The idea behind Facebook login is simple: The user goes to the Facebook page, logs in there, Facebook worries about the details and eventually just gives you (your server) a thumbs up and an id, meaning "we have positively confirmed the identity of this user, it's user 174264384". Your server is then free to do whatever it likes with this information. If you want to track a user across several visits then yes, you'll probably want to store that number in a database together with any additional information. The next time Facebook tells you user 174264384 has logged in, you can get any associated information back out of your database.

Facebook 登录背后的想法很简单：用户转到 Facebook 页面，在那里登录，Facebook 担心细节，最终只给你（你的服务器）一个竖起大拇指和一个 id，意思是“我们已经肯定地确认了这个用户，是用户 174264384"。然后，您的服务器可以随意使用此信息执行任何操作。如果您想在多次访问中跟踪用户，那么是的，您可能希望将该数字与任何其他信息一起存储在数据库中。下次 Facebook 告诉您用户 174264384 已登录时，您可以从数据库中取回任何相关信息。

Hope that helps as a 30,000 feet overview. The details of how Facebook can securely authenticate a user and hand this information back to your server are best handled by the PHP SDK. Read the documentationif you want to explore the details.

希望作为 30,000 英尺的概述有所帮助。有关 Facebook 如何安全地验证用户并将此信息返回给您的服务器的详细信息，最好由PHP SDK处理。如果您想探索详细信息，请阅读文档。

OpenID basically does the same thing, only the technical details differ and it's not specific to Facebook. Oauth is another very similar technology.

OpenID 基本上做同样的事情，只是技术细节不同，它不是 Facebook 特有的。Oauth 是另一种非常相似的技术。

There is an official Facebook tutorial on how to do this with JS:

有一个关于如何使用 JS 执行此操作的官方 Facebook 教程：

Official Facebook Tutorial

官方 Facebook 教程

I thought it will helpful to you, if you want to use javascript sdk for this please copy this code :

我认为它会对您有所帮助，如果您想为此使用 javascript sdk，请复制此代码：

<DOCTYPE html>

<html>

<head>

<title>Facebook Login JavaScript Example</title>

<meta charset=”UTF-8″>

</head>

<body>

<script>

// This is called with the results from from FB.getLoginStatus().

function statusChangeCallback(response) {

console.log(‘statusChangeCallback');

console.log(response);

// The response object is returned with a status field that lets the

// app know the current login status of the person.

// Full docs on the response object can be found in the documentation

// for FB.getLoginStatus().

if (response.status === ‘connected') {

// Logged into your app and Facebook.

testAPI();

} else if (response.status === ‘not_authorized') {

// The person is logged into Facebook, but not your app.

document.getElementById(‘status').innerHTML = ‘Please log ‘ +

‘into this app.';

} else {

// The person is not logged into Facebook, so we're not sure if

// they are logged into this app or not.

document.getElementById(‘status').innerHTML = ‘Please log ‘ +

‘into Facebook.';

}

}
// This function is called when someone finishes with the Login

// Button. See the onlogin handler attached to it in the sample

// code below.

function checkLoginState() {

FB.getLoginStatus(function(response) {

statusChangeCallback(response);

});

}
window.fbAsyncInit = function() {

FB.init({

appId : ‘{your-app-id}',// plaste your app id

cookie : true, // enable cookies to allow the server to access

// the session

xfbml : true, // parse social plugins on this page

version : ‘v2.1′ // use version 2.1

});

// These three cases are handled in the callback function.
FB.getLoginStatus(function(response) {

statusChangeCallback(response);

});
};
// Load the SDK asynchronously

(function(d, s, id) {

var js, fjs = d.getElementsByTagName(s)[0];

if (d.getElementById(id)) return;

js = d.createElement(s); js.id = id;

js.src = “//connect.facebook.net/en_US/sdk.js”;

fjs.parentNode.insertBefore(js, fjs);

}(document, ‘script', ‘facebook-jssdk'));
// Here we run a very simple test of the Graph API after login is

// successful. See statusChangeCallback() for when this call is made.

function testAPI() {

console.log(‘Welcome! Fetching your information…. ‘);

FB.api(‘/me', function(response) {

console.log(‘Successful login for: ‘ + response.name);

document.getElementById(‘status').innerHTML =

‘Thanks for logging in, ‘ + response.name + ‘!';

});

}

</script>

<fb:login-button scope=”public_profile,email” onlogin=”checkLoginState();”>

</fb:login-button>
<div id=”status”>

</div>
</body>

</html>

I found the script from a useful tutorial, If you are thinking about editing this answer please see this tutorial Facebook Login Integration with website

我从一个有用的教程中找到了脚本，如果您正在考虑编辑此答案，请参阅本教程Facebook 登录与网站集成

This type of technology (called OpenConnect, if I'm not mistaken, and they are switching to OAuth) is somewhat the same with OpenID.

这种类型的技术（称为 OpenConnect，如果我没记错的话，他们正在切换到 OAuth）与 OpenID 有点相同。

Google, indeed, uses openID, and I am not really sure of how they work.

谷歌确实使用了 openID，我不太确定它们是如何工作的。

For FacebookConnect, you register your app with facebook ( https://developers.facebook.com/apps) and you will find details about auth https://developers.facebook.com/docs/authentication/here.

对于 FacebookConnect，您在 facebook ( https://developers.facebook.com/apps) 上注册您的应用程序，您将在https://developers.facebook.com/docs/authentication/此处找到有关身份验证的详细信息。

The idea is that you are going to get a authorization code that you send back to facebook and get an access_token which means your user is authed with your website. You can store this in a $_SESSION var I think... There is no need to store anything to DB, but in your particular setup you can use the userID as the unique user identifier.

这个想法是您将获得一个授权代码，您将其发送回 Facebook 并获得一个 access_token，这意味着您的用户已通过您的网站进行身份验证。您可以将其存储在 $_SESSION 变量中，我认为...无需将任何内容存储到 DB，但在您的特定设置中，您可以使用 userID 作为唯一的用户标识符。

Create MySQL Table

创建 MySQL 表

CREATE TABLE `user_login` (
 `id` int(11) NOT NULL AUTO_INCREMENT,
 `oauth_provider` enum('google','facebook') COLLATE utf8_unicode_ci NOT NULL,
 `oauth_uid` varchar(100) COLLATE utf8_unicode_ci NOT NULL,
 `username` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
 `user_email` varchar(100) COLLATE utf8_unicode_ci NOT NULL,
 `gender` varchar(10) COLLATE utf8_unicode_ci NOT NULL,
 `picture_url` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
 `register_date` datetime NOT NULL,
 `last_update_date` datetime NOT NULL,
 PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

View Demo code https://datainflow.com/facebook-login-javascript-sdk/

查看演示代码 https://datainflow.com/facebook-login-javascript-sdk/

Before Outh/OpenID we use to ask user on our website to give there username and password for respected site like facebook , google . Then using Curl we fetch the data from these social sites on behalf of our user . Then this data becomes the source of our Registration form data .Like asking for his name , email , gender in registration form can be skip-ed .

在 Outh/OpenID 之前，我们会要求我们网站上的用户提供 facebook、google 等受人尊敬的网站的用户名和密码。然后使用 Curl 我们代表我们的用户从这些社交网站获取数据。那么这个数据就成为我们注册表数据的来源。比如在注册表中询问他的姓名，电子邮件，性别可以跳过。

Since user might fear giving there username and password to every site hence there comes a need of Outh . Now we simply redirect the user to facebook , facebook asks for user password . And redirects the user back to our site with auth token appended on url . Which we can get access through $_GET . Using this token we can query facebook for everthing related to that user and hence can skip registration form once again. This data gets stored in table which was meant for Registration Form fields storage .

由于用户可能害怕将用户名和密码提供给每个站点，因此需要 Outh 。现在我们简单地将用户重定向到 facebook，facebook 要求输入用户密码。并将用户重定向回我们的网站，并在 url 上附加身份验证令牌。我们可以通过 $_GET 访问。使用这个令牌，我们可以查询 facebook 与该用户相关的所有内容，因此可以再次跳过注册表。该数据存储在用于注册表字段存储的表中。

(This is just an overview there are other steps as-well to take care off )

（这只是一个概述，还有其他步骤需要注意）