从 Graph API 返回的用户对象间歇性地包含权限数据的空数组
我遇到了一种情况,请求用户授予画布应用程序的权限列表会间歇性地返回空数组。
图形请求看起来像这样:
https://graph.facebook.com/[uid]?
access_token=[token]&fields=permissions 通常,正常的响应看起来像这样:
"permissions": {
"data": [
{
"installed": 1,
"email": 1,
"bookmarked": 1,
"publish_actions": 1
}
]
}
偶尔,虽然响应看起来像this:
"permissions": {
"data": [
]
}
代码将此情况等同于用户未授予任何权限并重新启动身份验证流程。该问题似乎是间歇性的,因为用户最终会进入应用程序,如果我手动重试在日志中找到的一些失败请求,权限将按预期返回。
查看用户 API 文档(http://developers.facebook.com/docs/reference/api/user/),看起来未授予的权限被排除在外。从文档中并不清楚未授予权限时会发生什么。人们会假设一个空映射,它会呈现类似以下的响应:
"data": [
{
}
]
但是,即使响应是一个空数组,在不接受至少一些权限的情况下,代码中发出此请求的点也不应该可达。
这给我留下了几个问题,我希望有相关知识的人能够回答:
- 是否有任何情况下用户授予应用程序的权限无法通过 Graph API 获得?
- 是否有任何情况下,画布应用程序可以由用户授权而无需授予任何权限? (取消身份验证对话框会导致请求带有附加查询字符串参数,处理方式有所不同)
- 是否存在用户可以在不取消应用程序授权的情况下撤销最初授予的权限的情况?
编辑:
根据下面的讨论,我想澄清一下,我的应用程序需要电子邮件权限,该权限似乎不可撤销。该应用程序始终需要电子邮件权限,因此不应出现未经该权限安装较旧版本的情况。
I'm running into a situation where requesting a list of permissions that a user has granted to a canvas application intermittently returns an empty array.
The graph request would look something like this:
https://graph.facebook.com/[uid]?access_token=[token]&fields=permissions
Typically, a normal response would look something like this:
"permissions": {
"data": [
{
"installed": 1,
"email": 1,
"bookmarked": 1,
"publish_actions": 1
}
]
}
Occasionally though the response looks like this:
"permissions": {
"data": [
]
}
The code equates this situation to the user having not granted any permissions and restarts the auth flow. The problem appears to be intermittent, because the users eventually make their way into the application and if I manually retry some of the failed requests I find in logs the permissions are returned as expected.
Looking at the User API docs (http://developers.facebook.com/docs/reference/api/user/), it looks like permissions that are not granted are excluded. It's not clear from the documentation what happens when no permissions are granted. One would assume an empty map, which would render a response something like:
"data": [
{
}
]
However, even if the response is an empty array, the point in the code where this request is made should not be reachable without accepting a least some permissions.
This leaves me with a few questions that I'm hoping someone with relevant knowledge can answer:
- Are there any circumstances under which the permissions granted by the user to the application are not available via the Graph API?
- Are there any circumstances under which a canvas application can be authorized by the user without granting any permissions? (cancelling the auth dialog results in a request with additional query string params, which is handled differently)
- Are there any circumstances under which a user can revoke initially-granted permissions without de-authorizing the application?
Edit:
Based on the discussion below I would like to clarify that my app requires the email permission, which does not appear to be revocable. The app has always required the email permission, so there shouldn't be a case of an older install without that permission.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)