如何动态指定 OmniAuth 要求的 Facebook 权限(又名范围)?
这个问题类似于 使用 OmniAuth 时,如何指定用户 Facebook 帐户需要哪些访问权限?,但有一个警告。
我正在使用 OmniAuth 在我的网站上授权 Facebook 用户。对于常规登录/注册,可以向用户询问标准 Facebook 权限。但我的网站上有一个功能需要扩展权限(访问他们的 Facebook 照片)。我只想在用户使用我们网站的 Facebook 照片功能时请求扩展权限。
我在网上找到的关于如何为 Omniauth 设置 facebook 权限的所有答案都只需在 OmniAuth 初始值设定项中添加范围选项,如下所示:
ActionController::Dispatcher.middleware.use OmniAuth::Strategies::Facebook, 'app_id', 'app_secret', {:scope => 'email,offline_access,the,scope,you,want}
但我需要动态定义范围,以便仅当用户使用照片功能时他们会被要求提供照片权限,但如果他们只是第一次登录或注册,则不会。
有人知道该怎么做吗?提前致谢。
This question is similar to How can I specifiy what access I need from my user's Facebook accounts when using OmniAuth? but has a caveat.
I'm using OmniAuth to authorize Facebook users on my website. For regular login/registration, asking the user for standard Facebook permissions are acceptable. But there is a feature on my site that requires extended permissions (access to their Facebook photos). I want to only ask for the extended permissions for users when/if they use our site's Facebook photo feature.
All answers I've found on the web on how to set facebook permissions for omniauth deal with just adding a scope option in your OmniAuth initializer, like so:
ActionController::Dispatcher.middleware.use OmniAuth::Strategies::Facebook, 'app_id', 'app_secret', {:scope => 'email,offline_access,the,scope,you,want}
But I need to define the scope dynamically, so that only when users use the photo feature they get asked for the photo permissions, but not if they are just logging in or registering for the first time.
Anyone know how to do this? Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可能已经找到了解决这个问题的方法,但我想我应该为那些仍在寻求解决这个问题的人提供帮助。我的解决方案允许您预先请求尽可能少的 Facebook 权限,然后在您的应用程序需要时动态请求它们。
http://www.mikepackdev.com/blog_posts/2-Dynamically-Requesting- Facebook-Permissions-with-OmniAuth
希望这有帮助!
You may have figured out a solution to this problem already but I figured I'd chime in for those still looking to solve this. My solution allows you to request as little Facebook permissions as possible up front, and then dynamically request them as your app needs them.
http://www.mikepackdev.com/blog_posts/2-Dynamically-Requesting-Facebook-Permissions-with-OmniAuth
Hope this helps!
看起来他们正在将其添加到 Omniauth,但它仍处于测试阶段。
您向提供程序添加一个
,然后创建一个方法,在其中动态设置所需的选项(凭据/范围)。
https://github.com/intridea/omniauth/wiki/Setup-Phase
https://github.com/intridea/omniauth/wiki/Dynamic-Providers
It looks like they're adding that to Omniauth, but it's still in beta.
You add a
to your provider and then create a method where you dynamically sets the options (credentials/scope) you need.
https://github.com/intridea/omniauth/wiki/Setup-Phase
https://github.com/intridea/omniauth/wiki/Dynamic-Providers
我认为你不能正确地做到这一点。因为您无法确定您的用户仅使用照片功能。您的用户可以访问应用程序照片功能和其他功能的所有部分。当用户登录并从照片功能切换到其他功能时,您无法要求其重新登录。访问此其他功能。
所有用户都不会真正检查他们授权的访问类型,因此不必担心大量权限请求。
I think you can't do that properly. Because you can't be sure your user use only the photo feature. You user can access to all part of you application photo feature and other feature. When the user is logged and switch from your photo feature to other feature, you can't ask it to re-logged. to access this other feature.
All user don't really check what kind of access their authorize, so don't worry about a lot of permission asking.