facebook user by his Facebook User ID. If he logs in using Facebook on other device you know it cause he sends you his Facebook User ID in the authentication process. He also sends you Facebook access token which you validate contacting Facebook to see if it is correct. Using this approach you have to have a different authentication scheme for Facebook user and "normal", email user.

Option 2.

To have the same login scheme you can use Facebook to get user email and prepend it in the email text field in your registration screen. The user would need to additionally provide a password. This means that you are not really doing a Login with Facebook, but use Facebook to obtain an email (and any additional information) so the user does not have to type it.

Answer 3

This is an old post but still very valid. You are correct, anybody who has your FB email could potentially access your server rest-api and log into it. To access a backend service you will need to use as password the FB access token generated during the FB log-in. This is stored in the device keychain and can be retrieved as:

NSString *accessToken = [[FBSDKAccessToken currentAccessToken] tokenString];
NSString *userID = [[FBSDKAccessToken currentAccessToken] userID];

The topic of using a FB authentication system in parallel to a custom login/registration system is covered in this FB guide: Using Facebook Login with Existing Login Systems .

In sum, different scenarios need to be addressed:

• A person signs up for your app using their email and password, but later they want to use Facebook Login to obtain data from their Facebook account, to post to their timeline, or just to use to log in with in future.
• A person signs up for the app using their email and password, but later chooses to log in with Facebook separately. This guide assumes that the email supplied first and the primary email associated with their Facebook account are the same.
• A person signs up for the app using Facebook Login and later wants to log in to this account using an email address and password.

The guide recommends using two different tables for the FB log-in and the custom login.