如何在iOS App中完全注销Facebook SDK Auth

时间:2017-05-21 00:51:17

标签: ios objective-c iphone swift facebook

使用FBSDKCoreKit 4.22.1

我公开安装了一个应用,在白天为多个用户提供服务。一个人可以走到iPad并使用他们的Facebook帐户登录:

enter image description here

成功登录后,可以完成他们的工作并使用应用程序,而不是他们将在稍后注销: enter image description here

Logout发生成功。然后下一个用户使用公共iPad并点击Facebook登录按钮,但他们会看到:enter image description here

FBSDKLoginManager或其他Facebook SDK Libs已经记住了之前用户Facebook登录的一些元素。

我想彻底清除有关之前用户的Facebook凭据的任何信息

成功注销后,会调用此FBSDKLoginButtonDelegate方法,我已尝试以下方法完全删除Facebook帐户信息但未成功:

func loginButtonDidLogOut(_ loginButton: FBSDKLoginButton!) {
    print("\(#function) in \(#file.components(separatedBy: "/").last ?? "")")
    print("Todo, must completely remove Facebook Auth token info for current user logging out")
    FBSDKAccessToken.setCurrent(nil)
    FBSDKLoginManager().logOut()
    FBSDKProfile.setCurrent(nil)
}

因此,使用FBSDKCoreKit 4.22.1 Safari浏览器用于打开Facebook身份验证重定向URL,Javascript使用本地存储:enter image description here

有趣的是,阻止Apple隐含的所有Cookie也会阻止网站数据(localStorage),不会阻止本地存储和Facebook,仍会创建网站数据存储: enter image description here

Apple说here

"更改接受哪些Cookie和网站数据:选择“Cookie和网站数据”选项:"

  • "始终阻止:Safari不允许任何网站,第三方或 广告商在您的Mac上存储Cookie和其他数据。这可能 阻止某些网站正常运作。"

这就是我希望阻止本地存储以及cookie的地方,但Facebook仍然可以创建本地存储条目

3 个答案:

答案 0 :(得分:3)

我有一个类似的问题,我最终使用了SDK的MODIFIED版本,这实际上非常危险,因为另一个开发人员可能不知道它已被修改..所以你需要留下一个注释..

问题:注销后,您仍然登录(在Safari中)..但只有当您使用本机登录或系统登录时,才能从应用程序本身注销Safari。超级烦人(您无法从应用程序中清除Safari的cookie或数据。)

<强>将(S):

如果您查看SDK的文档,则会显示:

// Copyright (c) 2014-present, Facebook, Inc. All rights reserved.
//
// You are hereby granted a non-exclusive, worldwide, royalty-free license to use,
// copy, modify, and distribute this software in source code or binary form for use
// in connection with the web services and APIs provided by Facebook.
//
// As with any software that integrates with the Facebook platform, your use of
// this software is subject to the Facebook Developer Principles and Policies
// [http://developers.facebook.com/policy/]. This copyright notice shall be
// included in all copies or substantial portions of the software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.




typedef NS_ENUM(NSUInteger, FBSDKLoginBehavior)
{
  /*!
   @abstract This is the default behavior, and indicates logging in through the native
   Facebook app may be used. The SDK may still use Safari instead.
   */
  FBSDKLoginBehaviorNative = 0,
  /*!
   @abstract Attempts log in through the Safari or SFSafariViewController, if available.
   */
  FBSDKLoginBehaviorBrowser,
  /*!
   @abstract Attempts log in through the Facebook account currently signed in through
   the device Settings.
   @note If the account is not available to the app (either not configured by user or
   as determined by the SDK) this behavior falls back to \c FBSDKLoginBehaviorNative.
   */
  FBSDKLoginBehaviorSystemAccount,
  /*!
   @abstract Attemps log in through a modal \c UIWebView pop up

   @note This behavior is only available to certain types of apps. Please check the Facebook
   Platform Policy to verify your app meets the restrictions.
   */
  FBSDKLoginBehaviorWeb,
};

因此,如果你使用Native但它不能,它将回退到Safari。如果您使用System但它不能,它会回退到Native,它会回退到Safari ..

然后是FBSDKLoginBehaviorWeb,它使用模态web-view / popup!因此,如果您不必使用本机或系统登录,那么我建议您选择此选项,因为它不会回溯到Safari。

,否则: 这是我改变的地方,因此它永远不会在后台使用Safari:

FBLoginSDKManager.m:

- (void)logInWithBehavior:(FBSDKLoginBehavior)loginBehavior
{
  NSDictionary *loginParams = [self logInParametersWithPermissions:_requestedPermissions];

  void(^completion)(BOOL, NSString *, NSError *) = ^void(BOOL didPerformLogIn, NSString *authMethod, NSError *error) {
    if (didPerformLogIn) {
      [_logger startAuthMethod:authMethod];
      _performingLogIn = YES;
    } else {
      if (!error) {
        error = [NSError errorWithDomain:FBSDKLoginErrorDomain code:FBSDKLoginUnknownErrorCode userInfo:nil];
      }
      [self invokeHandler:nil error:error];
    }
  };

  switch (loginBehavior) {
    case FBSDKLoginBehaviorNative: {
      if ([FBSDKInternalUtility isFacebookAppInstalled]) {
        [FBSDKServerConfigurationManager loadServerConfigurationWithCompletionBlock:^(FBSDKServerConfiguration *serverConfiguration, NSError *loadError) {
          BOOL useNativeDialog = [serverConfiguration useNativeDialogForDialogName:FBSDKDialogConfigurationNameLogin];
          if (useNativeDialog && loadError == nil) {
            [self performNativeLogInWithParameters:loginParams handler:^(BOOL openedURL, NSError *openedURLError) {
              if (openedURLError) {
                [FBSDKLogger singleShotLogEntry:FBSDKLoggingBehaviorDeveloperErrors
                                   formatString:@"FBSDKLoginBehaviorNative failed : %@\nTrying FBSDKLoginBehaviorBrowser", openedURLError];
              }
              if (openedURL) {
                completion(YES, FBSDKLoginManagerLoggerAuthMethod_Native, openedURLError);
              } else {
                [self logInWithBehavior:FBSDKLoginBehaviorWeb];  //-- CHANGED BY BRANDON T.
              }
            }];
          } else {
            [self logInWithBehavior:FBSDKLoginBehaviorWeb];  //-- CHANGED BY BRANDON T.
          }
        }];
        break;
      }
        // intentional fall through.  -- CHANGED BY BRANDON T.
        [self logInWithBehavior:FBSDKLoginBehaviorWeb];  //-- CHANGED BY BRANDON T.
        break;
    }
    case FBSDKLoginBehaviorBrowser: {
      [self performBrowserLogInWithParameters:loginParams handler:^(BOOL openedURL,
                                                                    NSString *authMethod,
                                                                    NSError *openedURLError) {
        if (openedURL) {
          completion(YES, authMethod, openedURLError);
        } else {
          completion(NO, authMethod, openedURLError);
        }
      }];
      break;
    }
    case FBSDKLoginBehaviorSystemAccount: {
      [FBSDKServerConfigurationManager loadServerConfigurationWithCompletionBlock:^(FBSDKServerConfiguration *serverConfiguration, NSError *loadError) {
        if (serverConfiguration.isSystemAuthenticationEnabled && loadError == nil) {
          [self beginSystemLogIn];
        } else {
          [self logInWithBehavior:FBSDKLoginBehaviorNative];
        }
      }];
      completion(YES, FBSDKLoginManagerLoggerAuthMethod_System, nil);
      break;
    }
    case FBSDKLoginBehaviorWeb:
      [self performWebLogInWithParameters:loginParams handler:^(BOOL openedURL, NSError *openedURLError) {
        completion(openedURL, FBSDKLoginManagerLoggerAuthMethod_Webview, openedURLError);
      }];
      break;
  }
}

这使得所有本机登录或系统登录都将回退到模态应用程序UIWebView。然后你可以在注销时清除cookie,你会没事的。退出后删除所有NSHTTPCookieStorage.sharedHTTPCookieStorage().cookiesNSURLCache.sharedURLCache().removeAllCachedResponses()

明显最安全的选择是永远不要使用系统或本地登录,而是始终使用:FBSDKLoginBehaviorWeb ..

答案 1 :(得分:1)

我可以通过将FBSDKLoginBehavior更改为网络来解决此问题,请参阅此处:https://stackoverflow.com/a/44101753/1258525

答案 2 :(得分:0)

在这里,我正在描述用户如何使用Facebook本机应用程序从您的应用程序注销: https://stackoverflow.com/a/51039251/5093900

相关问题
最新问题