在OAuth2访问令牌过期后刷新Facebook的正确方法是什么? [英] What is the correct way to refresh Facebook OAuth2 access token after it expires?
问题描述
- 重定向(或有用户点击链接)应用的授权URL
- 用户授权并重定向到您的回叫URL
- 回调使用代码参数获取访问令牌
- 访问令牌用于Graph API以拉或推信息
问题是访问令牌相对快速到期,需要刷新,所以我的问题是1)如何检测到令牌已经过期,除了尝试使用它,只是得到错误?和2)获取新令牌的最佳做法是什么?
目前,我只是发现尝试使用他们的访问令牌获取用户信息时出错,然后再次重定向到授权URL - 因为他们已经授权应用程序一个空白页面闪烁,并且它们被重定向回我的应用程序回调,在那里我得到一个新的令牌。它是如此笨重,我不能相信这是正确的方法。
-
唯一的方法来告诉cookie是否有效是使用它并捕获错误,如果它已过期。没有轮询方法或任何东西来检查令牌是否有效。
-
要获取新令牌,只需将用户重定向到身份验证页面。因为他们已经授权您的应用程序,他们将立即被重定向回您的应用程序,您将有一个新的令牌。他们不会被提示允许,因为他们已经这样做了。
总之,没有技巧这个。您已经正确地执行了。
As I understand it, this is the basic process for new Facebook iframe canvas apps using the OAuth2 API in a nutshell:
- Redirect to (or have user click link to) app's authorization URL
- User authorizes and is redirected to your callback URL
- Callback uses "code" parameter to get a access token
- Access token is used with Graph API to pull or push information
The problem is that access tokens expire relatively quickly and need to be "refreshed", so my questions are 1) how do you detect that the token has expired aside from trying to use it and simply getting an error? and 2) what is the best practice for obtaining a new token?
Currently, I just detect that there was an error trying to get the user's information with their access token, then redirect to the authorization URL again -- since they already authorized the app a blank page flashes by and they are redirected back to my app callback where I get a fresh token. It's so clunky I can't believe this is the proper method.
The only way to tell if a cookie is valid is to use it and catch the error if it is expired. There is no polling method or anything to check if a token is valid.
To get a new token, simply redirect the user to the authentication page again. Because they have already authorized your app they will instantly be redirected back to your app and you will have a new token. They won't be prompted to allow since they have already done that.
In short, there are no tricks to this. You are already doing it correctly.
这篇关于在OAuth2访问令牌过期后刷新Facebook的正确方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
