Facebook的SDK - 通过ID访问公共专辑没有认证 [英] Facebook SDK - access a public album by id without authentication

问题描述

我开发一个ASP.NET网站。它将包含文本的文章，其中一些将包含来自我的Facebook账户超出文本图片。请注意，我会从我的账户仅使用公开相册。

I develop an ASP.NET website. It will contain text articles and some of them will contain pictures from my facebook account above and beyond the text. Note that I'm going to use only the public albums from my account.

所以，我创建了一个SQL表和绑定的文章的专辑和照片（其实就是标识所有的）。我已经使用 Facebook的API，SDK 并这是一个伟大的图书馆。

So I created a sql table and binded the articles, the albums and the photos (in fact the IDs of all of them). I already used facebook api sdk and it was a great library.

显然，我的网站的任何访问者（即使他没有一个Facebook帐户）mignt能够看到的文章，并在图片 withount参观的Facebook和无需验证通过Facebook 的OAuth 来访问它们。

Obviously any visitor of my website (even he doesn't have a facebook account) mignt be able to see the articles and the pictures withount visiting facebook and without authentication via facebook oAuth to access them.

那么这里是问题：

1）我如何获得一个公开相册包含相册ID的照片和用户ID 无需验证？ （我不知道，也许我应该用其他的参数比相册ID和用户ID）

1) How do I get the photos a public album contains by album id and user id without authentication? (I don't know, maybe I should use the other parameters than album id and user id)

2）如何获得的属性（公开相册的姓名，身份证等）？

2) How do I get the properties (name, id, etc) of a public album?

推荐答案

通过了一个访问令牌，有很少可以从图形API获得。
只需通过引导您的浏览器尝试自己： http://graph.facebook.com/YOU_USER_ID

With out an access token there's very little you can get from the graph api. Just try yourself by directing your browser to: http://graph.facebook.com/YOU_USER_ID.

您还可以查看用户对象文件，它说：没有的access_token要求在权限的专栏（第3），你可以用了令牌获得。

You can also check the fields/connections tables in the User object documentation, where it says "No access_token required" in the Permissions column (3rd) you can get with out a token.

如果你想要让自己的其他数据，并公开服务在你的网站，你有两种选择：

If you want to get other data of yourself and serve it publicly on your site you have two options:

1. 使用服务器端认证流程，得到长寿的访问令牌（60天），保存和使用它的以下60天从Facebook获取数据。
   然后，当它被再次过期经过身份验证过程。
   它将是你谁需要通过它，而不是你的用户，只有一次每60天。

1. Use the server-side authentication flow, get a long lived access token (60 days), save that and use it for the following 60 days to get your data from facebook. Then, when it gets expired go through the authentication process again. It will just be you who needs to go through it, not your users, and only once every 60 days.

登录自己，对验证您的应用程序，让所有的数据，并坚持它在你的数据库，然后只需present，为您的用户。
你需要在每隔一段时间更新的东西。

Log in yourself, authenticate against your app, get all the data and persist it on your db, then just present that to your users. You'll need to update things every once in a while.

在服务器端认证流程指南有一个PHP编写的例子。
这是一个简单的例子并不包括所有的情况，但它是一个好的开始。

---

Edit

The server side authentication flow guide has an example written in php. It's a simple example which does not cover all scenarios but it's a good start.

我在Python和Java实现这一点，但因为它涵盖了多个请求，并指出这不是一件很容易被共享的，所以我只是描述我认为你应该使用流量：

I have implemented this in python and java but it's not something that can easily be shared since it spans across multiple requests and states, and so I'll just describe the flow I think that you should use:

1. 里面Facebook你去你的画布应用


2. Facebook将会使一个POST到iframe与你的画布网址


3. 在后的数据，你会得到href=\"http://developers.facebook.com/docs/authentication/signed_request/\" rel=\"nofollow\">签名的请求一个
   
4. 将用户重定向到的OAuth对话框与重定向URL一起和您所需要的权限。


5. 后，您让自己的应用程序，你会被重定向到recirect_uri与code参数（在查询字符串）。


6. 交换了code反对Facebook的服务器的访问令牌并保存令牌。


7. 您可以然后重定向自己到画布应用程序或只是停在那里。

1. Inside facebook you go to your canvas app
2. Facebook will make a POST into an iframe with your canvas url
3. In the post data you will get a signed request, decode it and check if it has an access token, if so check when it expires. If all is good save that token and the auth process is over, otherwise:
4. Redirect the user to the oAuth dialog along with your redirect url and permissions that you require.
5. After you allow your own app you will be redirected to your "recirect_uri" with the code parameter (in the querystring).
6. Exchange the code for an access token against the facebook servers and save the token.
7. You can then redirect yourself to the canvas app or just stop there.

这应该长期居住的访问令牌，你可以再使用60天做。

That should do it for a long lived access token which you can then use for 60 days.

对于坚持你自己的DB的FB的数据，这是一个pretty琐碎的操作，以节省一个数据库的数据，而这一切取决于你想要保存，你需要怎么EN code什么数据/使用它（JSON，XML，纯文本）。

As for persisting your fb data on your own db, it's a pretty trivial operation to save data on a db, and it all depends on what data you want to save, how you need to encode/use it (json, xml, plain text).

例如，假设你想显示自己的照片，你得到的令牌（如上所述），那么后发出一个HTTP请求，以便从你的服务器只查询您的照片： HTTPS： //graph.facebook.com/me/photos?access_token=XXXXXX 。
你应该得到一个JSON EN codeD结果，迭代的每个画面保存为你的数据库的记录。

For example, let's say you want the display your own photos, then after you get the token (as described above) just query from your server for your photos by issues an http request to: https://graph.facebook.com/me/photos?access_token=XXXXXX. You should get a json encoded result, iterate over that and save each picture as a record on your db.

这篇关于Facebook的SDK - 通过ID访问公共专辑没有认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！