使用Facebook登录的SSO网站网络 我目前正在开发一个SSO网站网络。
它有几个网站,不幸的是它们都是独立的域,如:使用Facebook登录的SSO网站网络 我目前正在开发一个SSO网站网络。,facebook,single-sign-on,Facebook,Single Sign On,它有几个网站,不幸的是它们都是独立的域,如: 域.de domain-specials.de domain-otherthings.de 某物 我已经设法使用JSONP/Ajax创建了一个应用程序,因此当您登录到任何一个站点时,您也会登录到其他站点 现在我需要实现一个与当前SSO一起工作的“”功能 这里的问题是,一个facebook应用程序只能有一个根域可供使用,因此,如果您尝试在另一个网站上使用facebook应用程序,您通常会遇到安全错误 我尝试了Facebook客户端身份验证,当然,除
- 域.de
- domain-specials.de
- domain-otherthings.de
- 某物
API Error Code: 191
API Error Description: The specified URL is not owned by the application
我还尝试在FB.init中使用一个频道文件,该文件目前在所有网站上使用:
FB.init({
appId : '1234567890', // app id
channelUrl : 'http://www.domain.de/channel.html', // fqd-path to channel file
status : true, // check login status
cookie : true, // allow the server to access the session
xfbml : true, // parse XFBML
oauth : true // ?
});
现在我正在试验服务器端身份验证,但我仍然不确定是否有更好的方法来解决这个问题,因为它迫使我重定向到我在Facebook应用程序中使用的域。
这里的主要问题是用户流
客户端流量非常好
关于最后,我不得不创建一个小的解决方案。通过为所有登录使用指定的登录脚本,我能够将用户重定向回引用页面 此Facebook链接重定向到 [你的应用程序id]=Facebook应用程序id
[your_domain]=www.domain.com或任何您的域
[domain_id]=我用它来知道用户来自哪里
[some_hash]=Facebook用于阻止xsrf
然后我准备了一个小PHP脚本,使用apaches mod_rewrite处理传入的数据 .htaccess位于我的服务器上的fb_connect文件夹中
RewriteEngine On
RewriteRule . index.php [L]
在index.php中,我使用了如下内容
<?php
/* App-Id / Secret */
$sAppId = '1234567890';
$sAppSecret = 'sdafuh347890oqtgfuasd';
/* Domains and IDs */
$aDomains = array(
'www.domain.de' => 1,
'www.domain-name.de' => 2,
...
);
/* Save a flipped copy */
$aFlip = array_flip($aDomains);
/* Save the request uri */
$sUri = $_SERVER['REQUEST_URI'];
/* Explode the uri; facebook adds everything after the '?' */
$aParts = explode('?', $sUri);
/* Save the first part */
$sUri = $aParts[0];
/* Explode using slash */
$aParts = explode('/', $sUri);
/* This position should be the domain-id */
$iDomainId = $aParts[2];
/* get the domain name */
$sDomain = $aFlip[$iDomainId];
/* If the user authorizes the app this parameter is set */
if (!empty($_GET['code'])) {
/*
* The redirect uri is needed as a security parameter and needs to be EXACTLY
* like in the refereing URI above
*/
$sRedirectUri = 'http://www.domain.de/fb_connect/' . $iDomainId . '/';
/* Get the access token url for the user */
$sTokenUrl = 'https://graph.facebook.com/oauth/access_token?'
. 'client_id=' . $sAppId
. '&client_secret=' . $sAppSecret
. '&redirect_uri=' . urlencode($sRedirectUri)
. '&code=' . $_GET['code'];
/* Use CURL because file_get_contents() can't handle the length of the uri */
$ch = curl_init();
/* Url */
curl_setopt($ch, CURLOPT_URL, $sTokenUrl);
/* Header */
curl_setopt($ch, CURLOPT_HEADER, 0);
/* Return the response instead of echoing it */
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
/* Exec the request */
$sResponse = curl_exec($ch);
/* close CURL */
curl_close($ch);
/* Initialize the Array for the returned data */
$aParams = array();
/* From the Facebook tutorial ;D */
parse_str($sResponse, $aParams);
/* Build the URI to query the opengraph with a user token */
$sGraphUrl =
'https://graph.facebook.com/me?access_token=' . $aParams['access_token'];
/* get, decode and save the returned values */
$aUser = (array)json_decode(file_get_contents($sGraphUrl));
// You should now have the requested userdata and use it to create an account
// or whatever ;D
/* Redirect the user to the refering domain */
header('Location: http://' . $sDomain);
die;
}
/*
* If the user doesn't authorize the app, this parameter is set.
* Do whatever is needed here (logging, crying...) and redirect the user somewhere ;D
*/
if (!empty($_GET['error'])) {
header('Location: http://' . $sDomain);
die;
}
/*
* If the user deletes the app using the control panel in facebook, your script will
* recieve a ping containging this parameter. This is pretty much the same as if
* your app would run inside the facebook canvas.
*/
if (!empty($_POST['signed_request'])) {
// Decode the signed request using the facebook tutorial methods, and delete
// the user from your system :D
}
?>
这对我来说很有用。如果您有任何问题,请随时提问
应用程序配置不允许给定URL。:应用程序的设置不允许一个或多个给定URL。它必须与网站URL或画布URL匹配,或者域必须是应用程序域之一的子域。
<?php
/* App-Id / Secret */
$sAppId = '1234567890';
$sAppSecret = 'sdafuh347890oqtgfuasd';
/* Domains and IDs */
$aDomains = array(
'www.domain.de' => 1,
'www.domain-name.de' => 2,
...
);
/* Save a flipped copy */
$aFlip = array_flip($aDomains);
/* Save the request uri */
$sUri = $_SERVER['REQUEST_URI'];
/* Explode the uri; facebook adds everything after the '?' */
$aParts = explode('?', $sUri);
/* Save the first part */
$sUri = $aParts[0];
/* Explode using slash */
$aParts = explode('/', $sUri);
/* This position should be the domain-id */
$iDomainId = $aParts[2];
/* get the domain name */
$sDomain = $aFlip[$iDomainId];
/* If the user authorizes the app this parameter is set */
if (!empty($_GET['code'])) {
/*
* The redirect uri is needed as a security parameter and needs to be EXACTLY
* like in the refereing URI above
*/
$sRedirectUri = 'http://www.domain.de/fb_connect/' . $iDomainId . '/';
/* Get the access token url for the user */
$sTokenUrl = 'https://graph.facebook.com/oauth/access_token?'
. 'client_id=' . $sAppId
. '&client_secret=' . $sAppSecret
. '&redirect_uri=' . urlencode($sRedirectUri)
. '&code=' . $_GET['code'];
/* Use CURL because file_get_contents() can't handle the length of the uri */
$ch = curl_init();
/* Url */
curl_setopt($ch, CURLOPT_URL, $sTokenUrl);
/* Header */
curl_setopt($ch, CURLOPT_HEADER, 0);
/* Return the response instead of echoing it */
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
/* Exec the request */
$sResponse = curl_exec($ch);
/* close CURL */
curl_close($ch);
/* Initialize the Array for the returned data */
$aParams = array();
/* From the Facebook tutorial ;D */
parse_str($sResponse, $aParams);
/* Build the URI to query the opengraph with a user token */
$sGraphUrl =
'https://graph.facebook.com/me?access_token=' . $aParams['access_token'];
/* get, decode and save the returned values */
$aUser = (array)json_decode(file_get_contents($sGraphUrl));
// You should now have the requested userdata and use it to create an account
// or whatever ;D
/* Redirect the user to the refering domain */
header('Location: http://' . $sDomain);
die;
}
/*
* If the user doesn't authorize the app, this parameter is set.
* Do whatever is needed here (logging, crying...) and redirect the user somewhere ;D
*/
if (!empty($_GET['error'])) {
header('Location: http://' . $sDomain);
die;
}
/*
* If the user deletes the app using the control panel in facebook, your script will
* recieve a ping containging this parameter. This is pretty much the same as if
* your app would run inside the facebook canvas.
*/
if (!empty($_POST['signed_request'])) {
// Decode the signed request using the facebook tutorial methods, and delete
// the user from your system :D
}
?>