Facebook 页面访问令牌 - 这些令牌会过期吗?
我正在构建一个应用程序,允许用户管理他们的 Facebook 粉丝页面。这需要以下两个访问令牌:
- 用户访问令牌
- 页面访问令牌
我对用户访问令牌非常熟悉,但对页面访问令牌不太熟悉。
有人知道页面访问令牌的有效期是多久吗?我在 Facebook 网站上能找到的就是这段简洁的段落,没有提及任何有关其到期的信息。
我是否可以假设,如果我使用 offline_access 权限请求用户访问令牌,页面访问令牌也将无限期地持续(除非用户更改密码或手动取消对我的应用程序的授权)?
我这么问是因为我想知道应该多久查询一次 Facebook Graph API 并获取页面访问令牌。我应该在用户注册时简单地请求一次吗?或者,如果它们不断变化,我应该在每次 API 调用时请求它们一次吗?后者显然更费力!
I'm building an app that allows users to administrate their Facebook Fan Pages. This requires the following two Access Tokens:
- A User Access Token
- A Page Access Token
I'm quite familiar with User Access Tokens, but not with Page Access Tokens.
Does anybody know how long the Page Access Token remains valid? All I can find on the Facebook website is this succinct paragraph, which doesn't mention anything about it's expiry.
Can I assume that if I am requesting the User Access Token with the offline_access permission the Page Access Token will also last indefinitely (unless the user changes their password or manually deauthorises my app)?
I'm asking because I want to know how often I should query the Facebook Graph API and acquire Page Access Tokens. Should I simply request them once when the user registers? Or should I request them one each API Call in the event they continuously change? The latter is obviously more taxing!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(8)
当生成页面令牌的用户的访问令牌过期时,页面令牌也会过期。 编辑 2013 年 6 月 28 日:如果您延长用户访问令牌并获取新的页面访问令牌对于用户来说,除非用户取消对您的应用程序的授权,否则该页面令牌不会过期。
离线访问现已被弃用,但您可以将访问令牌的有效期延长 60 天。如果您延长用户的访问令牌,则从该用户帐户生成的页面令牌
也将延长其过期时间以匹配不会过期(编辑于2013年6月28日)。页面令牌的值在扩展后可能会发生变化,因此请务必在扩展用户令牌后从用户的/accounts图连接中获取新的页面令牌。您可以继续每天延长一次这些访问令牌。因此,您应该在用户与您的应用程序交互的每一天重新生成访问令牌。
看
https://developers.facebook.com/docs/facebook-login/访问令牌/#pagetokens
https://developers.facebook.com/docs/facebook-login/访问令牌/#extending
https://developers.facebook.com/docs/facebook-login/
https://developers.facebook.com/roadmap/offline-access-removal/
https://developers .facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
Page Tokens expire when the access token expires for the user that the page token was generated from. Edit 6.28.2013: If you extend the user access token and obtain a new page access token for the user, that page token will not expire unless the user de-authorizes your app.
Offline access has now been deprecated, but you are allowed to extend an access token to last for 60 days. If you extend the user's access token, then the page tokens generated from that user account
will also have their expiration extended to matchwill not expire (edited 6.28.2013). The value for the page tokens may change after being extended, so be sure to grab new page tokens from the user's/accountsgraph connection after extending the user token.You can continue to extend these access tokens once per day. So you should regenerate the access tokens each day that the user interacts with your app.
See
https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens
https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
https://developers.facebook.com/docs/facebook-login/
https://developers.facebook.com/roadmap/offline-access-removal/
https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
您可以扩展页面访问令牌以使其永不过期。该文档有点混乱,但以下页面有相关信息,并且您显然需要成为该页面的管理员。请密切注意第二个链接的场景 4 和场景 5。
https://developers.facebook.com/docs/reference/api/page/#page_access_tokens
https://developers.facebook.com/roadmap/offline-access-removal/#page_access_token
使用图形浏览器从 Facebook 检索令牌非常简单。图形浏览器还允许您调试令牌,该令牌将列出到期日期,因此您可以验证它是否永不过期。 Graph Explorer:https://developers.facebook.com/tools/explorer
单击“获取访问令牌”按钮以检索您的令牌。将您的 ID 保留在查询栏中,只需将 /accounts 附加到您的 ID,使其看起来像这样:
/123456789101112/accounts。确保它是 GET 请求(查询栏左侧的下拉列表)。这将检索您配置为使用的所有页面。然后,您需要发出 GET 请求:
您的 APP_ID 和 APP_SECRET 可以在您的应用程序管理设置中找到。使用您的个人访问令牌作为最终参数 (EXISTING_ACCESS_TOKEN)。这将返回 60 天的个人访问令牌。将此令牌复制到查询栏上方的访问令牌栏中。现在向 USER_ID/accounts 发出 GET 请求,就像我们一开始所做的那样。这将再次返回您配置为使用的页面列表。
但这次与页面一起列出的页面令牌不会过期。您可以通过将页面令牌复制到访问令牌栏中并单击“调试”按钮来检查这一点。这将为您提供有关该访问令牌的详细信息,包括到期时间,在这种情况下应该永远不会。
更新
我还发现 Facebook 的图形浏览器有时会与用户上下文混淆,并且可能并不总是可靠。替代方案是 Fiddler 或 邮递员。
You can extend a page access token to make it never expire. The documentation is a little muddy, but the following pages have pertinent information, and you will obviously need to be an administrator of the page. Pay close attention to scenario 4 and 5 at the second link.
https://developers.facebook.com/docs/reference/api/page/#page_access_tokens
https://developers.facebook.com/roadmap/offline-access-removal/#page_access_token
It is simple using the graph explorer to retrieve tokens from Facebook. The graph explorer also allows you to debug the token which will list the expiration date, thus you can verify that it never expires. Graph Explorer: https://developers.facebook.com/tools/explorer
Click on the Get Access Token button to retrieve your token. Keeping your id in the query bar, simply append /accounts to your id, so that it looks like this:
/123456789101112/accounts. Make sure it is a GET request (The drop-down to the left of the query bar).This will retrieve all pages that you are configured to work with. You then need to make a GET request to:
Your APP_ID and APP_SECRET can be found in your applications administration settings. Use your personal access token as the final parameter (EXISTING_ACCESS_TOKEN). This will return a 60 day personal access token. Copy this token into the Access Token bar, which is above the query bar. Now make a GET request to USER_ID/accounts like we did towards the beginning. This will again return a list of pages that you are configured to work with.
But this time the page tokens that are listed with the pages do not expire. You can check this by copying a page token into the Access Token bar, and clicking the Debug button. This will give you details on that access token, including the expiration time, which should be never in this case.
UPDATE
I have also found that Facebook's graph explorer sometimes get confused with user context, and may not be reliable at all times. Alternatives are Fiddler or Postman.
我不确定 facebook 是否已做出更改来修复这些错误,但一旦为用户授予页面访问令牌,用户访问令牌似乎就不会过期。根据我的测试,流程如下:
希望这能消除这里的一些困惑。我已经在我们的应用程序中与许多不同的用户进行了测试,每次都会看到相同的结果。
如果从未请求页面访问令牌,则原始用户访问令牌将在 60 天后过期。
I'm not sure if facebook has made changes to fix these bugs or not but it seems that user access tokens do not expire once page access tokens are granted for the user. Based on my testing the flow goes something like this:
Hope this clears up some of the confusion on here. I have tested this with many different users in our app and see the same thing each time.
If page access tokens are never requested, the original user access token will expire after 60 days.
Facebook 页面访问令牌与用户访问令牌非常相似,不同之处在于“它模拟用户”作为页面管理员并允许管理它[需要管理页面权限]。
如果向应用程序授予 Offline_access 权限,则页面 access_token 将不会过期(除非用户更改密码或手动取消对应用程序的授权)
使用以下链接检查已颁发的访问令牌的详细信息。
https://developers.facebook.com/tools/debug/
Facebook page access token is very similar to User access token except that "it impersonates the user" as the admin of the page and allows to manage it [manage_page permission is required].
If Offline_access permission is granted to the app the page access_token WILL NOT expire (unless the user changes their password or manually deauthorises the app)
Use the following link to check the details of an issued access token.
https://developers.facebook.com/tools/debug/
请参阅此https://developers.facebook.com/roadmap/offline-access-删除/#page_access_token
据此,当您获得短时间访问令牌并将其扩展为长期访问令牌时,这不会仅针对页面访问令牌而过期。请参阅场景 5:页面访问令牌
See this https://developers.facebook.com/roadmap/offline-access-removal/#page_access_token
According to this when you get short time access token and extend it to long live access token this will not expair for only page access token. See scenario 5: page access token
Facebook 关于该问题(长期页面访问令牌)的文档与实际情况不符。该文档声称通过扩展/长期用户访问令牌获取的页面访问令牌永远不会过期。然而,实际上,这些页面访问令牌将在 60 天后过期。
查看 Facebook 错误:http://developers.facebook.com/bugs/461517520524921
Facebook's documentation on the issue (long-lived page access tokens) doesn't match what happens in reality. The documentation claims that page access tokens acquired via extended/long-lived user access tokens will never expire. However, in reality, these page access tokens expire in 60 days.
See the Facebook bug: http://developers.facebook.com/bugs/461517520524921
offline_access现在是已弃用。在另一个问题中,我解释了如何扩展页面访问令牌。
offline_accessis now deprecated.In another question I explain How to extend Page access token.
当用户的访问令牌过期时,页面访问令牌也会过期。您可以将用户访问令牌的有效期延长至最多 60 天,以使页面访问令牌的有效期更长。
查看我的博客 并按照获取扩展访问令牌和粉丝专页访问令牌的分步说明进行操作。
Page access tokens are expired when the user's access token expired. You can extend user access token to last up to 60 days in order to make the page access token last long.
Check out my blog and follow the step by step instruction of getting extended access token and getting the fanpage access tokens as well.