如何获得Facebook访问令牌使用appid和应用程序的秘密,没有任何登录凭据? [英] How to get a facebook access token using appid and app secret without any login credentials?
问题描述
我需要在C#Windows应用程序中使用appid和应用程序秘密来获取FaceBook访问令牌。实际上,我做了下面的编码,但获取应用程序令牌只获取访问令牌。
如何实现检索访问令牌。
FacebookClient客户端= new FacebookClient();
dynamic result = client.Get(oauth / access_token,new
{
client_id =1498796747020950,
client_secret =c50341f5b4e42a595f0791467f439e38,
grant_type = client_credentials
});
var accessToken = result.access_token;
您要求的凭证是应用程式存取凭证它不能与每个API调用(而不是使用非常有限)。
让我尝试详细阐述访问令牌和OAuth 2.0,使概念清晰。
OAuth 2.0
-
对于标准OAuth 2.0实施,第一步是调用服务的 OAuth对话框提供者(facebook) -
\GET http://www.facebook.com/dialog/oauth
参数 -
-
client_id(APP ID) -
redirect_uri(应用程式的重新导向网址) -
范围(权限 - 可选)
-
代码(附加重定向网址)
返回 -
-
-
用户成功验证应用程序后,通过附加有
redirect_url的服务提供商(facebook)返回代码因此系统会将您重定向到 -
{redirect-url}?code = XXXXXXXXXXXXXXXXX
我们使用
代码access_token-
\GET https://graph.facebook.com/oauth/access_token
参数 -
-
client_id(APP ID) -
client_secret(APP Secret) -
代码 -
redirect_uri
-
您不想构建此手动流程,您可以使用处理此流程的SDK。它将只调用outh对话框,如果成功将给你访问令牌作为响应。 Facebook提供了 iOS 的官方SDK, Android , Javascript 和 PHP ;还有其他第三方SDK 。
现在,这将为我们提供一个访问令牌,更精确的是 用户访问令牌 。这是获取用户访问令牌所需的仅 过程(即需要用户参与)。您请求的是一个应用访问令牌,现在我将详细说明Facebook的访问令牌 -
访问令牌
有3种类型的访问令牌支持不同的用例:
-
用户访问令牌用户令牌是最常用的类型的令牌。这种访问令牌是在应用程序调用API来读取,修改或写入特定人员的Facebook数据时需要的。
-
应用程式存取权标记:应用程式存取凭证用于提出要求代表应用程式而非使用者的Facebook API。这可用于修改应用程序的参数,创建和管理测试用户或阅读应用程序的见解。应用程序访问令牌也可以用来代表已授予您的应用程序的开放图形发布权限的人向Facebook发布内容。
除了这些,没有任何应用程序访问令牌可以做到。而且它像您的应用程序的密码,因此重要的是,您的应用程序密码永远不会与任何人共享。这可以通过您在问题 -
GET / oauth / access_token中提及的API调用获取?
client_id = {app-id}
& client_secret = {app-secret}
& grant_type = client_credentials
或直接从这里,或直接使用
{app-id} | {app-secret} -
页面访问令牌令牌用于Graph API调用以管理Facebook页面。要生成页面访问令牌,页面的管理员必须授予扩展权限
manage_pages。授予此权限后,您可以使用以下Graph API请求检索网页访问令牌:/ GET / {page -id}?fields = access_token
< hr>
我不确定这一切对你是否有意义,但我希望它能帮助你解决一些关于同样的疑问。
如果应用程式存取权杖对您很重要,您可以使用我提到的三种方法之一。如果没有,用户访问令牌是您需要的,如果没有用户交互就无法获取。
I need to get FaceBook access token using appid and app secret in C# windows application. Actually i did below coding, but getting app token only not getting the access token.
how to achieve to retrieve access token.?
FacebookClient client = new FacebookClient();
dynamic result = client.Get("oauth/access_token", new
{
client_id = "1498796747020950",
client_secret = "c50341f5b4e42a595f0791467f439e38",
grant_type = "client_credentials"
});
var accessToken = result.access_token;
The token that you are requesting is an app access token which can not be used with every API call (instead its usage is very limited).
Let me try to elaborate the access tokens and OAuth 2.0 to make the concepts clear.
OAuth 2.0
With the standard OAuth 2.0 implementation, the first step is to invoke the OAuth Dialog of the service provider (facebook)-
\GET http://www.facebook.com/dialog/oauthParameters-
client_id(APP ID)redirect_uri(App's Redirect Url)scope(permissions - optional)
Returns-
code(appended with the redirect url)
After the user successfully authenticated the app, a
codeis returned by the service provider(facebook) appended with theredirect_urlpassed. So you'll be redirected to-{redirect-url}?code=XXXXXXXXXXXXXXXXXWe use this
codethen and request for theaccess_token-\GET https://graph.facebook.com/oauth/access_tokenParameters-
client_id(APP ID)client_secret(APP Secret)coderedirect_uri
If you dont want to build this manual flow, you can use the SDKs that take care of this flow. It will just invoke the outh dialog and if success will give you the access token in response. Facebook provides official SDKs for iOS, Android, Javascript and PHP; also there are other third-party SDKs. Now this will give us an access token, to be more precise- a user access token. This is only process required to obtain a user access token (i.e. user engagement is required). What you were requesting was an app access token, I'll now elaborate facebook access tokens-
Access Tokens
There are 3 types of access tokens to support different use cases:
User Access Token - The user token is the most commonly used type of token. This kind of access token is needed any time the app calls an API to read, modify or write a specific person's Facebook data on their behalf. I've explained the detailed process of obtaining this token.
App Access Token - App access tokens are used to make requests to Facebook APIs on behalf of an app rather than a user. This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.
Except these there's nothing an app access token can do. And its like a password of your app so it is important that your app secret is never shared with anyone. This can be obtained by the API call that you have mentioned in the question-
GET /oauth/access_token? client_id={app-id} &client_secret={app-secret} &grant_type=client_credentialsor directly from here, or simply use
{app-id}|{app-secret}Page Access Token- Page access tokens are used in Graph API calls to manage Facebook Pages. To generate a page access token, an admin of the page must grant an extended permission called
manage_pages. Once this permission has been granted, you can retrieve the page access token using the following Graph API request:/GET /{page-id}?fields=access_token
I'm not really sure if this all was significant to you but I hope it helps you clearing some doubts regarding the same.
If the app access token is significant to you, you can use it by any of three methods I've mentioned. If not, user access token is what required to you which cannot be obtained without user interaction.
这篇关于如何获得Facebook访问令牌使用appid和应用程序的秘密,没有任何登录凭据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
