Facebook 应用程序(非用户)访问令牌过期
Facebook APP 访问令牌会过期吗?这些令牌与 USER 令牌不同;它们是这样获取的:
https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id={0}&client_secret={1})
如 http://developers.facebook.com/docs/ 文档的应用程序登录部分所述身份验证/。
是否有什么情况会导致它们失效?
注意:这不是关于用户访问令牌的问题(有明确记录)。有一个相同的问题 http://facebook.stackoverflow.com/questions/7322063 /does-app-login-access-token-expire 错误地关闭,作为有关用户访问令牌的另一个问题的重复。
Do Facebook APP access tokens expire? These tokens are different than the USER tokens; they are acquired like this:
https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id={0}&client_secret={1})
as described in the App Login section of the document at http://developers.facebook.com/docs/authentication/.
Are there any circumstances under which they will become invalid?
NB: This is NOT a question about USER access tokens (which are clearly documented). There was an identical question http://facebook.stackoverflow.com/questions/7322063/does-app-login-access-token-expire wrongly closed as duplicate of another question about USER access tokens.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
根据 Facebook 文档:
Per the Facebook documentation:
创建 APP_ACCESS_TOKEN 非常简单。
您可以使用您的
应用 ID/API 密钥和应用密钥示例:1234587968 | bghyuifjk3438483249235903502035023504305
Creating an APP_ACCESS_TOKEN is really easy.
You can use your
App ID/API KeyandApp secretExample: 1234587968 | bghyuifjk3438483249235903502035023504305
我确实知道,导致它们无效的一个条件是,如果您使用 Facebook 开发人员工具重置应用程序密钥。
我不知道使用OAuth方法生成App Token是否会导致它过期。但是,如果您扫描 Facebook 的 PHP SDK,您可能会注意到,非过期应用程序令牌是通过串联 app_id 和密钥创建的:
警告:我永远不会在客户端代码中使用它,因为它会发布您的应用程序密钥。然而,在信任服务器环境中,这似乎是可行的方法。
为了测试这一点,我使用 OpenGraph 工具并删除了我的访问令牌并输入了代码示例中的串联值。然后我访问了我的应用程序的见解以验证它是否可以正常工作:
I do know that one condition that will cause them to become invalid is if you reset the Application Secret using the Facebook developer tool.
I do not know if using the OAuth method to produce an App Token will cause it to have an expiration. However, if you scan Facebook's PHP SDK, you may notice that a non-expiring app token is made by concatenation app_id and secret:
WARNING: I would never use this in client-code as it would publish your app secret. However, in a trust server environment, it seems like the way to go.
To test this, I went to the OpenGraph tool and erased my Access Token and typed in the concatenated value from the code sample. I then accessed my app's insights to verify that it would work:
对我来说,答案不是找到一个不会过期的令牌(因为我不信任 Facebook),而是捕获过期的令牌并重置,而不占用我的用户时间。我发现了这个,我想你可能想看看。
“为了确保用户获得最佳体验,您的应用程序需要准备好捕获上述场景的错误。以下 PHP 代码向您展示了如何处理这些错误并检索新的访问令牌。
当您将用户重定向到身份验证时对话框中,如果用户已经授权您的应用程序,则不会提示用户授予权限,而不会出现任何面向用户的对话框,但是如果用户取消了您的应用程序的授权,则用户将需要重新授权。授权您的申请以获得访问令牌。”资源: https:// /developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
For me, the answer is not to find a token that doesn't expire, (since I do not trust Facebook), but to catch the expiring token and reset without taking up my users time. I found this and thought you might want to check it out.
"To ensure the best experience for your users, your app needs to be prepared to catch errors for the above scenarios. The following PHP code shows you how to handle these errors and retrieve a new access token.
When you redirect the user to the auth dialog, the user is not prompted for permissions if the user has already authorized your application. Facebook will return you a valid access token without any user facing dialog. However if the user has de-authorized your application then the user will need to re-authorize your application for you to get the access_token." Resource: https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/