当前位置: 文江博客话题详情

如何向我当前的 Facebook 应用程序用户请求额外许可?

发布于 2024-12-11 18:15:23 字数 747 浏览 0 评论 0原文

我正在使用此代码向用户请求我的应用程序的许可,

 $app_id = "1231654321654121";
 $canvas_page = "http://apps.facebook.com/manydldotnet/";
 $auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email,read_stream";

 $signed_request = $_REQUEST["signed_request"];

 list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

 $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

 if (empty($data["user_id"])) {
        echo("<script> top.location.href='" . $auth_url . "'</script>");
 }

但现在我需要向当前用户请求“publish_stream”权限, 我向范围参数添加了“publish_stream”权限,但对于之前已经授予应用程序权限的用户来说,它不起作用。

那么我该如何解决这个问题呢?

谢谢...

原文

i am using this code to ask users for permission for my app

 $app_id = "1231654321654121";
 $canvas_page = "http://apps.facebook.com/manydldotnet/";
 $auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email,read_stream";

 $signed_request = $_REQUEST["signed_request"];

 list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

 $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

 if (empty($data["user_id"])) {
        echo("<script> top.location.href='" . $auth_url . "'</script>");
 }

but now i need to ask the CURRENT users for "publish_stream" permission,
I added the "publish_stream" permission to the scope parameter but it is not working for the users already gave the app a permission before.

so how can i fix this?

thanks...

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

半衬遮猫 2024-12-18 18:15:23

显然,一旦用户授权您的应用,user_id 将始终出现在 signed_request 中。因此,您需要检索用户的权限并进行检查。

这是一个示例:

<?php
$app_id = "APP_ID";
$app_secret = "APP_SECRET";
$canvas_page = "http://apps.facebook.com/appnamespace/";
$GRAPH_URL = "https://graph.facebook.com/";
$scope = "publish_stream,email";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=" . $scope;

$signed_request = $_REQUEST["signed_request"];

$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);

if (empty($data["user_id"])) {
    echo("<script> top.location.href='" . $auth_url . "'</script>");
    exit;
}

$permissions = json_decode(file_get_contents($GRAPH_URL . "me/permissions?access_token=" . $data["oauth_token"]), TRUE);
if( array_key_exists('publish_stream', $permissions['data'][0]) ) {
    // Permission is granted!
    // Do the related task
    echo "You granted the publish_stream permission to my app!";
} else {
    // We don't have the permission
    // Alert the user or ask for the permission!
    echo("<script> top.location.href='" . $auth_url . "'</script>");
}
function parse_signed_request($signed_request, $secret) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }

    return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}
?>

更多内容可以在我的教程中找到:如何:检查用户是否具有特定权限 – Facebook API

Obviously once the user authorize your app, the user_id will always be present in the signed_request. So you need to retrieve the user's permissions and check against that.

Here's an example:

<?php
$app_id = "APP_ID";
$app_secret = "APP_SECRET";
$canvas_page = "http://apps.facebook.com/appnamespace/";
$GRAPH_URL = "https://graph.facebook.com/";
$scope = "publish_stream,email";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=" . $scope;

$signed_request = $_REQUEST["signed_request"];

$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);

if (empty($data["user_id"])) {
    echo("<script> top.location.href='" . $auth_url . "'</script>");
    exit;
}

$permissions = json_decode(file_get_contents($GRAPH_URL . "me/permissions?access_token=" . $data["oauth_token"]), TRUE);
if( array_key_exists('publish_stream', $permissions['data'][0]) ) {
    // Permission is granted!
    // Do the related task
    echo "You granted the publish_stream permission to my app!";
} else {
    // We don't have the permission
    // Alert the user or ask for the permission!
    echo("<script> top.location.href='" . $auth_url . "'</script>");
}
function parse_signed_request($signed_request, $secret) {
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);

    // decode the data
    $sig = base64_url_decode($encoded_sig);
    $data = json_decode(base64_url_decode($payload), true);

    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
        error_log('Unknown algorithm. Expected HMAC-SHA256');
        return null;
    }

    // check sig
    $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
    if ($sig !== $expected_sig) {
        error_log('Bad Signed JSON signature!');
        return null;
    }

    return $data;
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_', '+/'));
}
?>

More can be found on my tutorial: How to: Check if User Has Certian Permission – Facebook API

回复 原文
晒暮凉 2024-12-18 18:15:23

我非常确定,一旦您将请求的新权限添加到您的范围,Facebook 将自动通过应用程序的请求访问对话框再次提示它们,并且用户只需批准它们即可。

I'm pretty sure once you add the new permissions you are requesting to your scope, facebook will automatically prompt them again with the app's request access dialog and the user just has to approve them.

回复 原文
再可℃爱ぅ一点好了 2024-12-18 18:15:23
<fb:login-button scope="create_event">Grant Permissions to create events</fb:login-button>

<fb:login-button scope="create_event">Grant Permissions to create events</fb:login-button>
回复 原文
~没有更多了~

关于作者

百善笑为先

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文