Can I select which Facebook accounts can log in using Facebook Connect?
For a website for our sports club, it would be interesting to let our users log in with their Facebook account. If I'm not mistaken, this requires Facebook Con开发者_开发百科nect? But if I understand correctly, this would let all Facebook users log in to our site. Obviously, I would only want to allow certain Facebook accounts to log in, i.e. the members of our sports club.
Is this possible? I have checked the documentation of Facebook Connect and their OAuth 2.0 documentation but can't find anything that points in that direction.
You're running up against the differences between authentication and authorization.
Facebook Connect (and other OAUTH2.0 schemes) is basically an authentication system. It says that the user is who they say they are, and by extension is a trusted system in and of itself. Thus you rely that they truly are who they say.
In effect though, AFAIK, you cannot limit Facebook Connect's ability to authenticate a user.
That said, your problem is not authentication, but rather it is one of authorization. Basically, you only want certain people to have access to the private portions of your site.
What this means is that you need (and this is really, just a single possible solution, and one which I thought up while typing this) basically a holding queue for all new connections, and then grant each connection a specific set of authorized privileges--or deny them those privileges. Yes, it is a manual process, but it's one that you could pre-fill based on a known list of Facebook Id's.
The short answer is that, Facebook Connect just tells you that Person A is Person A. What that means to your site, and access rights within it, is still up to you and your site.
精彩评论