Facebook Graph API拒绝新创建的访问令牌 [英] Facebook Graph API rejects newly created access token
问题描述
今天早些时候,我们的Web应用程序的Facebook登录流程对某些用户停止了作用.当我们尝试获取当前配置文件时,将返回错误.它声称,我们刚刚通过将用户重定向到OAuth登录流而生成的访问令牌已被拒绝.
Earlier today, the Facebook login flow of our web application stopped working for some users. When we try to fetch the current profile, an error is returned. It claims that the access token we just generated by redirecting the user to the OAuth login flow has been rejected.
给出的原因是:
访问令牌无效,因为用户超过90天未使用该应用程序
The access token is invalid since the user hasn't engaged the app in longer than 90 days
对我来说,这没有任何意义,因为我们不会将访问令牌存储在当前会话以外的任何位置,并在用户每次使用Facebook登录时重新创建访问令牌.
To me, this makes no sense since we do not store the access token anywhere except for the current session and recreate it every time the user logs in with Facebook.
Spring Social对GET /me调用的堆栈跟踪如下:
The stacktrace from Spring Social for the GET /me call looks like this:
ERR c.s.f.v.resource.AuthenticationResource Exception when connecting with Facebook
org.springframework.social.RevokedAuthorizationException: The authorization has been revoked. Reason: The access token is invalid since the user hasn't engaged the app in longer than 90 days.
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleFacebookError(FacebookErrorHandler.java:85)
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleError(FacebookErrorHandler.java:59)
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:775)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:728)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:702)
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:350)
at org.springframework.social.facebook.api.impl.FacebookTemplate.fetchObject(FacebookTemplate.java:220)
at org.springframework.social.facebook.api.impl.FacebookTemplate.fetchObject(FacebookTemplate.java:215)
该问题可能与更改有关Facebook API ,但我看不到这会如何影响我们在每次登录时创建的短暂访问令牌.
The issue is probably related to changes in the Facebook API, but I do not see how this affects the short lived access tokens we create on every login.
推荐答案
更新:
该问题似乎刚刚由Facebook解决.
The issue seems to have just been fixed by Facebook.
我向Facebook提交了错误,目前他们(5/3/18 )制定解决方案.
I filed a bug with Facebook and they are currently (5/3/18) working on a resolution.
此处和错误注释中建议了几种解决方法.总结一下:
There are several workarounds suggested here and in the bug comments. To summarize:
