处理访问令牌的 Facebook PHP SDK [英] Facebook PHP SDK dealing with Access Tokens

问题描述

我搜索了很多不同的答案，但仍然对我应该如何处理 facebook 访问令牌 感到有些困惑.我遇到的主要问题之一是由于浏览器中存储了哪些信息.例如，我登录到应用程序，令牌过期，除非我清除浏览器中的 cookie/应用程序设置，否则我无法再次登录.

I have crawled around lots of various answers but am still a bit confused with how I should be dealing with facebook access tokens. One of the main problems I'm having is due to what information is being stored in my browser. For example, I log onto the app, the token expires, I can't logon again unless I clear cookies/app settings in browser.

我偶然发现了这个线程:如何扩展自 offline_access 弃用以来的访问令牌有效性

I stumbled across this thread: How to extend access token validity since offline_access deprecation

其中向我展示了如何通过 php 创建扩展访问令牌.

Which has shown me how to create an extended access token through php.

我的问题是:

1.我需要将访问令牌存储在任何地方吗?

1. Do I need to store the access token anywhere?

2. 当访问令牌过期或失效时会发生什么?目前，我的应用只是在短期访问到期时停止工作.

2. What happens when the access token expires or becomes invalid? At the moment, my app simply stops working when the short term access ones expire.

3. 有没有办法处理它们以检查它们是否已过期?我正在使用 php sdk 并且基本上使用了标准 if( $user )...像这样:

3. Is there a way I should be handling them to check if they have expired? I am using the php sdk and have basically used the standard if( $user )... Like this:

require 'sdk/src/facebook.php';

  $facebook = new Facebook(array(
  'appId'  => 'XXXXXXXXXXXXXXXXXXXXX',
  'secret' => 'XXXXXXXXXXXXXXXXXXXXX',
));

  $user = $facebook->getUser();

  if( $user ){
    try{
        $user_profile = $facebook->api('/me');
    } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
    }
  }

  if (!$user){

    $params = array(
    'scope' => 'email',
    );

    $loginUrl = $facebook->getLoginUrl( $params );
        echo '<script type="text/javascript"> 
                window.open("'. $loginUrl .'", "_self"); 
                </script>';
                exit;

 } 
     if( $user ){

    $access_token = $facebook->getExtendedAccessToken();     

     $get_user_json = "https://graph.facebook.com/me?access_token=" 
       . $access_token;

// Rest of my code here...
}

• 我还应该做些什么来处理令牌?

.我应该在页面之间传递访问令牌，还是可以像这样在每个页面的顶部再次调用它:

. Should I be passing the access token between pages or is it ok to just call it again at the top of each page like this:

$facebook = new Facebook(array(
  'appId'  => 'XXXXXXXXXXXX',
  'secret' => 'XXXXXXXXXXXX',
  'redirect_uri' => 'http://localhost:8000/',
));
     $token = $facebook->getExtendedAccessToken();

推荐答案

让我们来看看你的问题:

Let's go through your questions:

我需要将访问令牌存储在任何地方吗?

Do I need to store the access token anywhere?

这取决于您的应用程序.首先问问自己，您是否需要在用户不在在场(未登录到您的应用)时代表用户执行操作?
如果答案是是，那么您需要扩展用户令牌，这可以通过在拥有有效用户会话时调用此方法使用 PHP-SDK 完成:setExtendedAccessToken().

This depends on your application. First of all ask yourself, do you need to perform actions on behalf of the user while he is not present (not logged in to your app)?
If the answer is yes, then you need to extend the user token which can be done using the PHP-SDK by calling this method while you have a valid user session: setExtendedAccessToken().

您还应该参考此文档:扩展访问令牌

访问令牌过期或失效时会发生什么?...有没有办法我应该处理它们以检查它们是否过期了吗?

What happens when the access token expires or becomes invalid? ... Is there a way I should be handling them to check if they have expired?

这是代码中 catch 子句派上用场的地方，而 facebook 示例仅 记录 错误 (error_log($e);) 你应该处理它！

This is where the catch clause in your code comes in handy, while facebook example only logs the error (error_log($e);) you should be handling it!

Facebook 已经有关于此的教程:操作方法:处理过期的访问令牌.

Facebook already has a tutorial about this: How-To: Handle expired access tokens.

您还应该参考错误表并相应地调整您的代码.

Also you should refer to the Errors table and adjust your code accordingly.

还有什么我应该做的来处理令牌吗?

Is there anything else I should be doing to handle tokens?

见上.

我应该在页面之间传递访问令牌还是可以在每个页面的顶部再次调用它

Should I be passing the access token between pages or is it ok to just call it again at the top of each page

您不需要做任何这些，因为 PHP-SDK 会为您处理令牌；您是否注意到您正在调用:$user_profile = $facebook->api('/me'); 而不附加用户 access_token?

You shouldn't need to do any of that, because the PHP-SDK will handle the token for you; have you noticed that you are calling: $user_profile = $facebook->api('/me'); without appending the user access_token?

SDK 是从它的最后添加它的，所以您不必担心它.

The SDK is adding it from its end so you don't have to worry about it.

这篇关于处理访问令牌的 Facebook PHP SDK的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！