Fixed Facebook user ID for your login system

I am building a login system that depends on Facebook login plugin (https://developers.facebook.com/docs/facebook-login/web). Everything is going well with this easy to use plugin. The bad news is that: today, I noted that the Facebook changes its user IDs, and these changes can deceive your login system.

Explaining the process and the problem: 1- The user goes to your website and click Facebook login button to access to your website. 2- The plugin grabs the user's information from Facebook API, including the user Facebook ID.
3- Your script uses the grabbed info to check your database, looking for the Facebook ID in the users table. 4- If the Facebook ID exists, the system allows the user to login. If it does not exist, the system creates a new account for the user and login him/her to your website. So, the same Facebook user might be registered more than one time as long as the Facebook changes the user's ID.

As I noted today: Sometimes, the Facebook gives its user an ID with 9 digits, and other times give the user an ID with 19 digits. If you used any of those IDs; it would redirect you to the same user's profile. For example: if the user's IDs are 999999999 and 1010101010101010101 https://facebook.com/999999999 and https://facebook.com/1010101010101010101 both URLs will lead you to same profile.

P.S. The script checks with the user's email, however the user has the choice not to supply his/her email address to your website. I use API v2.. I didn't use the old version (v1.). So, I think this is not the issue of chronicle or app scoped IDs.

If you have any ideas that help in getting a fixed Facebook user ID, please let me know. Thank you in advance

• Can you actually prove that Facebook suddenly changed the ID's, with for example a link to any sort of documentation from facebook saying as much? I'm guessing the issue is on your end.

  adeneo

  – adeneo

  2016年09月25日 14:44:54 +00:00

  Commented Sep 25, 2016 at 14:44
• @adeneo the only prove I have is that the user account (ID) I use to test the application. I looked for Facebook documentations but I didn't find any documentations regarding this issue. I can send you (not publicly) 2 IDs for the same user. I got those IDs while I use the same Facebook app and the same Facebook API version. Therefore I thought the issue might not be on my end. – weblover just now edit

  DevManX

  – DevManX

  2016年09月25日 15:02:32 +00:00

  Commented Sep 25, 2016 at 15:02
• facebook does not change the IDs. are you using different apps? do you know about "app scoped ids"? do you always get the ID with the /me endpoint? i am pretty sure it IS an issue with app scoped (and global) IDs.

  andyrandy

  – andyrandy

  2016年09月25日 17:31:02 +00:00

  Commented Sep 25, 2016 at 17:31
• @luschn I hope that I am wrong and the problem to be my end. No I don't use different apps, I get the id with facebook SDK by: $response = $fb->get('/me?fields=id,name,email');

  DevManX

  – DevManX

  2016年09月25日 19:06:35 +00:00

  Commented Sep 25, 2016 at 19:06
• ok, and how do you get the other (different) id? the same api call with the same user access token will definitely give you the same one.

  andyrandy

  – andyrandy

  2016年09月25日 19:48:33 +00:00

  Commented Sep 25, 2016 at 19:48

0

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.