I'm writing an iPhone app which works against my own server.
Basically, it's a forum where users can post. I don't want users to sign-in for an account on my server but I rather prefer them to login using any existing account they have: Facebook, Linkedin, Foursquare, etc. So from the app itself, I want them to be able to login using their existing account which will then allow them to post on the forum.
My question is that: when a user is posting a message, how can I verify whether or not he is logged in with any service? I need to validate it both on the client and server side. I plan on writing the server side using PHP.
Thanks
See this question for a similar discussion (just limited to Facebook sign on). Here's a high-level overview of what should happen (taken from that discussion I linked to):
access token
.session key
to your app.session key
is used for all further communication between your app and your server until the user logs out. On the phone, you're going to want some OAuth library to allow users to authenticate with another service. You'll probably want to use the Facebook iOS SDK to allow them to use Facebook and use one of the suggested OAuth libraries here for your other authentication services. I have only used the Facebook SDK, so I can't speak as to the general OAuth libraries.
Once logged in, the phone should not store the access token
, only the session key
.
Assuming that users can use more than one service to access their account, you will also want some way of connecting two services to the same user (probably by email address).
It's up to you to decide how your app and your server communicate. I'd go for a JSON+REST API for communications with the server.
I was exploring if better/easy to use/implement options exist in 2020 using third party libraries to allow login with social accounts. And found two options:
AuthorizeMe supports:
plus custom providers
Auth0 supports:
and custom providers as well
Disclaimer: I am not affiliated with Auth0 or AuthorizeMe.
Another option to get your users to login using multiple services is Socialize (www.getsocialize.com). It's an open source SDK that manages your users and authentication so you don't have to implement all the steps that cbrauchli has outlined above.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.