简体繁体 English

Android：facebook sdk注销问题？

[英]Android: facebook sdk logout problem?

原文 2011-05-12 11:41:06 7 2 android/ facebook/ logout/ single-sign-on

Hello I am using the facebook sdk for android on my android phone and using single sign on. 您好我在Android手机上使用facebook sdk for android并使用单点登录。 It works fine when I logged into the facebook application, my application also signed in. For logout I encountered a confusion. 当我登录facebook应用程序时，它的工作正常，我的应用程序也登录了。对于注销，我遇到了混乱。

The way I implemented was restore the access token and expired date from the user preferences of the application and check the validity of the session. 我实现的方法是从应用程序的用户首选项中恢复访问令牌和过期日期，并检查会话的有效性。 If expired the application calls the facebook.authorized function and once authorized the access token and expired date will update again. 如果过期，应用程序将调用facebook.authorized功能，一旦授权访问令牌，过期日期将再次更新。

There are few things I find a bit confusion when dealing with the logout. 在处理注销时，我发现有些事情有点混乱。

1) When I logged out from facebook application, my application still can get through and request the user details. 1）当我从facebook应用程序注销时，我的应用程序仍然可以通过并请求用户详细信息。 Although, my saved access token on my application has no relationship with the facebook application, I thought it will at least giving me an error when requesting the data. 虽然我在我的应用程序上保存的访问令牌与facebook应用程序没有关系，但我认为在请求数据时至少会给我一个错误。 But it hasn't given me the error. 但它没有给我错误。

Does it suppose to be actting like that. 是否假设是这样做的。 Signing out from facebook apps will not affect the access token I have stored on my application. 从Facebook应用程序注销不会影响我存储在应用程序中的访问令牌。

2) When I logged out from my application and not the facebook application, the facebook application won't automatically logout. 2）当我从我的应用程序注销而不是facebook应用程序时，facebook应用程序将不会自动注销。

2 个解决方案

The Facebook access token and your app access token are separate and distinct, so it is entirely possible that one can be valid and allow access while the other is not valid and will require re-authorisation. Facebook访问令牌和您的应用访问令牌是独立且不同的，因此完全有可能一个可以有效并允许访问而另一个无效且需要重新授权。

If the Facebook app is logged in but your app is not, then the Facebook SDK will use the existing Facebook app login to obtain a new access token for your app without authenticating, but this is still not linked to the Facebook app login token in any way. 如果Facebook应用程序已登录但您的应用程序未登录，那么Facebook SDK将使用现有的Facebook应用程序登录为您的应用程序获取新的访问令牌而无需进行身份验证，但这仍未链接到任何Facebook应用程序登录令牌方式。

If the Facebook app is not installed, or not logged in, then the Facebook SDK will take you to the Facebook website to do the initial authentication, but this does not log the Facebook app in because there is no connection between your access token and the Facebook access token. 如果Facebook应用程序未安装或未登录，则Facebook SDK将带您到Facebook网站进行初始身份验证，但这不会记录Facebook应用程序，因为您的访问令牌与Facebook访问令牌。

So, in summary - your understanding is correct. 总而言之 - 您的理解是正确的。 There's no interaction between the two apps except for when your app tries to authenticate a user, then the Facebook app will act as a proxy, allowing you to gain access without authenticating so long as Facebook is logged in. After that, there is no further interaction and what you've observed is expected and intended behaviour. 除了您的应用程序尝试对用户进行身份验证之外，两个应用程序之间没有交互，然后Facebook应用程序将充当代理，只要Facebook登录，您就可以在不进行身份验证的情况下获得访问权限。之后，没有进一步的互动以及您观察到的预期和预期行为。

I have the same problem. 我也有同样的问题。 I'm thinking about creating a "isLogged" var and store it so that when someone logout and restart the app it will not even verify if the user is logged bypassing facebook's session verify. 我正在考虑创建一个“isLogged”var并存储它，以便当有人注销并重新启动应用程序时，它甚至不会验证用户是否绕过facebook的会话验证进行了记录。