[英]Facebook integration for mobile app with a backend REST API
We're building mobile apps (iOS and Android) that require a REST API backend and integration with Facebook for authentication. 我们正在构建需要REST API后端并与Facebook集成以进行身份验证的移动应用程序(iOS和Android)。
I'm still confused on what is the best architecture design for this kind of use case. 我仍然对这种用例的最佳架构设计感到困惑。
Main Question: Who is responsible for authenticating/authorizing with Facebook, client or server? 主要问题: 谁负责通过Facebook,客户端或服务器进行身份验证/授权?
Option A: Client authenticates to FB. 选项A:客户端对FB进行身份验证。 Client sends requests using the token it received from Facebook. 客户端使用从Facebook收到的令牌发送请求。 Server uses that token to identify the user. 服务器使用该令牌来标识用户。
Option B: Server authenticates to FB in behalf of the client. 选项B:服务器代表客户端向FB进行身份验证。
Additional notes (may be relevant or not): 附加说明(可能相关与否):
You should go with option A. 你应该选择A.
If you are using django-rest-framework, you should have a look at the django-rest-auth package. 如果你使用的是django-rest-framework,你应该看看django-rest-auth包。 It handles user login/creation on the server side using the access token. 它使用访问令牌处理服务器端的用户登录/创建。
https://django-rest-auth.readthedocs.org/en/latest/installation.html#social-authentication-optional https://django-rest-auth.readthedocs.org/en/latest/installation.html#social-authentication-optional
You can take a look at the Facebook SDK for Python , it should tell you how to incorporate it into your app and it shows how to integrate with a few frameworks here (Flask being similar to django for this). 你可以看看Facebook SDK for Python ,它应该告诉你如何将它合并到你的应用程序中,它展示了如何在这里集成一些框架(Flask类似于django)。
Facebook will be doing the authentication on their side, not you, though you may want to store the user's token in a database. 尽管您可能希望将用户的令牌存储在数据库中,但Facebook将在他们身边进行身份验证,而不是您。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.