Facebook 真的支持 OAuth 2.0 吗?
我已经通过外部库在我的应用程序中成功实现了 LinkedIn 和 Twitter Oauth 2.0 授权。但我在使用 Facebook 时遇到了问题。似乎它有不同的授权流程。
我需要有 3 个端点来实现 OAuth:请求令牌 url、访问令牌 url 和授权令牌 url。
对于 LinkedIn 和 Twitter,我有它们:
REQ_TOKEN_URL="https://api.linkedin.com/uas/oauth/requestToken";
ACCESS_TOKEN_URL="https://api.linkedin.com/uas/oauth/accessToken";
AUTHORIZE_TOKEN_URL="https://api.linkedin.com/uas/oauth/authorize";
REQ_TOKEN_URL="https://api.twitter.com/oauth/request_token";
ACCESS_TOKEN_URL="https://api.twitter.com/oauth/access_token";
AUTHORIZE_TOKEN_URL="https://api.twitter.com/oauth/authorize";
但是对于 Facebook,我有而不是请求令牌
OAUTH_FACEBOOK_DIALOG = "https://www.facebook.com/dialog/oauth";
而且我不确定它是否相等。可能不会,因为它的工作方式与 LinedIn 和 Twitter 的工作方式相同。
在 Facebook 文档中,他们建议首先将用户重定向到“https://www.facebook.com/dialog/oauth”,但在经典 OAuth 2.0 中,我首先必须从 request_token_URL 请求令牌。
所以问题是:Facebook 授权流程实际上不是 OAuth 2.0,我必须使用不同的方法吗?
I've already succesfully implemented LinkedIn and Twitter Oauth 2.0 authorization in my App with external libraries. But I have problems with Facebook. It seems like it has different authorization flow.
I need to have 3 endpoints to implement OAuth: request token url, access token url and authorize token url.
For LinkedIn and Twitter I have them:
REQ_TOKEN_URL="https://api.linkedin.com/uas/oauth/requestToken";
ACCESS_TOKEN_URL="https://api.linkedin.com/uas/oauth/accessToken";
AUTHORIZE_TOKEN_URL="https://api.linkedin.com/uas/oauth/authorize";
REQ_TOKEN_URL="https://api.twitter.com/oauth/request_token";
ACCESS_TOKEN_URL="https://api.twitter.com/oauth/access_token";
AUTHORIZE_TOKEN_URL="https://api.twitter.com/oauth/authorize";
But for Facebook instead of request token I have
OAUTH_FACEBOOK_DIALOG = "https://www.facebook.com/dialog/oauth";
And I'm not sure if it's equal. Probably not, since it doen's work the way it did with LinedIn and Twitter.
And in Facebook documentation they suggest to start with redirecting user to "https://www.facebook.com/dialog/oauth", but in classical OAuth 2.0 first I have to request the token from request_token_URL.
So the question is: is Facebook authorization flow actually not OAuth 2.0 and I have to use different approach?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Facebook 事实上完全支持 OAuth 2.0。 Twitter 目前不支持 OAuth 2.0。我认为 LinkedIn OAuth 2.0 支持仍处于测试阶段。但是,是的,您需要对不同版本的 OAuth 使用不同的方法。
Facebook does in fact fully support OAuth 2.0. Twitter currently does not support OAuth 2.0. LinkedIn OAuth 2.0 support I believe is still in beta. But yes, you will need to use a different approach for different versions of OAuth.