受限登入常見問題
In response to the upcoming changes to ATT enforcement, we made changes to the iOS SDK and the SDK no longer provides valid user access tokens in scenarios where the user opts out of ATT. The access token validation or Graph API requests may throw errors like OAuthException - “Invalid OAuth access token - Cannot parse access token”. Our recommendation is that users integrate Limited Login following the official documentation:
When users opt out of ATT, all Facebook Login traffic will be performed on the Limited Login domain. Limited Login does not support business permissions. Our recommendation is that developers integrate Limited Login following the official documentation. See limited login supported permissions in this document.
When users opt out of ATT, all Facebook Login traffic will be performed on the limited login domain via the in-app browser. Limited Login does not support fast app switch (that is, redirecting to fb app to login). See limitations section of the Limited Login for iOS document.
Please see the official documentation, Validating the Limited Login OIDC Token.
Please see key considerations for user_friends with Limited Login in the Permissions in Limited Login document.
We made changes both to the iOS SDK and our core login systems to support the privacy manifest requirements based on the upcoming App Transparency Tracking enforcement so that iOS users who have opted out of ATT are able to use FBLogin. As a result, we do not plan to release the privacy manifest as part of a minor update.
執行受限登入時,系統會驗證用戶的身份,並填充身份驗證憑證的共享實例。身份驗證調用的其他資料將用於填充共享用戶個人檔案實例的基本欄位。
由於沒有存取權限,圖表要求將會失敗。如要獲取存取權限,請重新使用傳統的登入方法(預設啟用追蹤功能),或使用已指明啟用追蹤功能的配置調用 FBSDKLoginManagerlogInFromViewController:configuration:completion:。請注意,執行此操作時,系統將會追蹤用戶。
您需要一個存取憑證。請重新使用傳統的登入方法(預設啟用追蹤功能),或使用已指明啟用追蹤功能的配置調用 FBSDKLoginManagerlogInFromViewController:configuration:completion:。這將讓您獲得可用於 Graph API 調用的存取憑證。請注意,執行此操作時,系統將會追蹤用戶。
When you use Limited Login to request user_friends from a user, we provide you with a list of app scoped IDs (ASIDs) associated with the friends of the authorizing user, if the friends have also granted your app the user_friends permission. Depending on how you have implemented Limited Login, some of the ASIDs on this list may represent other users that have connected to your app using Limited Login. To ensure that Limited Login safeguards are maintained for such users, do not make Graph API calls using their ASIDs. Instead, continue to rely on Limited Login for these users.
是。登入按鈕新增了兩個公開屬性:
loginTracking:可用於獲取或設定嘗試登入時的追蹤偏好設定。此項目將預設為.enabled。nonce:可用於獲取或設定嘗試登入時所用的選用 nonce。有效的 nonce 必須為沒有空格的非空白字串。請注意:系統不會設定無效的 nonce。在這種情況下,系統會為登入嘗試使用預設的不重複 nounce。
從用戶角度來看,登出方式不會有任何變更。事實上,它會將現時的 AuthenticationToken、AccessToken 和 Profile 設定為 nil。
受限登入目前並不適用於 tvOS。
在預設情况下,現有的已登入用戶將繼續配對至傳統登入模式。只有新用戶或已登出用戶才可為受限登入模式執行初始化。
否,受限登入旗幟僅會針對特定裝置。
否,fb_login_id 在受限登入模式下仍然存在。在受限登入模式下,它是用於交換 OIDC 憑證的用戶存取憑證(獨立實體)。
Yes, but this will require the use of an app access token to request the token_for_business field on the User node. Limited Login safeguards are not supported in this context. For apps that are associated with your business by means of Business Manager, you can use the app-scoped ID (ASID) included in the OIDC token returned after a successful login to get a unique string for a user. Using your app's app access token, request the token_for_business field on the User node and pass in the user's app-scoped ID. This call returns a string which is the same for this user across all the apps managed by the same Business Manager.
GET /ASID?fields=token_for_business
This returns the values.
{
"id": "1234567890"
"token_for_business": "weg23ro87gfewblwjef"
}Usage notes:
- The person being queried must have logged into this app.
- If the owning business changes, the value of
token_for_businesswill also change - If you request the
token_for_businessfield and the app is not associated with a Business Manager, the call returns an error. - The value returned by
token_for_businessis a token, not an ID - it cannot be used directly against the Graph API to access a person's information. You should still store the ID in your database.