如何强制 Facebook 访问令牌过期? [英] How can I force a facebook access token to expire?
问题描述
在 offline_access 到期后,我正在做一些测试.我认为,由于我的应用程序与 Facebook 的所有交互都是通过我的服务器完成的,并且是由用户在多个应用程序端点(电话应用程序、网站、桌面应用程序)上的活动发起的,因此我可以使用应用程序访问令牌发布到墙上代表我的用户,假设即使我在授权期间请求的访问令牌已过期,该应用程序仍被授权.这似乎是 此处 所暗示的文档
I'm doing some testing in the wake of offline_access's expiration. I think that since all interactions my app makes with Facebook are done via my servers and are user initiated by user activity at several application end points (phone apps, website, desktop application) I can use an Application Access Token to publish to the wall on behalf of my users, assuming the application is still authorized even if the access token I requested during authorization is expired. That seems to be what the documentation here is implying with
作为应用程序进行身份验证允许您获取访问令牌,该令牌允许您代表应用程序而不是用户向 Facebook API 发出请求.[...] 应用访问令牌还可用于代表已向您的应用授予发布权限的用户向 Facebook 发布内容.
Authenticating as an App allows you to obtain an access token which allows you to make request to the Facebook API on behalf of an App rather than a User. [...] App access tokens can also be used to publish content to Facebook on behalf of a user who has granted a publishing permission to your application.
应用访问令牌通常不会过期.一旦生成,它们将无限期有效.
App Access Tokens generally do not expire. Once generated, they are valid indefinitely.
但是,我需要对此进行测试.所以我需要让一些令牌过期.我尝试使用您在开发者网站中创建的官方测试用户,这些用户只能与您应用的沙箱和其中的其他用户交互,但他们的令牌似乎永久有效一小时.
However, I need to test this. So I need to expire some tokens. I tried using official test users which you create in the developer site, that can only interact with your app's sandbox and other users in it, but their tokens seem to be perpetually valid for one hour.
所以我尝试使用我为此创建的真实 facebook 用户,更改我读取的密码应该会使令牌过期.但事实并非如此.该令牌在调试器中仍然报告有效,我仍然可以将它用于许多事情,包括发布到我的墙上.我什至可以在完全退出 Facebook 网站后继续使用此令牌.
So I tried using a real facebook user that I created for this, and changing the password which I'd read is supposed to expire the token. But it doesn't. The token still reports valid in the debugger and I can still use it for many things, including publishing to my wall. I can even continue to use this token after logging out of the facebook site completely.
什么给?如何获得过期的 access_token 以便我可以测试我的应用程序访问令牌?
What gives? How can I get an expired access_token so that I can test my Application Access Token?
我认为它会起作用.我创建了我的应用程序访问令牌并使用 CLIENT-SIDE 流来获取仅持续 2 小时的用户访问令牌,因此我实际上可以等待它过期.到期后,我使用 Graph API 资源管理器尝试发布状态更新,但未能告诉我令牌何时到期.然后,我使用成功的应用程序令牌尝试了相同的操作.
I think it's going to work. I created my application access token and used the CLIENT-SIDE flow to get an user access token that only lasted 2 hours, so I could actually just wait for it to expire. After the expiration I used the Graph API explorer to try to post a status update, which failed telling me when my token had expired. I then tried the same action using my application token which succeeded.
推荐答案
这应该可行,请在下面检查.
This should work, check below.
使您的令牌无效(也就是注销);对该端点进行 HTTP GET 调用;
Invalidating (aka logout) your token; make HTTP GET call to that endpoint;
https://api.facebook.com/restserver.php?method=auth.expireSession&format=json&access_token=<access_token>
ps.我的回答是从 2012 年开始的……从那时起,Facebook API 发生了许多重大变化.阅读 up2date Facebook 开发者文档更可靠
这篇关于如何强制 Facebook 访问令牌过期?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
