如果用户使用与注册不同的 FB 帐户,如何限制对 facebook API 的访问
[英]how to restrict access to facebook API (from JS dialog) if the user is using different FB account than he sign up
问题描述
The scenario is: User sign up to site with facebook_account_1, (he garant accessing to the site so site store his UID in DB so he won't have to give site access right each time he tries to log in ), now he can click on "invite friends" link that will popup nice JS pretybox with his friends.
场景是:用户使用 facebook_account_1 注册站点,(他保证访问该站点,因此站点将他的 UID 存储在 DB 中,这样他每次尝试登录时都不必授予站点访问权限),现在他可以单击在“邀请朋友”链接上,将与他的朋友一起弹出漂亮的 JS pretybox。 So far so good.到目前为止,一切都很好。 Now in new tab he manage to logout from facebook_account_1 and logs in to facebook_account_2 (while he is still using the same account on our site), ... now when he clicks on the "invite friends" link he can invite friends from that second account.现在在新标签中,他设法从 facebook_account_1 注销并登录到 facebook_account_2(虽然他仍在我们网站上使用同一个帐户),......现在当他点击“邀请朋友”链接时,他可以从那一刻开始邀请朋友帐户。
the issue is that this JS popup isn't dealing with my db stored access token (witch is logical) however I'm looking for solution how to restrict that popup to display warning message "you are already using different FB account than is your stored UID", but the way that JS -> FB communication is done I cannot just replace Requested UID, with the stored UID.问题是这个 JS 弹出窗口没有处理我的数据库存储访问令牌(女巫是合乎逻辑的)但是我正在寻找解决方案如何限制该弹出窗口以显示警告消息“您已经使用不同的 FB 帐户而不是您存储的UID”,但是 JS -> FB 通信的完成方式我不能只用存储的 UID 替换 Requested UID。
the only solution we manage to think up is just kinda compare stored FB cookie UID with the the users UID in DB, but you cannot do that because of the browser restrictions (witch is also logical)我们设法想到的唯一解决方案是将存储的 FB cookie UID 与 DB 中的用户 UID 进行比较,但由于浏览器的限制,您不能这样做(女巫也是合乎逻辑的)
these are things I have to keep on site: 1 site now can store only 1 FB access token (UID) 2 for now I'm not allowed to refactor the JS popup to custom interface where I can deal this problem这些是我必须保留在站点上的内容: 1 个站点现在只能存储 1 个 FB 访问令牌 (UID) 2 现在我不允许将 JS 弹出窗口重构为可以处理此问题的自定义界面
any ideas?有任何想法吗?
BTW sorry for the long title of question,couldn't think it shorter顺便说一句,对于问题的长标题感到抱歉,不能认为它更短
1 个解决方案
解决方案1
0 2011-07-18 11:05:04
How he managed to logout from the popup?他是如何设法从弹出窗口中注销的?
I would suggest you to use the standard dialogs given by the facebook, in that the url will be disabled and other things are automatically handled by fb.我建议您使用 facebook 提供的标准对话框,因为 url 将被禁用,其他事情将由 fb 自动处理。
The dialog can be found at http://developers.facebook.com/docs/reference/dialogs/requests/该对话框位于http://developers.facebook.com/docs/reference/dialogs/requests/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.