开发者

Oauth 2: Is access_token a unique key for User?

开发者 https://www.devze.com 2023-03-06 17:16 出处:网络
After a user connects with Facebook, Facebook responds with an access_token. Can I assume this access_token will always stay the same and is unique for every user?

After a user connects with Facebook, Facebook responds with an access_token.

Can I assume this access_token will always stay the same and is unique for every user?

If so, then I can use it to find the user in my database, and if not found, create a new user.

If not, is there a way to ask Facebook to also send you back user_id (with the access_token) right after connecting so开发者_运维知识库 that I don't have to make another request to /me?fields=id for it?


You should use their id as a unique identifier. The access_token is unique, but you'll get a new one every time you request one.


OAuth access_token can be duplicated during 2+ token issuers. It is unique only in the token issuer (facebook.com in this case). Since facebook token is enough long, token duplicates will rarely happen though.

0

精彩评论

暂无评论...
验证码 换一张
取 消