Facebook访问令牌:服务器端与客户端流 [英] Facebook access token: server-side vs client-side flows
问题描述
Facebook平台支持用户登录的两种不同的OAuth 2.0流程:服务器端(在规范中称为认证码流)和客户端(称为隐式流)。当您需要从Web服务器调用Graph API时,将使用服务器端流。当您需要从客户端调用Graph API(例如在Web浏览器中运行的JavaScript或从本地移动或桌面应用程序)调用客户端流时。
Facebook Platform supports two different OAuth 2.0 flows for user login: server-side (known as the authentication code flow in the specification) and client-side (known as the implicit flow). The server-side flow is used whenever you need to call the Graph API from your web server. The client-side flow is used when you need to make calls to the Graph API from a client, such as JavaScript running in a Web browser or from a native mobile or desktop app.
这些流所采用的访问令牌有什么区别?
看起来他们的长度不一样。
What is the difference between access tokens taken by these flows? It seems like they length differ.
我们可以在客户端使用服务器端流标记吗?否则,我们可以在服务器上使用客户端流令牌吗?
Can we use server-side flow token on a client? And otherwise, can we use client-side flow token on a server?
推荐答案
目前,Facebook这个关于access_tokens的。在服务器端OAuth上
Currently, Facebook says this about access_tokens. On Server-side OAuth
如果access_token是从服务器端OAuth调用生成的,
生成 access_token将有更长的过期时间
默认值。如果在该用户仍然存在有效的长寿命
用户access_token的情况下进行呼叫,则从第二次调用
返回的用户access_token可能相同或可能已更改,但以
的情况下,到期时间将被设置为很长的到期时间。
if the access_token is generated from a server-side OAuth call, the resulting access_token will have the longer expiration time by default. If the call is made while there is still a valid long-lived user access_token for that user, the returned user access_token from this second call may be the same or may have changed, but in either case the expiration time will be set to a long expiration time.
在客户端OAuth流程中, strong>现有的,不过期的,短期的用户access_token 。为了使这个access_token长寿,Facebook正在提供一个新的端点,与一个具有更长寿命的access_token交换短暂的access_token。终点是
Where as client-side OAuth flow will give you a existing, non-expired, short-lived user access_token. To make this access_token long lived, facebook is providing a new endpoint that exchanges the short lived access_token with an access_token with longer life. The endpoint is
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
另请注意,
目前,长寿命用户access_token将有效期为60天
,而短期用户access_tokens当前有效从1到
2小时。 / p>
Currently the long-lived user access_token will be valid for 60 days while the short-lived user access_tokens are currently valid from 1 to 2 hours.
摘录自 https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal/
这篇关于Facebook访问令牌:服务器端与客户端流的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
