Facebook用户取消授权该应用 [英] Facebook user deauthorizes the app

问题描述

当用户从我的网站接受Facebook应用程序时，我将数据库中的用户详细信息和Facebook的详细信息（访问令牌）存储起来。

when user accepts the facebook application from my website, I am storing the user details and facebook details(access token) in database.

当他从Facebook中删除我的应用程序时，我想从数据库中删除详细信息。怎么办？

when he removes my application from facebook i want to remove the detail from database. how to do this?

我可以给Deauthorize回调网址。如果有人删除应用程序，它将重定向到此页面。但是，wt应该是这里的代码从db中删除数据？我的意思是，当它重定向时，它会发布访问令牌的详细信息，以便我可以收取访问令牌并删除该行。

I can give Deauthorize Callback url. if some one removes application, it will redirect to this page. but, wt should be the code here to delete the data from db? I means, when it redirect, will it post the access token details, so that i can charge fro access token and delete that row.

推荐答案

验证文件中已明确说明：

应用程序取消授权

当您的应用程序的用户将其删除在
应用程序控制板或在
新闻源中阻止应用程序，您的应用程序可以通过在开发者应用程序中指定Deauthorize
回调URL来通知
。
在应用程序删除期间，我们将发送
HTTP POST请求，其中包含单个
参数signed_request，其中
包含用户
的用户标识（UID）删除您的应用程序您将
在
中没有收到用户访问令牌，此请求和所有现有用户
访问令牌将自动
过期。

When a user of your app removes it in the App Dashboard or blocks the app in the News Feed, your app can be notified by specifying a Deauthorize Callback URL in the Developer App. During app removal we will send an HTTP POST request containing a single parameter, signed_request, which contains the user id (UID) of the user that just removed your app. You will not receive an user access token in this request and all existing user access tokens will be automatically expired.

所以使用 signed_request 功能自己的文档：

So using the signed_request function on its own docuement:

<?php
function parse_signed_request($signed_request, $secret) {
  list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

  // decode the data
  $sig = base64_url_decode($encoded_sig);
  $data = json_decode(base64_url_decode($payload), true);

  if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
    error_log('Unknown algorithm. Expected HMAC-SHA256');
    return null;
  }

  // check sig
  $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
  if ($sig !== $expected_sig) {
    error_log('Bad Signed JSON signature!');
    return null;
  }

  return $data;
}

function base64_url_decode($input) {
  return base64_decode(strtr($input, '-_', '+/'));
}

$result = parse_signed_request($_REQUEST['signed_request'],"APP_SECRET");


$myFile = "deauthorize.txt";
$fh = fopen($myFile, 'w') or die("can't open file");
fwrite($fh, $result["user_id"] . "\n");
fclose($fh);

?>

所以你需要做的就是获取$ $ $ $ $ ] 查询您的数据库并删除记录。

So all you need to do is get the $result["user_id"] query your DB and remove the record.

PS：我建议添加一个名为的新字段活动，只需停用该用户，而不是删除所有记录一起。

P.S: I would recommend adding a new field called active and just deactivate the user instead of removing the record all together.

编辑：

Facebook不会将用户重定向到取消授权网址！它只会ping：

Facebook will NOT redirect the user to the deauthorize URL! it'll ping it only:

当用户
取消授权您的应用程序时，Facebook ping这个URL

Facebook pings this URL when a user deauthorizes your app

这篇关于Facebook用户取消授权该应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！