获得一个新的短期用户access_token [英] get a new short-lived user access_token

问题描述

我需要续签一个长期存在的访问令牌。我读了
更新长期访问令牌服务器端主题，并编写如下代码：

I need to renew a long-lived access token. I read Renew long lived access token server side topic and wrote a code as follows:

<?php

$code = $_REQUEST["code"];

if(empty($code)) {

  $dialog_url = "https://www.facebook.com/dialog/oauth?"
    . "client_id=$app_id"
    . "&redirect_uri=$my_url"
    . "&scope=..."
    ;

  echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
else
{
  $response = file_get_contents("https://graph.facebook.com/oauth/access_token?"
    . "client_id=$app_id"
    . "&redirect_uri=$my_url"
    . "&client_secret=$app_secret"
    . "&code=$code"
    );

  $params = null;
  parse_str($response, $params);
  $access_token=$params['access_token'];

  $response = file_get_contents("https://graph.facebook.com/oauth/access_token?"
    . "client_id=$app_id"
    . "&client_secret=$app_secret"
    . "&redirect_uri=$my_url"
    . "&grant_type=fb_exchange_token"
    . "&fb_exchange_token=$access_token"
    );
}

?>

第一次调用时，它会获得60天的访问令牌。我希望在下一次调用时它将获得另一个（可能是相同名称的）60天令牌，并且我会在调试器中看到 https://developers.facebook.com/tools/debug ，发布时间和到期时间会更改，但时间不会更改。我的情况怎么了？

On the first invocation it acquires 60-days access token all right. I expect that on the next invocations it would acquire another (may be with the same name) 60-days tokens, and I would see in the Debugger https://developers.facebook.com/tools/debug that issue time and expiration time changes, but the times do not change. What's wrong with my scenario?

推荐答案

您是否已将令牌进行了比较？在不到24小时内拨打同一电话时，Facebook会将您的现有访问令牌发回给您。另外，如果您还请求用户使用页面令牌，则令牌设置为不过期。在这里查看我的答案： Facebook页面访问令牌-这些令牌会过期吗？ 有关此主题的更多信息。

Have you compared the tokens to each other? Facebook will send you back the existing access token when the same call is made in less than 24 hours. Also, tokens are set to not expire if you have also requested page tokens for the user. See my answer here: Facebook Page Access Tokens - Do these expire? for more info on this subject.

可以确保每次获取新令牌的一种方法是，通过对/ PROFILE_ID / permissions进行http DELETE调用然后请求新令牌来撤消访问权限。唯一的坏处是需要您再次使用户进入oAuth对话框。

One way you can be sure to get a new token each time is if you revoke access by making an http DELETE call to /PROFILE_ID/permissions and then requesting a new token. The only bad thing about this is it will require you to put the user through the oAuth dialog again.

这篇关于获得一个新的短期用户access_token的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！