Facebook access_token 问题

发布于 2024-11-25 08:40:04 字数 739 浏览 3 评论 0原文

我在我的应用程序中使用请求对话框，用户可以在其中向他们的朋友发送请求。用户发送请求后，我将应用程序重定向到它在用户页面上发布的页面。我使用下面的代码来获取 access_token：

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://graph.facebook.com/oauth/access_token?client_id='.APP_ID.'&client_secret='.APP_SECRET.'&redirect_uri=http://www.facebook.com/pages/Cosmetics/167231286678063?sk=app_233227910028874&grant_type=client_credentials');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);

$token = curl_exec($ch);

$me = $facebook->api('/me?'.$token);

但是当我尝试在墙上发布时，它显示此错误：

致命错误：未捕获的 OAuthException：无效的 OAuth 访问令牌签名。

原文

I use a request dialog in my app where the user can send requests to their friends. Once the user sends the request i redirect the app to a page where it posts on the users page. I use the below code to get an access_token:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://graph.facebook.com/oauth/access_token?client_id='.APP_ID.'&client_secret='.APP_SECRET.'&redirect_uri=http://www.facebook.com/pages/Cosmetics/167231286678063?sk=app_233227910028874&grant_type=client_credentials');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);

$token = curl_exec($ch);

$me = $facebook->api('/me?'.$token);

but when I try to post on the wall it shows this error:

Fatal error: Uncaught OAuthException: Invalid OAuth access token signature.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

南…巷孤猫 2024-12-02 08:40:04

我不确定您到底要如何进行身份验证。以这种方式发出请求可能没问题，但我使用的方法是此处记录的方法： http://developers.facebook.com/docs/authentication/

也就是说，您首先将用户重定向到 Facebook 页面，以使他接受权限。一旦他接受，他就会被重定向到您提供的 URL，并使用您需要执行服务器端请求的 code=### get 参数来获取您需要的真正的 access_token

。重定向 url：

$my_url = 'http://www.example.com';
"http://www.facebook.com/dialog/oauth?client_id=". $app_id ."&redirect_uri=". urlencode($my_url);

然后，当用户单击 Accept 时，他会被重定向到，例如

http://www.example.com?code=ABCDEF

然后，在服务器端，您需要获取 access_token 进行如下调用：

"https://graph.facebook.com/oauth/access_token?"
   . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
   . "&client_secret=" . $app_secret . "&code=" . $code;

然后仔细检查该调用返回的文本，并且尝试获取

"https://graph.facebook.com/me?access_token=". $access_token;

（您也可以通过以下方式检查手）

编辑

此外，您可能需要用户提供更多权限才能在他的流上发布。因此，请求权限将 scope=publish_stream 添加到第一个（用户授权）URL。

I'm not sure on how exactly you are trying to authenticate.. It might be ok doing a request that way, but the method I use is the one documented here: http://developers.facebook.com/docs/authentication/

That is, you first redirect the user to a Facebook page in order to make him accept permissions. Once he accepts, he gets redirected to an URL you provided, with a code=### get argument you need to perform a server-side request in order to get the real access_token you need..

Example redirect url:

$my_url = 'http://www.example.com';
"http://www.facebook.com/dialog/oauth?client_id=". $app_id ."&redirect_uri=". urlencode($my_url);

Then, when the user clicks on Accept, he gets redirected to, for example

http://www.example.com?code=ABCDEF

Then, on the server-side, you need to get the access_token making a call like this:

"https://graph.facebook.com/oauth/access_token?"
   . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
   . "&client_secret=" . $app_secret . "&code=" . $code;

Then double check the returned text from that call, and try getting

"https://graph.facebook.com/me?access_token=". $access_token;

(You can also check this by hand)

EDIT

Also, you probably need some more permissions from the user in order to publishi on his stream. So, ask for permissions adding a scope=publish_stream get to the first (user authorization) URL.

回复收藏 0 原文

紫南 2024-12-02 08:40:04

为什么不使用 PHP SDK 3.0.1 ？

如果你使用facebook提供的sdk就很容易了，这里是使用php sdk 3.0.1进行身份验证的示例：

<?php

// Requires Facebook PHP SDK 3.0.1: https://github.com/facebook/php-sdk/
require ('facebook.php');

define('FACEBOOK_APP_ID',"YOUR-APP-ID-HERE");
define('FACEBOOK_SECRET',"YOUR-APP-API-SECRET-HERE");
define('REDIRECT_URI',"YOUR-REDIRECT-URL-HERE");
define('PERMISSIONS_REQUIRED', "publish_stream,user_photos");
$user = null;

$facebook = new Facebook(array(
    'appId' => FACEBOOK_APP_ID,
    'secret' => FACEBOOK_SECRET,
    'cookie' => true
));

$user = $facebook->getUser(); // Get the UID of the connected user, or 0 if the Facebook user is not connected.

if($user == 0) {
    // If the user is not connected to your application, redirect the user to authentication page
    /**
     * Get a Login URL for use with redirects. By default, full page redirect is
     * assumed. If you are using the generated URL with a window.open() call in
     * JavaScript, you can pass in display=popup as part of the $params.
     * 
     * The parameters:
     * - redirect_uri: the url to go to after a successful login
     * - scope: comma separated list of requested extended perms
     */

    $login_url = $facebook->getLoginUrl($params = array('redirect_uri' => REDIRECT_URI,'scope' => PERMISSIONS_REQUIRED));

    echo ("<script> top.location.href='".$login_url."'</script>");

} else {
    // if the user is already connected, then fetch access_token and user's information or show some content to logged in user.
    try
    {
        $access_token = $facebook->getAccessToken(); // Gives you current user's access_token

        $user = $facebook->api('/me'); // Gets User's information based on permissions the user has granted to your application.

    } catch(FacebookApiException $e){
        $results = $e->getResult();
        // Print results if you want to debug.
    }

}

?>

Why don't you use PHP SDK 3.0.1 ?

Its easy if you use the sdk provided by facebook, here's the sample for authentication using php sdk 3.0.1:

<?php

// Requires Facebook PHP SDK 3.0.1: https://github.com/facebook/php-sdk/
require ('facebook.php');

define('FACEBOOK_APP_ID',"YOUR-APP-ID-HERE");
define('FACEBOOK_SECRET',"YOUR-APP-API-SECRET-HERE");
define('REDIRECT_URI',"YOUR-REDIRECT-URL-HERE");
define('PERMISSIONS_REQUIRED', "publish_stream,user_photos");
$user = null;

$facebook = new Facebook(array(
    'appId' => FACEBOOK_APP_ID,
    'secret' => FACEBOOK_SECRET,
    'cookie' => true
));

$user = $facebook->getUser(); // Get the UID of the connected user, or 0 if the Facebook user is not connected.

if($user == 0) {
    // If the user is not connected to your application, redirect the user to authentication page
    /**
     * Get a Login URL for use with redirects. By default, full page redirect is
     * assumed. If you are using the generated URL with a window.open() call in
     * JavaScript, you can pass in display=popup as part of the $params.
     * 
     * The parameters:
     * - redirect_uri: the url to go to after a successful login
     * - scope: comma separated list of requested extended perms
     */

    $login_url = $facebook->getLoginUrl($params = array('redirect_uri' => REDIRECT_URI,'scope' => PERMISSIONS_REQUIRED));

    echo ("<script> top.location.href='".$login_url."'</script>");

} else {
    // if the user is already connected, then fetch access_token and user's information or show some content to logged in user.
    try
    {
        $access_token = $facebook->getAccessToken(); // Gives you current user's access_token

        $user = $facebook->api('/me'); // Gets User's information based on permissions the user has granted to your application.

    } catch(FacebookApiException $e){
        $results = $e->getResult();
        // Print results if you want to debug.
    }

}

?>

回复收藏 0 原文

○愚か者の日 2024-12-02 08:40:04

您使用的 &grant_type=client_credentials 为您的应用程序提供了一个整体访问令牌，而不是当前用户的访问令牌。要获取当前用户的访问令牌，您需要将他们重定向到相同的网址，但没有 &grant_type=client_credentials，然后 Facebook 会将他们重定向回您的 redirect_uri 并发送您需要的 access_token。或者，您可以使用 Javascript SDK 通过弹出窗口获取访问令牌，而无需重定向它们。

以下是有关如何使用 JS SDK 进行身份验证且不使用重定向的另一个问题的链接：Facebook 身份验证没有重定向？

回复收藏 0 原文