如何透明更新Facebook的访问令牌在处理它使用Facebook的API调用服务的方法？ [英] How to transparently renew the Facebook access token while processing a service method which uses Facebook API calls?

问题描述

我有它运行在IIS 7.5和VS 2010中的WCF服务这一服务有一些方法在内部使用的Facebook C＃SDK 为了从/向Facebook执行一些GET和POST（4.1版本，而不是最新的）。由于Facebook将很快删除中的 offline_access 我要处理的地方访问令牌过期的情况

我明白进行验证（以得到的代码和具有码获得之后的方式访问令牌），以使用图形API获取Facebook的信息（如呈现这里）。

我有两个问题：结果

• 当我的服务方法被调用，我从我的数据库中检索
  相应用户的令牌，有没有办法知道，如果访问令牌
  已过期或不？结果我有阅读，当执行一个Facebook的API调用和访问令牌过期那么下面的异常被抛出： OAuthException 。但是，有没有更好的办法来检测何时到期？我不想结果
  
  
  
  1. 呼叫Facebook的API
  
  
  2. 处理异常
  
  
  3. 更新访问令牌，最后
  
  
  4. 重复使用新的访问令牌初始呼叫。结果
  
  


• 是否有可能延长用户的访问令牌透明（也存放在数据库中）和继续的处理服务的方法？
  在这个资源，重要的（续订访问令牌）部分是缺失（声明为
  [TODO]）

我想实现以下方案，在服务的实现方法：结果

  SC = SocialNetworkAccountDao.GetByUser（用户）
 
 isExpired =调用方法检查sc.token已过期。 
 
如果（isExpired）
 
 {
 
 newToken =呼叫的方法获取新的访问令牌
 
 sc.token = newToken; 
 
 SocialNetworkAccount.Update（SC）; 
 
} 
 
 = Facebook的新的Facebook（sc.token）
 
 Facebook.Post（.....）
 
  -  
  

与 QAuth 对话框是异步的（这是一个重定向），并与访问令牌URL沟通，以获得访问令牌这是同步执行搜索结果，最后一个问题：结果

• 有没有一种方式，服务方式，以等待新的访问令牌，我们
  从请求/回调与Facebook检索以
  稍后继续与新的访问令牌？

解决方案

我不知道C＃的SDK，但所有的Facebook的SDK基本上只是包装器的HTTP请求到图形不同的URL。

如果您使用服务器端身份验证流程，那么你应该得到一个长寿的象征（约60天），你得到的过期时间，何时到期，你需要重新验证用户，有没有办法来扩展的标记。

客户端验证返回一个短暂的令牌（约2小时），但你可以使用href=\"http://developers.facebook.com/roadmap/offline-access-removal/\">新的端点的Facebook提供给你只能使用符合仍然有效的访问令牌。

另外，无论什么时候，你总能得到，当你得到一个访问令牌过期时间，除非它是不具有到期日的申请令牌。

在这两种情况下，如果你得到一个长寿命的令牌可以将其存储在数据库中，并使用它在服务器端，但要知道，该令牌仍然可以得到无效的几个原因。

您还可以使用的处理无效和过期的访问令牌的。
如果C＃SDK不会为你很好地工作，那么你可能想只实现它自己，根据自己的需要，应该很容易。

I have a WCF service which runs in IIS 7.5 and VS 2010. This service has some methods which internally use the Facebook C# SDK (version 4.1, not latest) in order to perform some GET and POST from/to Facebook. Since Facebook will soon remove the offline_access I have to handle the situation where an access token is expired.

I have understood the way the authentication is performed (in order to get the code and after having the code to get the access token) in order to use the Graph API for getting Facebook information (as presented here).

I have two questions:

• When my service method is called and I retrieve the token of the appropriate user from my DB, is there a way to know if the access token is expired or not?
  I have read that when a Facebook API call is performed and the access token is expired then the following exception is thrown: OAuthException. But is there any better way to detect the expiration? I don't want to
  
  1. Call the Facebook API
  2. Handle the exception
  3. Renew the access token and finally
  4. Repeat the initial call with the new access token.
     

• Is it possible to renew the access token of the user transparently (store it also in the DB) and continue to handle the service method? In this resource, the important ("Renewing an Access Token") part is missing (declared as [todo])

I would like to achieve the following scheme, in the implementation of the Service Method:

sc = SocialNetworkAccountDao.GetByUser(user)

isExpired = call method to check if the sc.token is expired.

if (isExpired)

{

  newToken = call method for getting new access token

  sc.token = newToken;

  SocialNetworkAccount.Update(sc);

}

Facebook = new Facebook (sc.token)

Facebook.Post( ..... )

--

The process to communicate with the QAuth dialog is asynchronous (a redirect is performed), and the communication with access token url to get the access token this is performed synchronously.

Final Question:

• Is there a way the service method to wait for the new access token we retrieve from the request / callback with Facebook in order to continue later with the new access token?

解决方案

I don't know about the C# SDK, but ALL facebook SDKs are basically just wrappers for http request to the graph different urls.

If you use the server side authentication flow then you should get a long lived token (about 60 days), and you get the expiration time with it, when it expires you need to re-authenticate the user, there's no way to extend the token.

The client side authentication returns a short lived token (about 2 hours) but you can use the new endpoint facebook provided to replace the "offline_token". You can only use that with still valid access tokens.

Also, no matter what, you always get the "expires" time when you get an access token, unless it's an application token which does not have an expiration date.

In either case, if you get a long lived token you can store it in the database and use it on the server side, but be aware that the token can still get invalidated for a number of reasons.

You can also use the official documentation for Handling Invalid and Expired Access Tokens. If the C# SDK doesn't work well for you then you might want to just implement it yourself, for your own needs, should be pretty easy.

这篇关于如何透明更新Facebook的访问令牌在处理它使用Facebook的API调用服务的方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！