使用 Facebook 登录机制进行身份验证(Apple 平台)

您可以将 Facebook 登录或 Facebook 受限登录机制集成到您的应用中,让您的用户可使用自己的 Facebook 帐号进行 Firebase 身份验证。

准备工作

使用 Swift Package Manager 安装和管理 Firebase 依赖项。

  1. 在 Xcode 中打开您的应用项目,依次转到 File(文件)> Add Packages(添加软件包)
  2. 出现提示时,添加 Firebase Apple 平台 SDK 代码库:
    3.   https://github.com/firebase/firebase-ios-sdk
  3. 选择 Firebase Authentication 库。
  4. 完成之后,Xcode 将会自动开始在后台解析和下载您的依赖项。

接下来,执行一些配置步骤:

  1. Facebook for Developers 网站上,为您的应用获取应用 ID (App ID) 和应用密钥 (App Secret)。
  2. 启用 Facebook 登录机制:
    1. Firebase 控制台中,打开 Auth(身份验证) 部分。
    2. Sign-in method(登录方法)标签页中,启用 Facebook 登录方法,并指定您之前从 Facebook 获得的应用 ID应用密钥
    3. 然后,请务必转到 Facebook for Developers 网站,依次点击产品设置 (Product Settings) > Facebook 登录 (Facebook Login) 配置,然后在您的 Facebook 应用的设置页面中,确保您的 OAuth 重定向 URI(例如 my-app-12345.firebaseapp.com/__/auth/handler)出现在 OAuth 重定向 URI (OAuth redirect URIs) 列表中。

实现 Facebook 登录

如需使用“传统版”Facebook 登录,请完成以下步骤。或者,您也可以使用 Facebook 受限登录,如下一部分所示。

  1. 开发者文档中的说明操作,将 Facebook 登录集成到您的应用中。当初始化 FBSDKLoginButton 对象时,设置一个委托 (delegate) 来接收登录和退出帐号事件。例如:

    Swift

    let loginButton = FBSDKLoginButton()
loginButton.delegate = self

    Objective-C

    FBSDKLoginButton *loginButton = [[FBSDKLoginButton alloc] init];
loginButton.delegate = self;
    在您的委托中,实现 didCompleteWithResult:error:

    Swift

    func loginButton(_ loginButton: FBSDKLoginButton!, didCompleteWith result: FBSDKLoginManagerLoginResult!, error: Error!) {
  if let error = error {
    print(error.localizedDescription)
    return
  }
  // ...
}

    Objective-C

    - (void)loginButton:(FBSDKLoginButton *)loginButton
    didCompleteWithResult:(FBSDKLoginManagerLoginResult *)result
                    error:(NSError *)error {
  if (error == nil) {
    // ...
  } else {
    NSLog(error.localizedDescription);
  }
}
  2. UIApplicationDelegate 中导入 FirebaseCore 模块,以及您的应用委托 (app delegate) 使用的所有其他 Firebase 模块。 例如,如需使用 Cloud Firestore 和 Authentication,请执行以下操作:

    Swift

    import FirebaseCore
import FirebaseFirestore
import FirebaseAuth
// ...

    Objective-C

    @import FirebaseCore;
@import FirebaseFirestore;
@import FirebaseAuth;
// ...
  3. 配置一个 FirebaseApp 共享实例(通常在 App 的初始化程序或应用委托的 application(_:didFinishLaunchingWithOptions:) 方法中配置):

    Swift

    // Use Firebase library to configure APIs
FirebaseApp.configure()

    Objective-C

    // Use Firebase library to configure APIs
[FIRApp configure];
  4. 用户成功登录后,您可在 didCompleteWithResult:error: 的实现代码中,为已登录的用户获取一个访问令牌,然后用该访问令牌换取 Firebase 凭据:

    Swift

    let credential = FacebookAuthProvider
  .credential(withAccessToken: AccessToken.current!.tokenString)

    Objective-C

    FIRAuthCredential *credential = [FIRFacebookAuthProvider
    credentialWithAccessToken:[FBSDKAccessToken currentAccessToken].tokenString];

实现 Facebook 受限登录

如需使用 Facebook 受限登录(而非“传统版”Facebook 登录),请完成以下步骤。

  1. 开发者文档中的说明操作,将 Facebook 受限登录集成到您的应用中。
  2. 为每个登录请求生成唯一的随机字符串(“Nonce”),用来确保您获取的 ID 令牌专门用于响应您的应用的身份验证请求。此步骤对于防止重放攻击至关重要。 您可以使用 SecRandomCopyBytes(_:_:_) 生成加密的安全 Nonce,如以下示例所示:

    Swift

    // Adapted from https://auth0.com/docs/api-auth/tutorials/nonce#generate-a-cryptographically-random-nonce
private func randomNonceString(length: Int = 32) -> String {
  precondition(length > 0)
  let charset: [Character] =
    Array("0123456789ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvwxyz-._")
  var result = ""
  var remainingLength = length

  while remainingLength > 0 {
    let randoms: [UInt8] = (0 ..< 16).map { _ in
      var random: UInt8 = 0
      let errorCode = SecRandomCopyBytes(kSecRandomDefault, 1, &random)
      if errorCode != errSecSuccess {
        fatalError(
          "Unable to generate nonce. SecRandomCopyBytes failed with OSStatus \(errorCode)"
        )
      }
      return random
    }

    randoms.forEach { random in
      if remainingLength == 0 {
        return
      }

      if random < charset.count {
        result.append(charset[Int(random)])
        remainingLength -= 1
      }
    }
  }

  return result
}

    Objective-C

    // Adapted from https://auth0.com/docs/api-auth/tutorials/nonce#generate-a-cryptographically-random-nonce
- (NSString *)randomNonce:(NSInteger)length {
  NSAssert(length > 0, @"Expected nonce to have positive length");
  NSString *characterSet = @"0123456789ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvwxyz-._";
  NSMutableString *result = [NSMutableString string];
  NSInteger remainingLength = length;

  while (remainingLength > 0) {
    NSMutableArray *randoms = [NSMutableArray arrayWithCapacity:16];
    for (NSInteger i = 0; i < 16; i++) {
      uint8_t random = 0;
      int errorCode = SecRandomCopyBytes(kSecRandomDefault, 1, &random);
      NSAssert(errorCode == errSecSuccess, @"Unable to generate nonce: OSStatus %i", errorCode);

      [randoms addObject:@(random)];
    }

    for (NSNumber *random in randoms) {
      if (remainingLength == 0) {
        break;
      }

      if (random.unsignedIntValue < characterSet.length) {
        unichar character = [characterSet characterAtIndex:random.unsignedIntValue];
        [result appendFormat:@"%C", character];
        remainingLength--;
      }
    }
  }

  return [result copy];
}
    您将通过登录请求发送 Nonce 的 SHA-256 哈希,Facebook 将在响应中原封不动地传递该值。为了验证响应,Firebase 会对原始 Nonce 进行哈希处理并将其与 Facebook 传递的值进行比较。

    Swift

    @available(iOS 13, *)
private func sha256(_ input: String) -> String {
  let inputData = Data(input.utf8)
  let hashedData = SHA256.hash(data: inputData)
  let hashString = hashedData.compactMap {
    String(format: "%02x", $0)
  }.joined()

  return hashString
}

    Objective-C

    - (NSString *)stringBySha256HashingString:(NSString *)input {
  const char *string = [input UTF8String];
  unsigned char result[CC_SHA256_DIGEST_LENGTH];
  CC_SHA256(string, (CC_LONG)strlen(string), result);

  NSMutableString *hashed = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH * 2];
  for (NSInteger i = 0; i < CC_SHA256_DIGEST_LENGTH; i++) {
    [hashed appendFormat:@"%02x", result[i]];
  }
  return hashed;
}
  3. 设置 FBSDKLoginButton 时,请设置一个委托来接收登录和退出帐号事件,将跟踪模式设置为 FBSDKLoginTrackingLimited,并附加一个 Nonce。例如:

    Swift

    func setupLoginButton() {
    let nonce = randomNonceString()
    currentNonce = nonce
    loginButton.delegate = self
    loginButton.loginTracking = .limited
    loginButton.nonce = sha256(nonce)
}

    Objective-C

    - (void)setupLoginButton {
  NSString *nonce = [self randomNonce:32];
  self.currentNonce = nonce;
  self.loginButton.delegate = self;
  self.loginButton.loginTracking = FBSDKLoginTrackingLimited
  self.loginButton.nonce = [self stringBySha256HashingString:nonce];
}
    在您的委托中,实现 didCompleteWithResult:error:

    Swift

    func loginButton(_ loginButton: FBSDKLoginButton!, didCompleteWith result: FBSDKLoginManagerLoginResult!, error: Error!) {
  if let error = error {
    print(error.localizedDescription)
    return
  }
  // ...
}

    Objective-C

    - (void)loginButton:(FBSDKLoginButton *)loginButton
    didCompleteWithResult:(FBSDKLoginManagerLoginResult *)result
                    error:(NSError *)error {
  if (error == nil) {
    // ...
  } else {
    NSLog(error.localizedDescription);
  }
}
  4. UIApplicationDelegate 中导入 FirebaseCore 模块,以及您的应用委托 (app delegate) 使用的所有其他 Firebase 模块。 例如,如需使用 Cloud Firestore 和 Authentication,请执行以下操作:

    Swift

    import FirebaseCore
import FirebaseFirestore
import FirebaseAuth
// ...

    Objective-C

    @import FirebaseCore;
@import FirebaseFirestore;
@import FirebaseAuth;
// ...
  5. 配置一个 FirebaseApp 共享实例(通常在 App 的初始化程序或应用委托的 application(_:didFinishLaunchingWithOptions:) 方法中配置):

    Swift

    // Use Firebase library to configure APIs
FirebaseApp.configure()

    Objective-C

    // Use Firebase library to configure APIs
[FIRApp configure];
  6. 用户成功登录之后,您可在 didCompleteWithResult:error: 的实现代码中,使用 Facebook 响应中的 ID 令牌和未经哈希处理的 Nonce 来获取 Firebase 凭据:

    Swift

    // Initialize a Firebase credential.
let idTokenString = AuthenticationToken.current?.tokenString
let nonce = currentNonce
let credential = OAuthProvider.credential(withProviderID: "facebook.com",
                                          idToken: idTokenString!,
                                          rawNonce: nonce)

    Objective-C

    // Initialize a Firebase credential.
NSString *idTokenString = FBSDKAuthenticationToken.currentAuthenticationToken.tokenString;
NSString *rawNonce = self.currentNonce;
FIROAuthCredential *credential = [FIROAuthProvider credentialWithProviderID:@"facebook.com"
                                                                    IDToken:idTokenString
                                                                   rawNonce:rawNonce];

进行 Firebase 身份验证

最后,使用 Firebase 凭据进行 Firebase 身份验证:

Swift

Auth.auth().signIn(with: credential) { authResult, error in
    if let error = error {
      let authError = error as NSError
      if isMFAEnabled, authError.code == AuthErrorCode.secondFactorRequired.rawValue {
        // The user is a multi-factor user. Second factor challenge is required.
        let resolver = authError
          .userInfo[AuthErrorUserInfoMultiFactorResolverKey] as! MultiFactorResolver
        var displayNameString = ""
        for tmpFactorInfo in resolver.hints {
          displayNameString += tmpFactorInfo.displayName ?? ""
          displayNameString += " "
        }
        self.showTextInputPrompt(
          withMessage: "Select factor to sign in\n\(displayNameString)",
          completionBlock: { userPressedOK, displayName in
            var selectedHint: PhoneMultiFactorInfo?
            for tmpFactorInfo in resolver.hints {
              if displayName == tmpFactorInfo.displayName {
                selectedHint = tmpFactorInfo as? PhoneMultiFactorInfo
              }
            }
            PhoneAuthProvider.provider()
              .verifyPhoneNumber(with: selectedHint!, uiDelegate: nil,
                                 multiFactorSession: resolver
                                   .session) { verificationID, error in
                if error != nil {
                  print(
                    "Multi factor start sign in failed. Error: \(error.debugDescription)"
                  )
                } else {
                  self.showTextInputPrompt(
                    withMessage: "Verification code for \(selectedHint?.displayName ?? "")",
                    completionBlock: { userPressedOK, verificationCode in
                      let credential: PhoneAuthCredential? = PhoneAuthProvider.provider()
                        .credential(withVerificationID: verificationID!,
                                    verificationCode: verificationCode!)
                      let assertion: MultiFactorAssertion? = PhoneMultiFactorGenerator
                        .assertion(with: credential!)
                      resolver.resolveSignIn(with: assertion!) { authResult, error in
                        if error != nil {
                          print(
                            "Multi factor finanlize sign in failed. Error: \(error.debugDescription)"
                          )
                        } else {
                          self.navigationController?.popViewController(animated: true)
                        }
                      }
                    }
                  )
                }
              }
          }
        )
      } else {
        self.showMessagePrompt(error.localizedDescription)
        return
      }
      // ...
      return
    }
    // User is signed in
    // ...
}

Objective-C

[[FIRAuth auth] signInWithCredential:credential
                          completion:^(FIRAuthDataResult * _Nullable authResult,
                                       NSError * _Nullable error) {
    if (isMFAEnabled && error && error.code == FIRAuthErrorCodeSecondFactorRequired) {
      FIRMultiFactorResolver *resolver = error.userInfo[FIRAuthErrorUserInfoMultiFactorResolverKey];
      NSMutableString *displayNameString = [NSMutableString string];
      for (FIRMultiFactorInfo *tmpFactorInfo in resolver.hints) {
        [displayNameString appendString:tmpFactorInfo.displayName];
        [displayNameString appendString:@" "];
      }
      [self showTextInputPromptWithMessage:[NSString stringWithFormat:@"Select factor to sign in\n%@", displayNameString]
                           completionBlock:^(BOOL userPressedOK, NSString *_Nullable displayName) {
       FIRPhoneMultiFactorInfo* selectedHint;
       for (FIRMultiFactorInfo *tmpFactorInfo in resolver.hints) {
         if ([displayName isEqualToString:tmpFactorInfo.displayName]) {
           selectedHint = (FIRPhoneMultiFactorInfo *)tmpFactorInfo;
         }
       }
       [FIRPhoneAuthProvider.provider
        verifyPhoneNumberWithMultiFactorInfo:selectedHint
        UIDelegate:nil
        multiFactorSession:resolver.session
        completion:^(NSString * _Nullable verificationID, NSError * _Nullable error) {
          if (error) {
            [self showMessagePrompt:error.localizedDescription];
          } else {
            [self showTextInputPromptWithMessage:[NSString stringWithFormat:@"Verification code for %@", selectedHint.displayName]
                                 completionBlock:^(BOOL userPressedOK, NSString *_Nullable verificationCode) {
             FIRPhoneAuthCredential *credential =
                 [[FIRPhoneAuthProvider provider] credentialWithVerificationID:verificationID
                                                              verificationCode:verificationCode];
             FIRMultiFactorAssertion *assertion = [FIRPhoneMultiFactorGenerator assertionWithCredential:credential];
             [resolver resolveSignInWithAssertion:assertion completion:^(FIRAuthDataResult * _Nullable authResult, NSError * _Nullable error) {
               if (error) {
                 [self showMessagePrompt:error.localizedDescription];
               } else {
                 NSLog(@"Multi factor finanlize sign in succeeded.");
               }
             }];
           }];
          }
        }];
     }];
    }
  else if (error) {
    // ...
    return;
  }
  // User successfully signed in. Get user data from the FIRUser object
  if (authResult == nil) { return; }
  FIRUser *user = authResult.user;
  // ...
}];

后续步骤

在用户首次登录后,系统会创建一个新的用户帐号,并将其与该用户登录时使用的凭据(即用户名和密码、电话号码或者身份验证提供方信息)相关联。此新帐号存储在您的 Firebase 项目中,无论用户采用何种方式登录,您项目中的每个应用都可以使用此帐号来识别用户。

  • 在您的应用中,您可以从 FIRUser 对象获取用户的基本个人资料信息。请参阅管理用户

  • 在您的 Firebase Realtime Database 和 Cloud Storage 安全规则中,您可以从 auth 变量获取已登录用户的唯一用户 ID,然后利用此 ID 来控制用户可以访问哪些数据。

您可以将多个身份验证提供方凭据与一个现有用户帐号关联,让用户可以使用多个身份验证提供方登录您的应用。

如需将用户退出登录,请调用 signOut:

Swift

    let firebaseAuth = Auth.auth()
do {
  try firebaseAuth.signOut()
} catch let signOutError as NSError {
  print("Error signing out: %@", signOutError)
}

Objective-C

    NSError *signOutError;
BOOL status = [[FIRAuth auth] signOut:&signOutError];
if (!status) {
  NSLog(@"Error signing out: %@", signOutError);
  return;
}

您可能还需要为所有身份验证错误添加错误处理代码。请参阅处理错误