会话已被禁用,因为用户已更改密码 [英] The session has been invalidated because the user has changed the password
问题描述
为Android和iOS实施PhoneGap应用程序,该应用程序正在使用Facebook Connect和PhoneGap Facebook Connect插件( https://github.com/davejohnson/phonegap-plugin-facebook-connect )。前几天,我开始遇到access_token的问题,但只有在Android上,同样的情况在iOS上无效。一步一步是:
- Init facebook。 (使用插件功能)
- 登录Facebook。 (使用插件功能)(请求权限:'email user_birthday publish_stream offline_access')
- 使用返回给我的令牌来做图形api调用/我。
步骤3返回错误,当我将url调用并放入桌面浏览器时,会给我错误会话已被禁用,因为用户已更改密码。
沙盒应用/非沙盒应用没有任何区别。
与iOS完全相同的步骤可以正常使用。
我在SOF和Facebook上看到很多问题但是,他们都是指让用户再次进行验证流程,或者几天后问题解决了....有人可以确认这是一个Facebook错误吗?还是有解决方案?或者可以解释为什么它在Android而不是iOS上运行?也许这可能与我在iOS中不使用Facebook应用程序有关,但选择始终通过浏览器中的OAuth?
感谢任何线索!
编辑:
发现其他相关问题,似乎与我的根本原因相同。 / p>
好的,最后我发现我的问题的根本原因是Android和iOS的facebook SDK正在处理offline_access不同的值,它们在会话对象的'expires'参数中设置的值。
在iOS中,过期将被设置为未来的日期(4001-01-01),而Android的到期将被设置为这使我的比较(过期<今天)失败(我做了一个日期解析到毫秒),会话总是无效。
在我的情况下,如果会话无效,我总是做一个注销,这使得我的令牌在浏览器中尝试后无法使用。doh ..)
Implementing a PhoneGap app for Android and iOS, the app is using Facebook Connect and the PhoneGap Facebook Connect Plugin (https://github.com/davejohnson/phonegap-plugin-facebook-connect). A few days ago I started having problem with the access_token, but only on Android, the same scenario works on iOS without problems. The step by step is:
- Init facebook. (using plugin function)
- Login to facebook. (using plugin function) (asking the permissions: 'email user_birthday publish_stream offline_access')
- Do graph api call /me using the token returned to me.
Step 3 returns error, and when I take the url called and put in a desktop browser, it gives me the error "The session has been invalidated because the user has changed the password".
Sandbox app/ non-sandbox app does not make any difference.
The exact same steps in iOS works fine.
I saw a lot of questions on SOF and facebook about it, but all of them are referring to letting the user do the auth flow again, or that the problem solved itself after a few days.... Is there someone that can confirm that this is really a facebook bug? Or have a solution? Or can explain why it works on Android and not iOS? Maybe it could have to do with me in iOS not using the facebook app, but choosing to always go via the OAuth in browser?
Thanks for any clues!
EDIT:
Found to other related questions, that seems to have the same root cause as mine.
How can I remove all potentially cached tokens or session IDs on Android?
Access token immediately invalidated
Ok, in the end I found out that the root cause of my problem was that Android and iOS facebook SDK's are handling the offline_access differently, in the value that they set in the 'expires' parameter in the session object.
In iOS, 'expires' will be set to a date far far in the future (4001-01-01), while in Android 'expires' will be set to 0. This made my comparison (expired < today) fail (I was doing a date parse to milliseconds), and the session was always 'invalid'.
(then in my case i was always doing a logout if the session was invalid, which made my token be invalid for real when trying it in the browser afterwards.. doh..)
这篇关于会话已被禁用,因为用户已更改密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
