facebook用户访问令牌与应用访问令牌 [英] facebook User access token vs App access token

问题描述

两者之间有什么区别，何时使用?

What is the difference between the two and when do you use it?

https://developers.facebook.com/docs/authentication/server-side /

vs

https://developers.facebook.com/docs/opengraph/using -app-tokens/

推荐答案

这些都在您链接的文件中，但是为了简化起见:

It's all in those files you linked, but to try to simplify:

• 应用程序访问"令牌是指您授权应用程序(在服务器级别)执行某些操作，例如读取洞察力，更改应用程序的参数.
• 用户访问令牌是指用户授权您的应用程序代表他们执行操作(在服务器级别或在客户端/浏览器级别).用户可以通过权限对话框来限制扩展到您的应用程序的权限.

交叉的地方:

• 应用访问令牌可以获取有关用户(先前已对应用进行身份验证)的信息.此信息是有限的.例如，如果您不再拥有有效的用户令牌，但需要验证其名称未更改，这将很有用.您无法获得有关用户的所有其他多汁详细信息-为此，您需要具有用户访问令牌
• 应用程序访问令牌"也可以作为应用程序发布到用户墙上(如果用户已授予许可).这与以用户身份发布到用户墙上时稍有不同，这就是您使用用户访问令牌进行的操作.本质上是同一件事，只是用户可以使用其访问令牌来伪造"自己的帖子，但是当用您的应用程序令牌签名时，他们不能伪造来自您应用程序的帖子(此消息是保密的). /li>

• The App Access Token can get info about a user (who has previously authenticated the app). This information is limited. It is useful if you no longer have a valid token for a user but need to verify their name has not changed, for example. You cannot get all the other juicy details about a user - for this, you need to have a User Access Token
• The App Access Token can also post to a users wall as the app (if the user granted permission). This is slightly different from posting to the user's wall as the user, which is what you do with a user access token. Essentialy the same thing, it's just that the user can "fake" their own posts as they have their access token, but they can't fake the ones coming from your app when signed with your app token (which is kept secret).

希望这是概括地说吗?

这篇关于facebook用户访问令牌与应用访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！