过期后刷新 Facebook OAuth2 访问令牌的正确方法是什么? [英] What is the correct way to refresh Facebook OAuth2 access token after it expires?

问题描述

据我所知，这是使用 OAuth2 API 的新 Facebook iframe 画布应用程序的基本流程:

As I understand it, this is the basic process for new Facebook iframe canvas apps using the OAuth2 API in a nutshell:

1. 重定向到(或让用户点击链接到)应用的授权网址
2. 用户授权并重定向到您的回调网址
3. 回调使用code"参数获取访问令牌
4. 访问令牌与图谱 API 一起用于拉取或推送信息

问题是访问令牌过期相对较快，需要刷新"，所以我的问题是 1) 除了尝试使用它并只是收到错误之外，您如何检测令牌已过期?2) 获取新令牌的最佳做法是什么?

The problem is that access tokens expire relatively quickly and need to be "refreshed", so my questions are 1) how do you detect that the token has expired aside from trying to use it and simply getting an error? and 2) what is the best practice for obtaining a new token?

目前，我只是检测到尝试使用他们的访问令牌获取用户信息时出现错误，然后再次重定向到授权 URL——因为他们已经授权了应用程序，一个空白页面闪过，然后他们被重定向回我的应用回调，在那里我得到了一个新的令牌.太笨重了，我不敢相信这是正确的方法.

Currently, I just detect that there was an error trying to get the user's information with their access token, then redirect to the authorization URL again -- since they already authorized the app a blank page flashes by and they are redirected back to my app callback where I get a fresh token. It's so clunky I can't believe this is the proper method.

推荐答案

1. 判断 cookie 是否有效的唯一方法是使用它并在它过期时捕获错误.没有轮询方法或任何检查令牌是否有效的方法.

1. The only way to tell if a cookie is valid is to use it and catch the error if it is expired. There is no polling method or anything to check if a token is valid.

要获取新令牌，只需再次将用户重定向到身份验证页面.因为他们已经授权了您的应用程序，所以他们会立即被重定向回您的应用程序，您将拥有一个新令牌.不会提示他们允许，因为他们已经这样做了.

To get a new token, simply redirect the user to the authentication page again. Because they have already authorized your app they will instantly be redirected back to your app and you will have a new token. They won't be prompted to allow since they have already done that.

简而言之，这没有什么技巧可言.你已经做对了.

In short, there are no tricks to this. You are already doing it correctly.

这篇关于过期后刷新 Facebook OAuth2 访问令牌的正确方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！