Facebook PHP SDK 获取访问令牌的到期日期
我遇到一个问题,用户的访问令牌将过期,但会话并未导致某些 api 调用抛出异常。
我希望能够以某种方式直接调用访问令牌的过期数据,或者至少以某种干净的方式告诉我正在使用的访问令牌是否已经过期,而不必首先尝试 api 调用并捕获异常并读取错误信息。
现在,在伪代码中,我
try {
$permissions = getFBPerms(); # this seems to work fine even with expired tokens
doFBApiCall(); # this will throw an exception withe expired tokens
}
catch (FacebookApiException $e) {
var_dump($e); # this usually comes out to expired tokens
}
希望能够,
if (checkFBTokenStatus())
// do everything with no worries
else
gotoFBLoginUrl(); # re-log them in to get new access tokens
我也想要一个干净的解决方案,我可以轻松适应,以防用户更改密码、他们授权应用程序等。我目前正在使用 这篇博文,但我不喜欢它的工作方式,而且它并没有真正的意义。此外,我希望自该博客文章发布以来他们已经更新了该机制。谢谢。
I'm having a problem where a user's access tokens will expire, but the session hasn't leading to certain api calls throwing an exception.
I was hoping to be able to somehow call the access token's expiration data directly, or at least some clean way of telling if the access token I'm using has already expired without having to first try an api call and catch the exception and read the error message.
Right now, in pseudo code I have
try {
$permissions = getFBPerms(); # this seems to work fine even with expired tokens
doFBApiCall(); # this will throw an exception withe expired tokens
}
catch (FacebookApiException $e) {
var_dump($e); # this usually comes out to expired tokens
}
I want to be able to
if (checkFBTokenStatus())
// do everything with no worries
else
gotoFBLoginUrl(); # re-log them in to get new access tokens
I also want a clean solution which I can adapt easily in case a user changed passwords, they authorized the app etc. I'm currently working off of this blog post but I dislike the way it works and it doesn't really make sense. Furthermore, I'm hoping they've updated the mechanism since that blog post was put up. Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
有什么问题:
?
当然,您可以调用例如
/me来检查令牌是否有效,但这意味着在每次 API 调用之前执行一次额外的调用,这没有多大意义..另外,我不会依赖到期日期(令牌应该从创建后至少 3 小时),因为它可能不准确。正确的方法是捕获异常,然后将用户重定向到登录页面。
或者,以残酷的方式,要求不会过期的令牌:)
更新:取消授权回调
如果您进入应用程序设置的“高级”窗格,您将找到“取消授权回调”字段,您可以在其中插入一个在用户取消对您的应用程序授权时进行 ping 操作的 URL。这样,您就可以通过某种方式判断用户是否删除了您的应用程序。
What's wrong with:
?
Of course, you can make a call to, for example,
/meto check whether the token is valid, but that will imply executing one extra call before each API call, that doesn't make much sense..Also, I wouldn't rely on expiration date (tokens should least 3 hours from creation), since it might not be exact. Correct way is to catch the exception and then redirect the user to login page.
Or, the brutal way, ask for tokens that doesn't expire :)
UPDATE: The deauthorize callback
if you go in the "Advanced" pane of you app settings, you'll find the "Deauthorize callback" field, in which you can insert an URL that is pinged when an user deauthorizes your app. This way, you have a certain way to tell whether an user removed your app.