[英]Security concerns for using FBSDKLoginManager for IOS
According to Facebook docs, Facebook login for IOS provide "FBSDKLoginManager" - which directly call into the API to perform login or additional authorizations with your own UI. 根据Facebook文档,用于IOS的Facebook登录提供了“ FBSDKLoginManager”,该FBSDKLoginManager直接调用API以使用您自己的UI执行登录或其他授权。 https://developers.facebook.com/docs/facebook-login/ios#login-apicalls
https://developers.facebook.com/docs/facebook-login/ios#login-apicalls
If an application uses its own login UI, it can potentially steals user credentials typed into it. 如果应用程序使用其自己的登录UI,则可能会窃取键入到其中的用户凭据。 That seems violates the purpose of OAuth2.0/OpenID to make authentication mechanisms and credentials independent from the client/app.
这似乎违反了OAuth2.0 / OpenID的目的,即使身份验证机制和凭据独立于客户端/应用程序。
I'm wondering why there is a "FBSDKLoginManager" and what is the right use case for it? 我想知道为什么会有“ FBSDKLoginManager”,什么是正确的用例?
The phrase "with your own UI" was referring to the UI elements that trigger the login flow (such as a custom login button). 短语“使用您自己的UI”是指触发登录流程的UI元素(例如自定义登录按钮)。 The authentication exchange still occurs over Facebook UI (ie, the login manager will typically app switch to the native Facebook app if installed, or to the Safari browser).
身份验证交换仍通过Facebook UI进行(即,登录管理器通常会将应用切换到本机Facebook应用(如果已安装)或Safari浏览器)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.