当前位置: 文江博客话题详情

Facebook OAuth2 访问令牌过期后刷新的正确方法是什么?

发布于 2024-10-10 18:22:31 字数 417 浏览 2 评论 0原文

据我了解,简而言之,这是使用 OAuth2 API 的新 Facebook iframe 画布应用程序的基本流程:

  1. 重定向到(或让用户单击链接到)应用程序的授权 URL
  2. 用户授权并重定向到您的回调 URL
  3. 回调使用“代码”获取访问令牌的参数
  4. 访问令牌与 Graph API 一起使用来拉取或推送信息

问题是访问令牌过期相对较快,需要“刷新”,所以我的问题是 1)您如何检测令牌已除了尝试使用它并简单地收到错误之外已经过期? 2) 获取新代币的最佳做法是什么?

目前,我只是检测到尝试使用访问令牌获取用户信息时出现错误,然后再次重定向到授权 URL——因为他们已经授权了该应用程序,一个空白页面闪过,它们被重定向回我的应用程序回调我在那里得到一个新的令牌。它太笨重了,我不敢相信这是正确的方法。

原文

As I understand it, this is the basic process for new Facebook iframe canvas apps using the OAuth2 API in a nutshell:

  1. Redirect to (or have user click link to) app's authorization URL
  2. User authorizes and is redirected to your callback URL
  3. Callback uses "code" parameter to get a access token
  4. Access token is used with Graph API to pull or push information

The problem is that access tokens expire relatively quickly and need to be "refreshed", so my questions are 1) how do you detect that the token has expired aside from trying to use it and simply getting an error? and 2) what is the best practice for obtaining a new token?

Currently, I just detect that there was an error trying to get the user's information with their access token, then redirect to the authorization URL again -- since they already authorized the app a blank page flashes by and they are redirected back to my app callback where I get a fresh token. It's so clunky I can't believe this is the proper method.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

客…行舟 2024-10-17 18:22:31

  1. 判断 cookie 是否有效的唯一方法是使用它并在它过期时捕获错误。没有轮询方法或任何方法来检查令牌是否有效。

  2. 要获取新令牌,只需再次将用户重定向到身份验证页面即可。因为他们已经授权了您的应用程序,所以他们将立即重定向回您的应用程序,并且您将拥有一个新令牌。由于他们已经这样做了,因此不会提示他们允许。

简而言之,这没有任何技巧。你已经做对了。

  1. The only way to tell if a cookie is valid is to use it and catch the error if it is expired. There is no polling method or anything to check if a token is valid.

  2. To get a new token, simply redirect the user to the authentication page again. Because they have already authorized your app they will instantly be redirected back to your app and you will have a new token. They won't be prompted to allow since they have already done that.

In short, there are no tricks to this. You are already doing it correctly.

回复 原文
夏尔 2024-10-17 18:22:31

最近,Facebook 对访问令牌进行了一些更改,允许定期刷新它们。

https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN

有关更多详细信息,请查看此处:https://developers.facebook。 com/docs/roadmap/completed-changes/offline-access-removal

Recently, facebook has made some changes to access tokens which allows them to be refreshed periodically.

https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN

For more details, check here: https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal

回复 原文
无法言说的痛 2024-10-17 18:22:31
//you just need more step because the access token you are getting will expire in 1 hour
    //you can overcome this in step 5

    1-Redirect to (or have user click link to) app's authorization URL
2-User authorizes and is redirected to your callback URL
3-Callback uses "code" parameter to get a access token
4-Access token is used with Graph API to pull or push information
    5-exchange short-lived access token you just got with 60 day access token
    https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN
    6-after 60 day the user must login again to your app and the steps from 1-5 will be repeated.
    --the real problem you will face is how to make the user visit your app page again

//you just need more step because the access token you are getting will expire in 1 hour
    //you can overcome this in step 5

    1-Redirect to (or have user click link to) app's authorization URL
2-User authorizes and is redirected to your callback URL
3-Callback uses "code" parameter to get a access token
4-Access token is used with Graph API to pull or push information
    5-exchange short-lived access token you just got with 60 day access token
    https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN
    6-after 60 day the user must login again to your app and the steps from 1-5 will be repeated.
    --the real problem you will face is how to make the user visit your app page again
回复 原文
熟人话多 2024-10-17 18:22:31

Facebook 删除了“代表”模式刷新访问令牌的功能。最好、最简单的方法是将用户重定向到 Facebook 登录页面以重新验证应用程序。
在此处查找 facebook 文档

Facebook has removed the feature of refresh the access token on the "behalf of" mode. The best and easy way is to redirect the user to facebook login page to re-oauth the app.
Find facbook doc here

回复 原文
千里故人稀 2024-10-17 18:22:31

如果用户已经授权您的应用程序并且访问令牌已过期。您可以再次将用户重定向到身份验证页面。但 oauth 对话框不显示,因为用户已经授权您的应用程序。他将重定向到您使用的redirect_url参数。

if user has already authorized your application and access token expired. you can redirect user to authentication page again. but oauth dialog doestn't show because user already authorized your application. he will redirect to redirect_url parameter you used.

回复 原文
~没有更多了~

关于作者

寄人书

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

玍銹的英雄夢

文章 0 评论 0

我不会写诗

文章 0 评论 0

十六岁半

文章 0 评论 0

浸婚纱

文章 0 评论 0

qq_kJ6XkX

文章 0 评论 0

旧伤还要旧人安

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文