Facebook访问令牌[Javascript SDK] [英] Facebook Access Token [Javascript SDK]

问题描述

我正在为我的网站写Facebook登录.我正在使用Javascript Sdk，但我不了解一件事.

  function fbLogin() {
   FB.login(function(response) {
   if (response.authResponse) {
    var token=response.authResponse.accessToken;
     FB.api('/me', function(response) {

       $.get('main/check_facebook_status/'+token,function(data) {
            if (data == "true") {
                $('#r_name').val(response.name);
                $('#r_username').val(response.username);
                $('#r_email').val(response.email);
                $('#fbid').val(response.id);
                $('#fbtoken').val(token);


            }
       })
     });
   } else {
     console.log('User cancelled login or did not fully authorize.');
   }
 }, {scope: 'email, publish_stream'});
  }

我可以信任他访问令牌(response.authResponse.accessToken)来标识用户吗? Facebook可以更改访问令牌吗?如果更改访问令牌，我如何识别用户?

Ps:对不起，英语不好

解决方案

我可以信任他访问令牌(response.authResponse.accessToken)来识别用户吗?

当然可以！

Facebook可以更改访问令牌吗?

不.但是它会在2小时后过期，因此您必须再次获取令牌.如果您以后想使用此令牌，请执行以下操作:您可以将令牌的寿命延长至60天.

您可以在此处了解更多有关访问令牌的信息.. >

---

在以下情况下，令牌也会失效-

• 用户更改密码
• 用户取消对应用程序的授权
• 用户删除了应用程序

I am writing Facebook login for my site.I am using Javascript Sdk,but I don't understand one thing.

  function fbLogin() {
   FB.login(function(response) {
   if (response.authResponse) {
    var token=response.authResponse.accessToken;
     FB.api('/me', function(response) {

       $.get('main/check_facebook_status/'+token,function(data) {
            if (data == "true") {
                $('#r_name').val(response.name);
                $('#r_username').val(response.username);
                $('#r_email').val(response.email);
                $('#fbid').val(response.id);
                $('#fbtoken').val(token);


            }
       })
     });
   } else {
     console.log('User cancelled login or did not fully authorize.');
   }
 }, {scope: 'email, publish_stream'});
  }

Can I trust he access token(response.authResponse.accessToken) for identify the user ? Can facebook change the access token ? If changes the access token how can I identify the user ?

Ps:Sorry for bad english

解决方案

Can I trust he access token(response.authResponse.accessToken) for identify the user?

Of-course yes!

Can Facebook change the access token ?

Nope. But it expires after 2 hours, so you have to get the token again. If you want to use this token in future; you can extend the life of the token to 60 days.

You can read more about access tokens here.

---

[Edit]

The token also becomes invalidated in the following cases-

• User changes the password
• User de-authorizes the app
• User removes the app

这篇关于Facebook访问令牌[Javascript SDK]的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！