Oauth 2.0无法从signed_request“代码”值中获取访问令牌 [英] Oauth 2.0 cannot get an access token from the signed_request 'code' value

问题描述

我正在迁移到Oauth 2.0。我当前的站点使用JS SDK，具有fb-login按钮，然后访问Graph以获取用户详细信息。

我在获取访问令牌时遇到问题

一个问题可能是JS SDK对话框未将我重定向到它说应该重定向的URL，即带有？code = XXXXXXX的URL

因此，我查看了php SDK（我使用的是ASP）以了解它是如何实现的。我已经在Cookie中解析了签名请求值，并在代码参数中获取了要添加到令牌URL的值，但是我无法获得访问令牌。这些是我正在使用的值：

已解析的sign_request数据：

  { algorithm： HMAC-SHA256， code： 2.AQCovUOFCduELbna.3600.1323900000.1-773555243 | Y_cW4riF4K7el_9a4oVNjL0qvZc， issued_at：1323895617， user_id： bXXXXXX b $ b令牌URL：https://graph.facebook.com/oauth/access_token？ 
 client_id = XXXXXXXX& 
 redirect_uri = XXXXXXXX& 
 client_secret = XXXXXX& 
 code = 2.AQCovUOFCduELbna.3600.1323900000.1-773555243 | Y_cW4riF4K7el_9a4oVNjL0qvZc 
  

这是响应：

  { error：{ message：验证验证码时出错。， type： OAuthException }} 
  

代码值是否显示为正确格式？有什么问题的主意吗？

解决方案

在这里存在相同的问题...

解决方案：如果代码是从cookie有效负载中提取的，则将参数redirect_uri留空

try

令牌网址： https://graph.facebook.com/oauth/access_token?client_id=XXXXXXXX&redirect_uri=&client_secret=XXXXXX&code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL>

为我工作！

I'm migrating to Oauth 2.0. My current site uses JS SDK, has a fb-login button, then I'm accessing Graph to get the users details.

I'm having problems getting an access token to get this data from Graph.

One problem could be that JS SDK dialog doesn't redirect my to the URL it says it should i.e. the one with ?code=XXXXXXX that I can then use to get an access token.

So I've looked at the php SDK (I'm using ASP) to see how it does it. I've parsed the signed-request value in the cookie, got the value in the 'code' param to add to the token URL but I can't get an access token. These are the values I'm using:

Parsed signed_request data:

{"algorithm":"HMAC-SHA256","code":"2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc","issued_at":1323895617,"user_id":"XXXXXXXXXX"}

Token URL: https://graph.facebook.com/oauth/access_token?
           client_id=XXXXXXXX&
           redirect_uri=XXXXXXXX&
           client_secret=XXXXXX&
           code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc

This is the response:

{"error":{"message":"Error validating verification code.","type":"OAuthException"}} 

Does the code value appear to be in the correct format? Any ideas as to what's wrong?

解决方案

exact same problem here...

solution: if code is extracted from cookie payload, leave parameter redirect_uri empty

try

Token URL: https://graph.facebook.com/oauth/access_token?client_id=XXXXXXXX&redirect_uri=&client_secret=XXXXXX&code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc

worked for me!

这篇关于Oauth 2.0无法从signed_request“代码”值中获取访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！