0

I'm developing an app in which users log with their Facebook account, but only the Facebook profiles that the system administrator have previously entered.

In other words, the system admin enters a bunch of Facebook profiles, and when the user tries to log into my app, the system checks if there's a record for that Facebook profile.

I used to do this using the user's Facebook username, because the admin could get that information easily from a Facebook profile's URL, and Facebook provided that username when the user logged in. This is not possible anymore with Graph API 2.0, because Facebook does not provide the username field anymore.

So do you guys have any suggestion on how the system administrator could easily identify users, so they would be granted access in my app?

4

1 回答 1

0

@WizKid 是对的,使用用户的电子邮件是最好的方法。任何用户都可以登录,但是您可以构建一个检查以查看该用户的电子邮件是否在您的“预先批准”列表中。

要获取用户的电子邮件地址,您需要使用scope参数在登录对话框中向他们询问。在 JS SDK 中,它看起来像这样:

FB.login(function (response) {
  // handle response

}, { scope: "email" }); // <<< the important bit

注意:使用新的 Graph 2.0 登录对话框,用户可以通过在对话框的“编辑您提供的信息”部分中取消选中来选择不提供他们的电子邮件地址。因此,您需要仔细检查用户是否确实提供了他们的电子邮件地址。

于 2014-06-26T06:30:15.720 回答