简体   繁体   English

社交网络登录使用 iOS

[英]Social networking login using iOS

I'm writing an iPhone app which works against my own server.我正在编写一个适用于我自己的服务器的 iPhone 应用程序。

Basically, it's a forum where users can post.基本上,这是一个用户可以发帖的论坛。 I don't want users to sign-in for an account on my server but I rather prefer them to login using any existing account they have: Facebook, Linkedin, Foursquare, etc. So from the app itself, I want them to be able to login using their existing account which will then allow them to post on the forum.我不希望用户在我的服务器上登录帐户,但我更希望他们使用他们拥有的任何现有帐户登录:Facebook、Linkedin、Foursquare 等。所以从应用程序本身来看,我希望他们能够使用他们现有的帐户登录,这将允许他们在论坛上发帖。

My question is that: when a user is posting a message, how can I verify whether or not he is logged in with any service?我的问题是:当用户发布消息时,我如何验证他是否使用任何服务登录? I need to validate it both on the client and server side.我需要在客户端和服务器端都验证它。 I plan on writing the server side using PHP.我计划使用 PHP 编写服务器端。

Thanks谢谢

See this question for a similar discussion (just limited to Facebook sign on).有关类似讨论,请参阅此问题(仅限于 Facebook 登录)。 Here's a high-level overview of what should happen (taken from that discussion I linked to):这是应该发生的事情的高级概述(取自我链接到的那个讨论):

  1. User opens the app on the phone.用户在手机上打开应用程序。 Chooses a service with which to authenticate.选择进行身份验证的服务。
  2. Authenticates via one the available services (Facebook, Twitter, foursquare, etc.) and gets some special access token .通过一项可用服务(Facebook、Twitter、foursquare 等)进行身份验证并获得一些特殊的access token
  3. Your app takes the token and sends it to your server.您的应用程序获取令牌并将其发送到您的服务器。
  4. Your server receives the token and validates it.您的服务器接收令牌并对其进行验证。 It checks it against the service's API and (at least for Facebook and Twitter) get the corresponding user ID.它根据服务的 API 进行检查,并(至少对于 Facebook 和 Twitter)获取相应的用户 ID。
  5. Assuming a valid ID, your server checks if user ID has already been used by some user.假设一个有效的 ID,您的服务器会检查用户 ID 是否已被某个用户使用。 If so, it logs them in. If the user ID hasn't been created, your server creates its own user record associated with that user ID and logs the user in. In either case, the user ends up logged in and your server issues a session key to your app.如果是这样,它会将他们登录。如果尚未创建用户 ID,则您的服务器会创建与该用户 ID 关联的自己的用户记录并让用户登录。在任何一种情况下,用户最终都会登录并且您的服务器会发出问题您的应用程序的session key
  6. The session key is used for all further communication between your app and your server until the user logs out. session key用于您的应用程序和服务器之间的所有进一步通信,直到用户注销。

On the phone, you're going to want some OAuth library to allow users to authenticate with another service.在电话上,您将需要一些 OAuth 库来允许用户使用其他服务进行身份验证。 You'll probably want to use the Facebook iOS SDK to allow them to use Facebook and use one of the suggested OAuth libraries here for your other authentication services. You'll probably want to use the Facebook iOS SDK to allow them to use Facebook and use one of the suggested OAuth libraries here for your other authentication services. I have only used the Facebook SDK, so I can't speak as to the general OAuth libraries.我只使用了 Facebook SDK,所以我不能说一般的 OAuth 库。

Once logged in, the phone should not store the access token , only the session key .登录后,手机不应存储access token ,仅存储session key

Assuming that users can use more than one service to access their account, you will also want some way of connecting two services to the same user (probably by email address).假设用户可以使用多个服务来访问他们的帐户,您还需要某种方式将两个服务连接到同一用户(可能通过 email 地址)。

It's up to you to decide how your app and your server communicate.由您决定您的应用程序和服务器的通信方式。 I'd go for a JSON+REST API for communications with the server.我将 go 用于 JSON+REST API 用于与服务器通信。

I was exploring if better/easy to use/implement options exist in 2020 using third party libraries to allow login with social accounts.我正在探索 2020 年是否存在更好/易于使用/实施的选项,使用第三方库允许使用社交帐户登录。 And found two options:并找到了两个选项:

  1. AuthorizeMe - https://github.com/rubygarage/authorize-me & https://rubygarage.org/blog/authorizeme-ios-libary AuthorizeMe - https://github.com/rubygarage/authorize-me & https://rubygarage.org/blog/authorizeme-ios-libary
  2. Auth0 - https://auth0.com/learn/social-login/ & https://auth0.com/blog/using-centralized-login-to-add-authentication-to-your-ios-apps/ Auth0 - https://auth0.com/learn/social-login/ & https://auth0.com/blog/using-centralized-login-to-add-authentication-to-your-ios-apps/

AuthorizeMe supports: AuthorizeMe 支持:

  1. Facebook Facebook
  2. Twitter Twitter
  3. Google谷歌
  4. Instagram Instagram
  5. LinkedIn领英

plus custom providers加上自定义提供程序

Auth0 supports: Auth0 支持:

  1. Facebook Facebook
  2. Twitter Twitter
  3. Google谷歌
  4. Microsoft (Windows Live)微软(Windows Live)
  5. Yahoo雅虎
  6. Instagram Instagram
  7. Amazon亚马逊
  8. LinkedIn领英
  9. Github Github
  10. PayPal PayPal
  11. vKontakte vKontakte
  12. Yandex Yandex
  13. Box盒子
  14. Baidu百度
  15. Ren Ren (Xiaonei)任人(小内)
  16. Weibo微博
  17. Shopify Shopify
  18. Wordpress Wordpress
  19. Yammer抱怨
  20. SoundCloud声云

and custom providers as well以及自定义提供程序

Disclaimer: I am not affiliated with Auth0 or AuthorizeMe.免责声明:我不隶属于 Auth0 或 AuthorizeMe。

Another option to get your users to login using multiple services is Socialize (www.getsocialize.com).让您的用户使用多种服务登录的另一个选择是 Socialize (www.getsocialize.com)。 It's an open source SDK that manages your users and authentication so you don't have to implement all the steps that cbrauchli has outlined above.它是一个开源 SDK 管理您的用户和身份验证,因此您不必实施 cbrauchli 上面列出的所有步骤。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM