restfb：用java编写一个Facebook应用程序（使用新的图形API） [英] restfb: Writing a facebook application with java (using the new graph api)

问题描述

restfb文档显示以下内容：

• 创建Facebook应用程序


• 请求 https://graph.facebook.com/oauth/authorize?client_id=MY_API_KEY& redirect_uri = http：//www.facebook.com/connect/login_success.html& scope = publish_stream，offline_access，create_event


• Facebook将重定向到 http://www.facebook.com/connect/login_success.html ？ code = MY_VERIFICATION_CODE


• 请求 https://graph.facebook.com/oauth/access_token?client_id=MY_API_KEY& redirect_uri = http：//www.facebook.com/connect/login_success.html& client_secret = MY_APP_SECRET& code = MY_VERIFICATION_CODE


• Facebook将以access_token = MY_ACCESS_TOKEN

我可能正在看错误的指示，这是一个Facebook连接或除了实际的Facebook应用程序在apps.facebook.com/app_name之外的任何东西。

我会非常感谢有关这个问题的任何相关信息。我只是想创建一个打印用户名称的简单的Facebook应用程序。

一般来说，在我获取用户的访问令之后，我可以执行以下操作：

  FacebookClient facebookClient = new DefaultFacebookClient（MY_ACCESS_TOKEN）; 
用户user = facebookClient.fetchObject（me，User.class）; 
 out.println（User name：+ user.getName（））; 
  

我的问题是如何正确获取用户的访问令牌？在我在帖子顶部显示的信息中，显示我需要提出2个请求。第一个为代码，另一个为acess令牌。并且访问令牌的请求实际上会向用户显示我的应用密钥，因为每次我将他转发到另一个页面时，用户可以轻松查看获取和设置参数。

所以我想我很迷失在这里。

请帮忙！ ：）

谢谢

评论后更新

用这些说明我需要两次重定向用户的页面。首先获取代码，然后获取访问令牌。用户可以看到这两个重定向，因此他可以从get参数中轻松查看Facebook应用密钥和密钥。我如何确保这些步骤是从用户隐藏的？

解决方案

正如评论中所述，这些是您需要采取的访问Facebook的图形API的步骤。但是，要回答您的第二个问题：

我如何确保这些步骤
被用户隐藏？

只有第一个请求应该由用户的浏览器执行。目的是Facebook想确保它是唯一的授权提供用户的Facebook身份。根据您正在撰写的应用程序，您可以使用重定向网址指向您指定的默认重定向网址，也可以在您的网站上指定用于检索令牌的自定义网址。第一种方法通常由独立的应用程序使用，例如可以控制浏览器如何处理重定向的移动设备。第二种方法将用于基于Web的自定义应用程序。一旦您收到访问令牌，那么您将在代码中执行第二个操作（使用您最喜欢的http apis），而不是通过浏览器执行。将access_token url上的重定向与authentication-url上指定的重定向网址进行比较。 Facebook仅使用它进行验证，并且在成功完成请求时不会执行实际的重定向。

以下是高级步骤：

1. 将用户的浏览器重定向到验证URL指定适当的redirect_uri


2. 从重定向的浏览器请求中检索验证令牌


3. 使用您首选的HTTP框架执行access_token检索（无需用户输入）


4. 解析结果并检索访问令牌


5. 带有令牌的初始restfb，并根据需要使用

I'm trying to write a facebook application using Java tomcat with RestFB.

the restfb documentation shows the following:

• Create a Facebook Application
• Request https://graph.facebook.com/oauth/authorize?client_id=MY_API_KEY& redirect_uri=http://www.facebook.com/connect/login_success.html& scope=publish_stream,offline_access,create_event
• Facebook will redirect you to http://www.facebook.com/connect/login_success.html? code=MY_VERIFICATION_CODE
• Request https://graph.facebook.com/oauth/access_token?client_id=MY_API_KEY& redirect_uri=http://www.facebook.com/connect/login_success.html& client_secret=MY_APP_SECRET&code=MY_VERIFICATION_CODE
• Facebook will respond with access_token=MY_ACCESS_TOKEN

I think that i may be looking at the wrong instructions and this is for a facebook connect or anything else besides an actual facebook application inside apps.facebook.com/app_name.

I would really appreciate any relevant information regarding the issue. I'm simply trying to create a simple facebook application that prints the name of the user.

In general after I fetch the acces token of the user i can do the following:

FacebookClient facebookClient = new DefaultFacebookClient(MY_ACCESS_TOKEN);
User user = facebookClient.fetchObject("me", User.class);
out.println("User name: " + user.getName());

My problem is how do i properly fetch the access token of the user? in the information i showed at the top of the post, it shows that i need to make 2 requests. the first for the code and the other for the acess token. and the request for the access token actually reveals my app secret key to the user because each time i forward him to a different page the user can easily view the get and set parameters.

so i guess i'm pretty lost here.

please help! :)

thanks

update after comments

with these instructions i need two times to redirect the user's page. first to get the code and then to get the access token. the user can see these two redirections and because of that he can easily see the facebook application key and secret key from the get parameters. how do i make sure that these steps are hidden from the user?

解决方案

As stated in the comments, these are the steps you need to take to access Facebook's graph API. However, to answer your second question:

"How do I make sure that these steps are hidden from the user?"

Only the first request should be performed by the user's browser. The purpose being that Facebook wants to make sure it is the sole authorization provide for the user's Facebook identity. Depending on the application you are writing, you would either use the redirect URL to point to the default redirect URL that you specified, or specify a custom url on your website that you will use to retrieve the token. The first approach is typically used by stand-alone applications such as mobile devices that can control how the browser handles redirects. The second approach would be used for a custom web-based application. Once you receive the access token, then you would perform the second operation within your code (using your favorite http apis) and not through the browser. The redirect on the access_token url is compared against the redirect url specified on the authentication-url. Facebook uses it for validation only and does not perform an actual redirect on the successful completion of the request.

Here are the high-level steps:

1. Redirect user's browser to the authentication-url specifying the appropriate redirect_uri
2. Retrieve verification token from redirected browser request
3. Perform access_token retrieval using your preferred HTTP framework (no user input required)
4. Parse results and retrieve access token
5. Initial restfb with token and use as needed

这篇关于restfb：用java编写一个Facebook应用程序（使用新的图形API）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！