官方登录文档:
https://developers.facebook.com/docs/facebook-login
官方最佳实践:
https://developers.facebook.com/docs/facebook-login/best-practices
授权登录流程:
校验 token 结果 :
{
"data": {
"app_id": "746492673568696",
"type": "USER",
"application": "shop",
"data_access_expires_at": 1594896505,
"expires_at": 1587124800,
"is_valid": true,
"scopes": [
"user_birthday",
"user_likes",
"user_photos",
"user_friends",
"user_status",
"email",
"public_profile"
],
"user_id": "110029804771531"
}
}权限:请求 email 或 public_profile 之外的权限,则必须提交应用以接受应用审核,以便 Facebook 确认该应用以预期方式使用数据并保护用户隐私。
email 权限字段:
email
public_profile 默认公开字段:
-
id -
first_name -
last_name -
middle_name -
name -
name_format -
picture -
short_name
官方登录文档:
https://developer.apple.com/cn/sign-in-with-apple/get-started/
授权登录流程:目前与 facebook 基本一致,可参考 苹果后端验证
校验 code 结果 :
{
"access_token":"a0996b16cfb674c0eb0d29194c880455b.0.nsww.5fi5MVC-i3AVNhddrNg7Qw",
"token_type":"Bearer",
"expires_in":3600,
"refresh_token":"r9ee922f1c8b048208037f78cd7dfc91a.0.nsww.KlV2TeFlTr7YDdZ0KtvEQQ",
"id_token":"eyJraWQiOiJBSURPUEsxIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnNreW1pbmcuYXBwbGVsb2dpbmRlbW8iLCJleHAiOjE1NjU2NjU1OTQsImlhdCI6MTU2NTY2NDk5NCwic3ViIjoiMDAwMjY2LmRiZTg2NWIwYWE3MjRlMWM4ODM5MDIwOWI5YzdkNjk1LjAyNTYiLCJhdF9oYXNoIjoiR0ZmODhlX1ptc0pqQ2VkZzJXem85ZyIsImF1dGhfdGltZSI6MTU2NTY2NDk2M30.J6XFWmbr0a1hkJszAKM2wevJF57yZt-MoyZNI9QF76dHfJvAmFO9_RP9-tz4pN4ua3BuSJpUbwzT2xFD_rBjsNWkU-ZhuSAONdAnCtK2Vbc2AYEH9n7lB2PnOE1mX5HwY-dI9dqS9AdU4S_CjzTGnvFqC9H5pt6LVoCF4N9dFfQnh2w7jQrjTic_JvbgJT5m7vLzRx-eRnlxQIifEsHDbudzi3yg7XC9OL9QBiTyHdCQvRdsyRLrewJT6QZmi6kEWrV9E21WPC6qJMsaIfGik44UgPOnNnjdxKPzxUAa-Lo1HAzvHcAX5i047T01ltqvHbtsJEZxAB6okmwco78JQA"
}其中id_token是一个JWT,其中claims中的sub就是授权的用户唯一标识,与客户端传过来的 openid 进行对比,判断是否是同一用户,若是同一用户,则第三方授权成功,进入 登录/注册逻辑。主要内容包括:
iss
The issuer registered claim identifies the principal that issued the identity token. Since Apple generates the token, the value is https://appleid.apple.com.
sub(user_id)
The subject registered claim identifies the principal that’s the subject of the identity token. Since this token is meant for your application, the value is the unique identifier for the user.
aud
The audience registered claim identifies the recipient for which the identity token is intended. Since the token is meant for your application, the value is the client_id from your developer account.
iat
The issued at registered claim indicates the time at which Apple issued the identity token, in terms of the number of seconds since Epoch, in UTC.
exp
The expiration time registered identifies the time on or after which the identity token expires, in terms of number of seconds since Epoch, in UTC. The value must be greater than the current date/time when verifying the token.
nonce
A String value used to associate a client session and the identity token. This value mitigates replay attacks and is present only if passed during the authorization request.
nonce_supported
A Boolean value that indicates whether the transaction is on a nonce-supported platform. If you sent a nonce in the authorization request but don’t see the nonce claim in the identity token, check this claim to determine how to proceed. If this claim returns true, you should treat nonce as mandatory and fail the transaction; otherwise, you can proceed treating the nonce as options.
email
A String value representing the user’s email address. The email address is either the user’s real email address or the proxy address, depending on their status private email relay service.
email_verified
A String or Boolean value that indicates whether the service has verified the email. The value of this claim is always true, because the servers only return verified email addresses. The value can either be a String (”true”) or a Boolean (true).
is_private_email
A String or Boolean value that indicates whether the email shared by the user is the proxy address. The value can either be a String (”true” or “false”) or a Boolean (true or false).
real_user_status
An Integer value that indicates whether the user appears to be a real person. Use the value of this claim to mitigate fraud. The possible values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal). For more information, see ASUserDetectionStatus. This claim is present only on iOS 14 and later, macOS 11 and later, watchOS 7 and later, tvOS 14 and later; the claim isn’t present or supported for web-based apps.
transfer_sub
A String value representing the transfer identifier used to migrate users to your team. This claim is present only during the 60-day transfer period after an you transfer an app. For more information, see Bringing New Apps and Users into Your Team.
官方登录文档:
https://developer.twitter.com/en/docs/authentication/oauth-1-0a/obtaining-user-access-tokens
参考文章:
https://www.jianshu.com/p/ca725b19776b
https://blog.csdn.net/love2377/article/details/80014552
授权登录流程:
-
POST oauth/request_token:客户端(SDK)发送请求
只列举重要参数,详情请参考上面链接 请求参数: oauth_callback="https%3A%2F%2FyourCallbackUrl.com" oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w" 返回响应: oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0 oauth_token_secret=veNRnAWe6inFuo8o2u8SLLZLjolYDmDP7SzL0YfYI oauth_callback_confirmed=true
-
GET oauth/authorize: 拿到步骤一的返回值后,请求服务端,服务端发起请求,并重定向到对应地址
1.示例重定向地址:https://api.twitter.com/oauth/authorize?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0,进行登录/授权 2.登录/授权成功后,会回调步骤一设置的回调地址,示例请求为 https://yourCallbackUrl.com?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0&oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY
-
POST oauth/access_token:客户端拿到步骤二的相应后,请求服务端。服务端请求 twitter 服务,获取用户 access_token
示例请求: POST /oauth/access_token oauth_consumer_key=cChZNFj6T5R0TigYB9yd1w oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0 oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY
-
GET account/verify_credentials:服务端获取 access_token 后,调用 twitter 接口,验证用户信息。参考文章:https://stackoverflow.com/questions/38741323/using-twitter-oauth-echo-for-verify-credential-how-can-i-get-email
https://api.twitter.com/1/account/verify_credentials.json? oauth_consumer_key=XXX&oauth_nonce=XXX& oauth_signature_method=HMAC-SHA1& oauth_token=XXX& oauth_timestamp=123456789& oauth_version=1.0& oauth_signature=YYY
验证结果:
{ "contributors_enabled": true, "created_at": "Sat May 09 17:58:22 +0000 2009", "default_profile": false, "default_profile_image": false, "description": "I taught your phone that thing you like. The Mobile Partner Engineer @Twitter. ", "favourites_count": 588, "follow_request_sent": null, "followers_count": 10625, "following": null, "friends_count": 1181, "geo_enabled": true, "id": 38895958, "id_str": "38895958", "is_translator": false, "lang": "en", "listed_count": 190, "location": "San Francisco", "name": "Sean Cook", "notifications": null, "profile_background_color": "1A1B1F", "profile_background_image_url": "http://a0.twimg.com/profile_background_images/495742332/purty_wood.png", "profile_background_image_url_https": "https://si0.twimg.com/profile_background_images/495742332/purty_wood.png", "profile_background_tile": true, "profile_image_url": "http://a0.twimg.com/profile_images/1751506047/dead_sexy_normal.JPG", "profile_image_url_https": "https://si0.twimg.com/profile_images/1751506047/dead_sexy_normal.JPG", "profile_link_color": "2FC2EF", "profile_sidebar_border_color": "181A1E", "profile_sidebar_fill_color": "252429", "profile_text_color": "666666", "profile_use_background_image": true, "protected": false, "screen_name": "theSeanCook", "show_all_inline_media": true, "status": { "contributors": null, "coordinates": { "coordinates": [ -122.45037293, 37.76484123 ], "type": "Point" }, "created_at": "Tue Aug 28 05:44:24 +0000 2012", "favorited": false, "geo": { "coordinates": [ 37.76484123, -122.45037293 ], "type": "Point" }, "id": 240323931419062272, "id_str": "240323931419062272", "in_reply_to_screen_name": "messl", "in_reply_to_status_id": 240316959173009410, "in_reply_to_status_id_str": "240316959173009410", "in_reply_to_user_id": 18707866, "in_reply_to_user_id_str": "18707866", "place": { "attributes": {}, "bounding_box": { "coordinates": [ [ [ -122.45778216, 37.75932999 ], [ -122.44248216, 37.75932999 ], [ -122.44248216, 37.76752899 ], [ -122.45778216, 37.76752899 ] ] ], "type": "Polygon" }, "country": "United States", "country_code": "US", "full_name": "Ashbury Heights, San Francisco", "id": "866269c983527d5a", "name": "Ashbury Heights", "place_type": "neighborhood", "url": "http://api.twitter.com/1/geo/id/866269c983527d5a.json" }, "retweet_count": 0, "retweeted": false, "source": "Twitter for iPhone", "text": "@messl congrats! So happy for all 3 of you.", "truncated": false }, "statuses_count": 2609, "time_zone": "Pacific Time (US & Canada)", "url": null, "utc_offset": -28800, "verified": false }
官方登录文档;
https://developers.line.biz/en/reference/line-login/
授权登录流程:
- 客户端请求 POST https://api.line.me/oauth2/v2.1/token 获取token、id_token
- 将 id_token 和 user_id 传给服务器,服务器调用 POST https://api.line.me/oauth2/v2.1/verify 验证 token 获取 access_token
- 根据 access_token 获取用户信息,然后走 登录/注册流程
验证用户信息(第2步)返回:
{
"iss": "https://access.line.me",
"sub": "U1234567890abcdef1234567890abcdef",
"aud": "1234567890",
"exp": 1504169092,
"iat": 1504263657,
"nonce": "0987654asdf",
"amr": [
"pwd"
],
"name": "Taro Line",
"picture": "https://sample_line.me/aBcdefg123456",
"email": "taro.line@examples.com"
}根据 ACCESS_TOKEN 调用 profile 接口数据:
{
"userId":"U4af4980629...",
"displayName":"Brown",
"pictureUrl":"https://profile.line-scdn.net/abcdefghijklmn",
"statusMessage":"Hello, LINE!"
}