After a user connects with Facebook, Facebook responds with an access_token
.
Can I assume this access_token
will always stay the same and is unique for every user?
If so, then I can use it to find the user in my database, and if not found, create a new user.
If not, is there a way to ask Facebook to also send you back user_id
(with the access_token
) right after connecting so开发者_运维知识库 that I don't have to make another request to /me?fields=id
for it?
You should use their id
as a unique identifier. The access_token
is unique, but you'll get a new one every time you request one.
OAuth access_token can be duplicated during 2+ token issuers. It is unique only in the token issuer (facebook.com in this case). Since facebook token is enough long, token duplicates will rarely happen though.
精彩评论