Facebook OAuth 2.0“代码”和“令牌” [英] Facebook OAuth 2.0 "code" and "token"
问题描述
为什么在Facebook OAuth2身份验证流程中需要代码和令牌,如下所述: https://developers.facebook.com/docs/authentication/ ?
Why do you need both a "code" and a "token" in the Facebook OAuth2 authentication flow as described here: https://developers.facebook.com/docs/authentication/ ?
如果您查看OAuth对话框参考( https://developers.facebook.com/docs/reference/dialogs/oauth/ ),您似乎只使用令牌来获取有关用户的信息,如果您将 response_type 参数指定为令牌或代码,令牌,那么你第一次获得令牌。
If you look at the OAuth dialog reference (https://developers.facebook.com/docs/reference/dialogs/oauth/), it seems like you only ever use the token to fetch information about the user, and if you specify the response_type parameter as token or code,token, then you get the token on the first time.
为什么需要获取代码,然后使用代码获取令牌,而不是直接获取令牌?
Why do you need to get a "code" and then use the code to get a "token" as opposed to getting the token directly?
我想我误解了关于OAuth如何工作的一些基本知识,但似乎您避免了对 https://graph.facebook.com/oauth/access_token的请求完全如果你第一次使用对话框获取令牌。
I guess I'm misunderstanding something basic about how OAuth works, but it seems you avoid the request to https://graph.facebook.com/oauth/access_token entirely if you get the token the first time with the dialog.
推荐答案
从 Salesforce文档:
授权代码
授权代码是代表用户访问授权的短命令令牌,由授权服务器创建并通过浏览器传递给客户端应用程序。客户端应用程序将授权代码发送到授权服务器以获取访问令牌,并可选择刷新令牌。
An authorization code is a short-lived token representing the user's access grant, created by the authorization server and passed to the client application via the browser. The client application sends the authorization code to the authorization server to obtain an access token and, optionally, a refresh token.
访问令牌
客户端使用访问令牌代表最终用户进行身份验证请求。它的使用寿命比授权代码的长度长,通常在数分钟或数小时左右。当访问令牌过期时,尝试使用它将失败,并且必须通过刷新令牌获取新的访问令牌。
Access Token The access token is used by the client to make authenticated requests on behalf of the end user. It has a longer lifetime than the authorization code, typically on the order of minutes or hours. When the access token expires, attempts to use it will fail, and a new access token must be obtained via a refresh token.
这篇关于Facebook OAuth 2.0“代码”和“令牌”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
