堆栈内存溢出
  简体   繁体   English

Facebook:从数据库中删除未经授权的用户

[英]Facebook: removing users from a database who have unauthorized the application

 原文  2012-04-18 12:58:06       php/ facebook/ facebook-php-sdk

问题描述

I have a website which uses Facebook's registration plugin. 我有一个使用Facebook的注册插件的网站。

Everything is working fine, I have one issue though: if somebody was on Facebook and unauthorized my application then never returned to my site, how would I know? 一切正常,但是我有一个问题:如果有人在Facebook上并对我的应用程序进行未经授权的访问,然后再也没有回到我的网站,我怎么知道?

The reason I am asking is I am storing user data in a database, namely the access_token , Facebook ID and (custom field) username, along with their joined date and last_active date. 我问的原因是我将用户数据存储在数据库中,即access_token ,Facebook ID和(自定义字段)用户名,以及他们的joined日期和last_active日期。

Is there any way that Facebook can interact with my site when a user has unauthorized my app, allowing me to remove them from my site database? 当用户未授权我的应用程序,从而允许我将其从我的站点数据库中删除时,Facebook是否可以通过任何方式与我的站点进行交互?

Even something simple like: 甚至是简单的东西: 

$unauth_url = 'http://example.com/unauthorize';
file_get_contents($unauth_url . '?signed_request=' . $signed_facebook_request);

which runs when the page is app is removed would get the job done. 当页面是应用程序删除时运行,它将完成工作。

Is there anything like this available? 有这样的东西吗?

2 个解决方案

解决方案1
 3 已采纳  2012-04-18 13:13:57

There is an interesting option in the fb platform called Deauthorize Callback ... It simple calls a page on your app or site when a user removes your app. fb平台中有一个有趣的选项,称为Deauthorize Callback ...,它在用户删除您的应用程序时简单地在您的应用程序或网站上调用页面。 Simple put the database record deletion code in this page... 简单地将数据库记录删除代码放在此页面中...

解决方案2
 0  2012-04-18 13:16:24

In your configuration of your facebook-app there is an option called deauth-request(or similar to that). 在您的facebook-app配置中,有一个名为deauth-request的选项(或类似的选项)。 There you can define a callback url, which will be invoked if somebody unauthorizes your app. 您可以在此处定义一个回调URL,如果有人对您的应用程序未授权,则将调用该URL。 Facebook passes soem POST information with that request to recognize the user for example. Facebook通过该请求传递soem POST信息,例如以识别用户。

You just have to implement a script on your server which deletes the user with that accesstoken from your database. 您只需要在服务器上实现一个脚本即可从数据库中删除具有该访问令牌的用户。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何阻止未经授权的用户进入应用程序? - How to lock out unauthorized users from application? 移除不再拥有该角色的用户的 WordPress 能力 - Remove WordPress capabilities from users who no longer have the role 未启用安全浏览的用户无法看到我的Facebook应用 - My Facebook app can't be seen by users who do not have secure browsing enabled Facebook从应用程序检查用户权限 - facebook check users permissions from application 从Facebook应用程序向用户发送通知 - Sending Notification to users from a Facebook Application 是否可以找到某年某高中毕业的所有Facebook用户? - Would there be a way to find all facebook users who graduated from a high school on a certain year? 具有2个相等元的用户的Wordpress查询 - Wordpress query for users who have 2 equal meta CakePHP:选择拥有1个或更多帖子的用户 - CakePHP: select users who have 1 or more posts 选择已投票但从未投票的用户 - SELECT users who have downvoted but never upvoted 如何获得喜欢Facebook页面的Facebook用户 - How to get the facebook users who likes a facebook page
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM