您如何从Facebook Graph API(服务器端身份验证)获取长期访问令牌? [英] How do you get long-lived access tokens from the Facebook Graph API (server-side auth)?

问题描述

由于Facebook删除了offline_access权限，因此我想继续迁移我们的网站以使用新系统.

Since Facebook is removing the offline_access permission, I want to go ahead an migrate our website to use the new system.

我在Facebook网站上找到了此文档: https://developers.facebook.com/roadmap/offline-access-removal

I found this document on Facebook's website: https://developers.facebook.com/roadmap/offline-access-removal

但是，当我使用服务器端身份验证处理某人时，会收到以下响应:

However, when I process someone with Server-Side authentication, I get this response:

access_token => BLAHBLAHBLAHdontusemytokensilly
expires => 4992

当我尝试(在该文档上)使用acces点将访问令牌扩展超过几个小时时，我得到了回馈:

When I try and use the acces point (on that document) to extend the access token more than a couple hours, I get this back:

access_token => BLAHBLAHBLAHdontusemytokensilly
expires => 4990

根据该文档，服务器端OAuth应该获得一个可使用60天的令牌，我不明白为什么我不找回它.

According to that document, server-side OAuth should get a token that lasts 60 days, I don't understand why I'm not getting that back.

我真的不想每2小时通过OAuth重定向向我们的用户发送一次.

I really do not want to send our users throught the OAuth redirect every 2 hours.

有什么想法吗?谢谢！

更新

根据要求，这是我正在(在浏览器中)执行的流程:

As requested, here is the flow that I'm taking (in the browser):

首先，我在此处将用户重定向:

First I redirected the user here:

https://www.facebook.com/dialog/oauth?client_id=BLAHBLAH&redirect_uri=http%3A//localhost/user-social/facebook/redirect&scope=user_about_me%2Cuser_events%2Cuser_interests%2Cuser_likes% 2Cfriends_likes％2Cuser_location％2Cuser_status％2Cuser_subscriptions％2Cfriends_subscriptions％2Cemail％2Ccreate_event％2Cpublish_stream％2Crsvp_event％2Cpublish_actions％2Cuser_actions.music％2Cfriends_actions.music％2Cuser_actions.music.2Cuser_actions.actionic.％CC _actions.video％2Cmanage_pages

这会将用户重定向到此处:

This redirects the user to here:

http://localhost/user-social/facebook/redirect?code=BLAHBLAHBLAHsomeawesomecode#_=_

然后我这样请求访问令牌:

Then I requested an access token like so:

我从Facebook收到了这个休养期:

I receive this repose from Facebook:

access_token=BLAHBLAHBLAHdontusemytokensilly&expires=4057

这显然是短暂的令牌. 根据Facebook文档(上文)，我应该已经获得了一个长期存在的令牌(因为我正在使用服务器端OAuth).

This is obviosly a short-lived token. According to the Facebook documentation (above), I should have received a long-lived token (since I'm using server-side OAuth).

但是，由于它是短命的，所以我尝试将其换成长命的代币:

However, since it is short-lived, I attempted to trade it for a long-lived token:

这是Facebook返回的内容:

This is what Facebook returned:

access_token=BLAHBLAHBLAHdontusemytokensilly&expires=3967

两个请求中都返回相同的access_token.

The same access_token is being returned in both requests.

更新2

我将上述访问令牌放入 Facebook调试器中，它返回的内容是:

I put the above access token into the Facebook Debugger and this is what it returned:

App ID: 
BLAHBLAH
User ID:    
211800900 : David Barratt
Issued: 
Unknown
Expires:    
1347303600 (in 40 minutes)
Valid:  True
Origin: Web
Scopes: create_event create_note email friends_actions.music friends_actions.news friends_actions.video friends_likes friends_subscriptions manage_pages photo_upload publish_actions publish_stream rsvp_event share_item status_update user_about_me user_actions.music user_actions.news user_actions.video user_events user_interests user_likes user_location user_status user_subscriptions video_upload

更新3

删除我所有的权限并重新授权应用程序后(如@phwd所示). Facebook API返回以下内容:

After deleting all of my permissions and re-authorizing the app (as @phwd suggested). The Facebook API returns this:

access_token=BLAHBLAHBLAHdontusemytokensilly

这是否意味着我已经获得了长期存在的access_token?如果是这样，到期时间在哪里?

Does this mean that I've been returned the long-lived access_token? if so, where is the expiration?

更新4

当我通过Facebook调试器运行上述access_token时，得到以下结果:

When I run the above access_token through the Facebook Debugger, I get the following result:

App ID: 
BLAHBLAH
User ID:    
211800900 : David Barratt
Issued: 
1347309538 (39 minutes ago)
Expires:    
Never
Valid:  True
Origin: Web
Scopes: create_event create_note email friends_actions.music friends_actions.news friends_actions.video friends_likes friends_subscriptions manage_pages photo_upload publish_actions publish_stream rsvp_event share_item status_update user_about_me user_actions.music user_actions.news user_actions.video user_events user_interests user_likes user_location user_status user_subscriptions video_upload

这似乎可以解决原始问题，但是奇怪的是access_tokens是不确定的，而不是持续规定的60天.

This seems to fix the original problem, but it's strange that the access_tokens are indefinite instead of lasting the prescribed 60 days.

关于为什么可能会出现这种情况的任何想法?

Any ideas on why that might be the case?

推荐答案

不确定是否知道.但是，无论用户登录到您的应用程序中有多少次，访问令牌都只会每天更新一次.

Not sure if you know it. But the access token will only be renewed once a day, no matter how many times the user logs in into your application.

请参阅: https://developers.facebook.com/roadmap/offline-access -removal/

这篇关于您如何从Facebook Graph API(服务器端身份验证)获取长期访问令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！