问题
We are building a web application and right now we are in the stage of deciding how to keep track of our users. Our default option is to maintain our own user registration system which is a lot of headache (user name uniqueness, registration process, etc...).
As an alternative we can use people's Facebook identity, meaning they will log in to our system using their Facebook's email and password. Then our back-end will fetch the user's Facebook id (Graph id), and store it in the DB. Any data that the user will change/upload to the application will be linked to this id.
The question is, can we trust the id as a permanent identifier, and build a complex back-end around it. How can we be sure that Facebook won't change someone's id ?
Does other identity management systems like Azure Access Control rely on this id?
回答1:
Facebook's platform policy discourages using user ids for anything except internal use. So, if you were planning to have a profile page whose url was something like /users/, it would probably violate facebook's privacy expectations. You're better off making a Users table with a surrogate primary key, and including their facebook id as a non-primary column.
Additionally, you might run into an instance where a user loses access to their old facebook account and wants to associate their account on your site with a new facebook identity. If you use their facebook id as a foreign key in several tables, you have unnecessarily tangled their old facebook id with your application's data.
来源:https://stackoverflow.com/questions/6803469/rely-on-facebook-user-id-as-a-permanent-user-identifier