Facebook SDK Android 中注销的工作原理
我对 facebook.logout(context) 的工作原理有点困惑。
因为即使在调用 log out 之后,我也能够访问需要 auth_token 的信息。那么这怎么可能呢?我遇到了这个话题,这让我有点困惑: https://stackoverflow.com/a/6597688/487940
阅读该答案后,这就是我的问题:那么,如果用户授予对[我的]应用程序的访问权限,如果他登录到[官方]facebook应用程序,他将始终通过身份验证?即使我尝试在[我的]应用程序中调用 facebook.logout(context),他也会登录并且我的应用程序将能够调用 Facebook API?
抱歉,我无法理解这种行为。
更新:阅读 Torid 的回复后,我对 facebook.logout() 函数感到困惑。如果不注销用户,这个功能的目的是什么?因为,我再也看不到称之为目的的目的了。它不会注销用户。
I'm a bit confused about how facebook.logout(context) works.
Because even after calling log out, I am able to get access to information that requires an auth_token. So how is that even possible? I came across this topic, which let me a bit confused: https://stackoverflow.com/a/6597688/487940
After reading that answer, this is my question: So if the user grants access to [my] application, he will always be authenticated if he is logged into the [official] facebook application? Even if I try to call facebook.logout(context) in [my] application, he will be logged in and my application will be able to make calls to Facebook API?'
Sorry, about I'm not able to understand this behavior.
UPDATE: After reading Torid's reponse, I am confused about facebook.logout() function. What is the purpose of this function if it does not log the user out? Because, I don't see the purpose of calling this purpose anymore. It doesn't log the user out.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这里发生了两个独立的事情:1)您的用户是否已向 Facebook 验证了您的应用程序(具有权限);2)您的用户是否已登录 Facebook。
用户第一次使用您的应用程序时需要进行身份验证,并持续到用户明确取消身份验证(例如通过 Facebook 网络帐户设置 -> 应用程序 -> 应用程序设置)。
每次用户启动您的应用程序时可能都需要登录。但是,如果您使用默认的 SDK Authorize(),它会尝试执行单点登录 (SSO),如果 Facebook 应用程序已登录,您的应用程序将自动登录并使用现有的访问令牌。
如果您使用 SSO,那么当您注销时,这不会产生任何影响,因为真正的注销必须注销 Facebook 应用程序 - 用户可能不喜欢这一点!
您可以通过对表单进行授权
来避免 SSO 并强制对话登录来解决此问题。当然,这会强制您的用户在每次启动应用程序时登录 - 除非您将登录详细信息/访问令牌保存在
涵盖(这就是 SDK 的作用 - 检查源代码)。
There are two independent things going on here: 1) whether your user has authenticated your app (with permissions) to Facebook and 2) whether your user is logged in to Facebook.
Authentication is required the first time your user uses your app and lasts until the user explicitly de-authenticates (e.g. through the Facebook web Account Settings -> Apps -> App Settings).
Log in may be required each time your user starts your app. But if you use the default SDK authorize(), that tries to do a Single Sign On (SSO), where if the Facebook app is logged in, your app is automatically logged in and uses the existing access token.
If you are using SSO, when you do a logout, that has no effect, as a real logout would have to log out the Facebook app - which the user might not like!
You can get around this behavior by doing an authorize of the form
which avoids SSO and forces a dialog login. Of course, that then forces your user to login each time you start your app - unless you save the login details / access token under the
covers (which is what the SDK does - check the source).