問題描述
由于 offline_access 權限 在Facebook 的 身份驗證 流程,我們無法在沒有該許可的情況下獲取所謂的長期訪問令牌.
在 Facebook 關于棄用的文檔中,它說,服務器端OAuth 生成的訪問令牌將長期存在,但不是.
我錯過了什么嗎?應用設置中的一些設置?我需要使用一些特殊代碼來延長訪問令牌的到期時間?據我了解文檔,對于服務器端身份驗證,用戶登錄時可以通過 PHP SDK 的 getAccessToken() 方法訪問的訪問令牌是長期存在的.
編輯(2012 年 8 月 14 日):
一周前,官方 Facebook PHP SDK 已更新.函數名稱更改為 setExtendedAccessToken,并決定我們實際上需要在之后銷毀會話,以消除具有兩個活動會話的風險.
此外,該函數不再實際返回令牌,而是將其存儲在持久數據中.因此,您可以在之后使用公共函數 getAccessToken 獲取新的訪問令牌.從官方 Facebook PHP SDK github 頁面 獲取新 SDK,以確保您是最新的.>
原答案:
我在 base_facebook.php 文件中添加了一個新的公共函數,它返回一個新的訪問令牌,該令牌將在 60 天后到期.您可以在收到普通訪問令牌后向該函數發出請求.我沒有測試過,但我假設您還需要在開發者應用的高級設置中啟用棄用離線訪問".
只需將其添加到 facebook 類中的 base_facebook.php 并調用它即可.它對我有用.
公共函數 getExtendedAccessToken(){嘗試 {//需要通過調用_oauthRequest來繞過json_decode//直接,因為響應不是 JSON 格式.$access_token_response =$this->_oauthRequest($this->getUrl('graph', '/oauth/access_token'), array('client_id' =>$this->getAppId(),'client_secret' =>$this->getAppSecret(),'grant_type'='fb_exchange_token','fb_exchange_token'=>$this->getAccessToken()));} catch (FacebookApiException $e) {//很可能是用戶最近撤銷了授權.//無論如何,我們沒有訪問令牌,所以這么說吧.返回假;}如果(空($access_token_response)){返回假;}$response_params = array();parse_str($access_token_response, $response_params);如果 (!isset($response_params['access_token'])) {返回假;}返回 $response_params['access_token'];}Since the offline_access Permission is deprecated in Facebook's Authentication flow, we have problem getting the so called long lived access tokens without that permission.
In Facebook's document about the deprecation it says, that server side OAuth generated access tokens will be long lived, but they are not.
Am I missing something? Some setting in app settings? Some special code I need to use to extend expiration time of access tokens? As I understand the documentation, for server side authentication, the access token which can be accessed by getAccessToken() method of PHP SDK when the user is logged in is long lived.
Edit (August 14th 2012):
A week ago the official Facebook PHP SDK was updated. The function name was changed to setExtendedAccessToken, and it was decided we actually needed to destroy the session afterwards, to remove the risk of having two active sessions.
Also, the function no longer actually returns the token, but instead stores it within the persistant data. You can therefore get the new access token with the public function getAccessToken afterwards. Grab the new SDK from official Facebook PHP SDK github page to make sure you're up to date.
Original Answer:
I have added a new public function to the base_facebook.php file, which returns an new access token which expires in 60 days. You can make a request to this function after you've received the normal access token. I've not tested, but I assume you also need to enable 'deprecate offline_access" in your Advanced settings of the Developer App.
Just add this to your base_facebook.php inside the facebook class and make a call to it. It works for me.
public function getExtendedAccessToken(){
try {
// need to circumvent json_decode by calling _oauthRequest
// directly, since response isn't JSON format.
$access_token_response =
$this->_oauthRequest(
$this->getUrl('graph', '/oauth/access_token'), array(
'client_id' => $this->getAppId(),
'client_secret' => $this->getAppSecret(),
'grant_type'=>'fb_exchange_token',
'fb_exchange_token'=>$this->getAccessToken()
)
);
} catch (FacebookApiException $e) {
// most likely that user very recently revoked authorization.
// In any event, we don't have an access token, so say so.
return false;
}
if (empty($access_token_response)) {
return false;
}
$response_params = array();
parse_str($access_token_response, $response_params);
if (!isset($response_params['access_token'])) {
return false;
}
return $response_params['access_token'];
}
這篇關于自 offline_access 棄用以來如何擴展訪問令牌的有效性的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!