javascript Facebook Connect 用于具有多个域的一个应用程序?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4431574/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Facebook Connect for one application with multiple domains?
提问by Ofirov
I'm implementing a plug-in that's embeddable in different sites (a la Meebo, Wibiya), and I want to use Facebook Connect. The plug-in is supposed to be embeddable in sites with different domain names. Problem is, Facebook connect allows only one domain per application you register.
我正在实施一个可嵌入不同站点(如 la Meebo、Wibiya)的插件,并且我想使用 Facebook Connect。该插件应该可以嵌入到具有不同域名的站点中。问题是,Facebook connect 只允许您注册的每个应用程序一个域。
The question is, how can I have multiple domains for a single Facebook application, assuming:
问题是,假设我如何为单个 Facebook 应用程序拥有多个域:
When users "Allow" the application on one site, they won't have to "Allow" it on other sites as well.
Preferably, after the initial log-in, users won't see a pop-up opening on every site they log-in to (i.e. - I'd rather not open a link to my domain and do the log-in process from there).
当用户在一个站点上“允许”应用程序时,他们也不必在其他站点上“允许”它。
最好,在初始登录后,用户不会在他们登录的每个站点上看到弹出窗口(即 - 我宁愿不打开指向我的域的链接并从那里进行登录过程)。
Is there anyway of doing that?
If not, is my only option is to manage all the log-ins from a single domain and pass the cookies back to the original domains?
And if I pass the cookies between domains, how can I be sure that Facebook won't block this kind of behavior in the future?
反正有这样做吗?
如果没有,我唯一的选择是管理来自单个域的所有登录并将 cookie 传递回原始域吗?
如果我在域之间传递 cookie,我如何确保 Facebook 将来不会阻止这种行为?
I'd appreciate any suggestions, though I'd prefer an official solution over hacks, if at all possible.
我很感激任何建议,但如果可能的话,我更喜欢官方解决方案而不是黑客攻击。
采纳答案by Ross
Im assuming you are using facebook.php by Naitik Shah? Your widget would need to be on every page of course and include the async script connect-js. I am currently developing a facebook login based application myself.
我假设您正在使用 Naitik Shah 的 facebook.php?您的小部件当然需要在每个页面上,并包含异步脚本 connect-js。我目前正在自己开发一个基于 facebook 登录的应用程序。
I would say the best solution is too login through your own domain and pass the cookie. Your app/widget will be the only one they allow to share information with. Nothing should be different in operation from a single page solution. I envisage a PHP plugin which executes a login from an outside domain and passes through the cookie to the site via the widget. return the cookie securely how you wish (except for something dodgy like storing it in a div and retrieving it..or something a hacker could try to spoof). the site will then use the cookie for account and user id purposes and the widget will control all login actions and session finding using the async script (but routed through a different domain).
我会说最好的解决方案是通过您自己的域登录并传递 cookie。您的应用程序/小部件将是他们唯一允许与之共享信息的应用程序/小部件。操作上应该与单页解决方案没有什么不同。我设想了一个 PHP 插件,它从外部域执行登录,并通过小部件将 cookie 传递到站点。以您希望的方式安全地返回 cookie(除了一些狡猾的东西,比如将它存储在一个 div 中并检索它......或者黑客可能试图欺骗的东西)。然后,站点将使用 cookie 用于帐户和用户 ID,并且小部件将使用异步脚本(但通过不同的域路由)控制所有登录操作和会话查找。
Sorry I can't be more help but this is the only solution I can think of, and it seems you have already anyway.
抱歉,我无法提供更多帮助,但这是我能想到的唯一解决方案,而且您似乎已经有了。
In terms of keeping session control across different domains you only need the 3rd party cookie to be active. Once your page is activated for your domain you will already have the cookie for that domain if you haven't logged out or it hasn't expired. A benefit of using an outside management domain.
在跨不同域保持会话控制方面,您只需要激活第 3 方 cookie。为您的域激活页面后,如果您尚未注销或未过期,您将拥有该域的 cookie。使用外部管理域的好处。
It would seem this is also the most reliable way compared to any successful hack for multiple domains, because I would see fb and Oauth2.0 as being ok with an approved party sharing info (cookies) to another party approved by the approved party. But.. It could be problematic if they think the user will have privacy issues, because you could potentially share the cookie on any site without the users permission. So you have to be careful about notifying the user about all the sites they will be auto logged into and treating them with respect.
与针对多个域的任何成功黑客相比,这似乎也是最可靠的方法,因为我认为 fb 和 Oauth2.0 可以与被批准方共享信息(cookies)给被批准方批准的另一方。但是.. 如果他们认为用户会有隐私问题,那可能会出现问题,因为您可能会在未经用户许可的情况下在任何站点上共享 cookie。因此,您必须小心通知用户他们将自动登录的所有站点并尊重他们。
Good luck with it, hope you let us know how it goes.
祝你好运,希望你告诉我们进展如何。
回答by Mukaddes
There is easy and clean technique -> Single Sign On (SSO). You can search on about it.
有一种简单而干净的技术 -> 单点登录 (SSO)。你可以搜索一下。
