代表用户发布到Facebook:如何处理令牌到期? [英] Posting to Facebook on behalf of the user: how to handle token expiration?
问题描述
我正在网站上实现与Facebook/Twitter/...的连接.这个想法是,一旦用户将其帐户与外部服务相关联,我们的网站就可以代表该用户发布消息.
I'm implementing a connect with Facebook/Twitter/... functionality on a website. The idea is that once a user connects his account with the external services our website could post messages on behalf of the user.
使用Twitter不会出现问题,因为OAuth access_token不会过期.但是使用FB时,它确实每两个月过期一次,这是在用户注销,更改密码或明确取消对应用程序的授权之后.
With Twitter there is no problem as the OAuth access_token doesn't expire. But with FB it does expire every two months, when the user logouts, changes password or explictly deauthorizes the app.
我应该如何处理令牌到期?对我来说,如果我可以自动刷新令牌而不会打扰用户,那将是理想的选择,但是除非我错过了某些事情,否则似乎没有任何办法可以做到这一点.所以,现在我有两个想法:
How should I handle the token expiration? For me it would be ideal if I could refresh the token automatically without bothering the user, but unless I've missed something it seems there isn't any way of doing this. So, right now I've two ideas:
- 一种不太尴尬的方式:每次用户登录网站时,都要检查令牌是否已过期,并通知用户她也对该应用程序进行了重新授权.
- 更尴尬的方法:每次在我们的网站上触发发布到社交网络"事件时,请检查令牌是否已过期并要求用户重新授权.
第一个选项将更易于实现,并且对用户更干净.
The first option would be easier to implement and cleaner to the user.
那么,您如何处理这种情况?
So, how are you handling this situations?
谢谢!
推荐答案
如果用户实际上是在与您的网站进行交互,那么您应该会得到一个全新的access_token(请参阅下文).如果您使用Facebook API执行与用户相关的离线任务,那么您应该存储access_token及其到期日期.然后,您需要处理过期的访问令牌,并要求用户再次与您的应用进行交互并更新您的记录.
If the user is actually interacting with your website, you should be getting a fresh access_token (read below). If you perform offline tasks related to the user using the Facebook API then you should be storing the access_token and their expiry dates. Then you need to handle expired access tokens and ask the user to interact with your app again and update your records.
You should refer to this document. Also you should be reading the Extending Access Tokens document:
第2步.刷新长期的用户访问令牌
随时您可以通过重复以下操作来生成新的长期令牌 原始身份验证流,获取新的短期令牌,然后 执行与上述相同的交换.在某些情况下,这是较新的 长期令牌可以与上一个令牌相同,但是我们不 确保这是正确的,并且您的应用程序不应依赖它.
At any point, you can generate a new long-lived token by repeating the original auth flow, obtaining a new short-lived token and then performing the same exchange as above. In some cases, this newer long-lived token can be identical to the previous one, but we do not guarantee this will be true and your app shouldn't depend upon it.
这篇关于代表用户发布到Facebook:如何处理令牌到期?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
