The externalAuthentication collection only holds the external id for Facebook. If possible, please also store and check the Facebook app id for authentications. This would prevent any danger of collusions of app-scoped ids from different segments connecting to different Facebook apps.
This may not be a problem for Facebook currently because the app-scoped ids seem to be globally unique, but it'll be safer for the future and for other external verification methods.
1 Comment
Customer Support
said
about 3 years ago
Hi Baris Thank you for the suggestion, I'll pass it on to our tech team. Cheers Katie
Baris Tumerkan
The externalAuthentication collection only holds the external id for Facebook. If possible, please also store and check the Facebook app id for authentications. This would prevent any danger of collusions of app-scoped ids from different segments connecting to different Facebook apps.
This may not be a problem for Facebook currently because the app-scoped ids seem to be globally unique, but it'll be safer for the future and for other external verification methods.