是否期望通过基于重定向的身份验证收到的令牌是长期存在的令牌? [英] Is it expected that the token received through redirect-based authentication are long lived ones
问题描述
我通过重定向到Facebook身份验证页面$fb->getLoginUrl()实现了身份验证,当流程结束时,我得到了用户访问令牌.
I have an authentication implemented via redirect to facebook auth page $fb->getLoginUrl() and when this flow ends I'm getting a user access token.
根据 https://developers.facebook.com/docs/facebook-login/access-tokens/#extending 应该是短暂的,而我的要在今天之后的2个月内到期.
According to the https://developers.facebook.com/docs/facebook-login/access-tokens/#extending it should be a short living one, while mine has the expiration in 2 months after today.
这是预期的行为吗?
如果是,您将在什么情况下交换令牌?
If yes - in what cases would you exchange the token?
如果没有-我想念什么?
If no - what am I missing?
UPD
我刚刚创建了一个新应用,然后再次-新的用户访问令牌到期1395567887 (in about 2 months)(来自令牌调试器的信息)
I've just created a new application and again - the new user access token expires 1395567887 (in about 2 months) (info from a token debugger)
推荐答案
取决于要实现的用例场景.
如果您使用的是APP,并且令牌是用于应用程序权限的(例如,如果您使用getLoginUrl来验证应用程序),则:
Depends on what use case scenario you are implementing.
If you are using an APP and the token is for the app permissions (like if you use the getLoginUrl to auth an app) etc then:
如果您的应用是代表其用户发布的,并且需要访问令牌且没有过期时间才能发布, 您应该使用应用程序访问令牌.应用访问令牌已签名 使用您的应用秘密,并且不会过期;如果它会无效 您可以重新输入密码/重置您的应用程序密码.
If your app publishes on behalf of its users and requires an access token with no expiration time for the purpose of publishing, you should use an App Access Token. An App Access Token is signed using your app secret and will not expire; it will be invalidated if you re-key/reset your application secret.
编辑
默认情况下,我所有的应用程序都具有2个月的访问令牌,这就是FB 文档
All my apps have a 2month access token by default and that is what is stated in the FB docs
经常在网络上访问令牌的寿命大约为两个小时,但是 会在需要时自动刷新.
Access tokens on the web often have a lifetime of about two hours, but will automatically be refreshed when required.
就像这里描述的:
服务器端流程授予2个月的长期令牌
The server side flow grants a long lived token of 2 months
这篇关于是否期望通过基于重定向的身份验证收到的令牌是长期存在的令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
