我可以存储 Facebook 访问令牌并在以后使用吗?
我正在构建一个使用 FB connect 的网络应用程序(PHP)。我在 facebook 提供的 PHP 库的帮助下成功注册/登录用户。我也可以使用此代码发布到墙上
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYPEER] = false;
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYHOST] = 2;
$facebook = new Facebook(array(
'appId' => $fb_key,
'secret' => $fb_secret,
'cookie' => true, // enable optional cookie support
));
$session = $facebook->getSession();
if ($session)
{
$facebook->api('/me/feed', 'POST', array('message'=>$message, 'link'=>$link['href'], 'name'=>$link['text']));
}
但是,如果我手动转到浏览器的 cookie 管理器并删除存储 FB 会话的 cookie,则该代码将不起作用。我唯一拥有的是用户的 FB ID,我将其存储在数据库中。即使 FB 会话丢失,是否有任何方法可以发布到用户墙上?将用户的 FB 访问令牌存储在数据库中以便稍后发布到墙上是否有意义,或者访问令牌的寿命相对较短?
以下是我的应用程序中可能发生的示例情况: 用户单击 Facebook 按钮,授权我的应用程序,重定向回我的网站,我在其中根据 FB 提供的数据自动创建一个帐户,并且我还存储用户的 FB ID,以便稍后登录该用户。现在他浏览网站,输入一些信息,这些信息会发布到他的墙上。到目前为止一切都很好,因为用户的浏览器保存着 FB 创建的 cookie。现在用户离开网站并联系网站管理员。管理员打开自己的浏览器,进入管理界面并代表该用户发布一些内容。现在,有了该用户的 FB ID 并假设该用户没有撤销权限,我仍然可以将其发布到他的墙上吗?
I am building a web app (PHP) that uses FB connect. I successfully register / sign in user with the help of the PHP lib provided by facebook. Also I can post to wall, using this code
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYPEER] = false;
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYHOST] = 2;
$facebook = new Facebook(array(
'appId' => $fb_key,
'secret' => $fb_secret,
'cookie' => true, // enable optional cookie support
));
$session = $facebook->getSession();
if ($session)
{
$facebook->api('/me/feed', 'POST', array('message'=>$message, 'link'=>$link['href'], 'name'=>$link['text']));
}
However, if I manually go to my browser's cookie manager and delete the cookie that stores FB session, the code doesn't work. The only thing I have is user's FB ID which I store in DB. Is there any way to post to user's wall even if FB sessions is lost? Does it make sense to store user's FB access token in DB to post to wall later or is the access token relatively short-lived?
Here's an example situation that might happen in my app:
user clicks fb button, authorizes my app, gets redirected back to my site where I automatically create an account based on data provided by FB, also I store user's FB ID so that I could sign in this user later. Now he browses site, enters some info and this info gets posted to his wall. Everything is fine so far because user's browser holds the cookie created by FB. Now user leaves the site and contacts site admin. Admin opens his own browser, goes to admin interface and posts something on behalf of this user. Now, having that user's FB ID and assuming that user hasn't revoked permissions, can I still post this to his wall?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
借助 Facebook PHP SDK v3(参见 github),询问和使用用户离线访问令牌。以下是您如何做到这一点。
获取离线访问令牌
首先检查用户是否登录:
如果没有,则生成“使用 Facebook 登录”URL,请求
offline_access权限:然后在中显示链接您的模板:
然后,当用户登录时,您可以检索离线访问令牌并存储它。要获取它,请调用:
使用离线访问令牌
要在用户未登录时使用离线访问令牌:
现在您可以为此用户进行 API 调用:
希望有帮助!
With the Facebook PHP SDK v3 (see on github), it is pretty simple to ask and use a user offline access token. Here is how you do that.
Get the offline access token
First you check if the user is logged in or not :
If he is not, you generate the "Login with Facebook" URL asking for the
offline_accesspermission :And then display the link in your template :
Then, when the user is logged in, you can retrieve the offline access token and store it. To get it, call :
Use the offline access token
To use the offline access token when the user is not logged in :
And now you can make API calls for this user :
Hope that helps !
更新:此答案不再有效,因为offline_access已被弃用。
您需要请求offline_access权限。检查权限文档。
编辑根据更新和评论 - 可以找到有关删除offline_access的一些信息这里。
UPDATE: This answer is no longer valid as offline_access is deprecated.
You need to request the offline_access permission. Check the permissions doc.
EDIT Per the update and comments - some info on the removal of the offline_access can be found here.