如何强制Facebook访问令牌过期? [英] How can I force a facebook access token to expire?
问题描述
作为应用程序进行身份验证允许您获取访问令牌,您可以代表App而不是用户向Facebook API发出请求。 [...]应用程序访问令牌也可以用于向已授予您的应用程序的发布权限的用户代表向用户发布内容。
应用访问令牌一般不会过期。一旦生成,它们将无限期有效。
但是,我需要测试一下。所以我需要过期一些令牌。我尝试使用您在开发人员网站中创建的官方测试用户,只能与您的应用程序的沙盒和其他用户进行交互,但是它们的令牌似乎永久有效1小时。
所以我尝试使用我为此创建的一个真正的Facebook用户,并且更改我将读取的密码应该到期令牌。但它没有。令牌仍然在调试器中报告有效,我仍然可以将其用于许多内容,包括发布到我的墙上。我甚至可以在完全登出Facebook网站后继续使用这个令牌。
什么给了?如何获得一个过期的access_token,以便我可以测试我的应用程序访问令牌?
编辑:我认为这将工作。我创建了我的应用程序访问令牌,并使用CLIENT-SIDE流来获取只持续2个小时的用户访问令牌,所以我实际上可以等到它过期。过期后,我使用Graph API资源管理器尝试发布状态更新,当我的令牌过期时,该错误告诉我失败。然后我使用我的应用程序令牌尝试了相同的操作。
这应该可以工作,请检查下面。
无效(又名注销)您的令牌;对该端点进行HTTP GET调用;
https://api.facebook.com/restserver.php?method=auth。 expireSession&安培;格式= JSON&安培; =的access_token<&的access_token GT;
p.s。我的答案是从2012年...从那时起,Facebook API已经发生了许多重大变化。阅读up2date Facebook开发者文档
更可靠
I'm doing some testing in the wake of offline_access's expiration. I think that since all interactions my app makes with Facebook are done via my servers and are user initiated by user activity at several application end points (phone apps, website, desktop application) I can use an Application Access Token to publish to the wall on behalf of my users, assuming the application is still authorized even if the access token I requested during authorization is expired. That seems to be what the documentation here is implying with
Authenticating as an App allows you to obtain an access token which allows you to make request to the Facebook API on behalf of an App rather than a User. [...] App access tokens can also be used to publish content to Facebook on behalf of a user who has granted a publishing permission to your application.
App Access Tokens generally do not expire. Once generated, they are valid indefinitely.
However, I need to test this. So I need to expire some tokens. I tried using official test users which you create in the developer site, that can only interact with your app's sandbox and other users in it, but their tokens seem to be perpetually valid for one hour.
So I tried using a real facebook user that I created for this, and changing the password which I'd read is supposed to expire the token. But it doesn't. The token still reports valid in the debugger and I can still use it for many things, including publishing to my wall. I can even continue to use this token after logging out of the facebook site completely.
What gives? How can I get an expired access_token so that I can test my Application Access Token?
Edit: I think it's going to work. I created my application access token and used the CLIENT-SIDE flow to get an user access token that only lasted 2 hours, so I could actually just wait for it to expire. After the expiration I used the Graph API explorer to try to post a status update, which failed telling me when my token had expired. I then tried the same action using my application token which succeeded.
This should work, check below.
Invalidating (aka logout) your token; make HTTP GET call to that endpoint;
https://api.facebook.com/restserver.php?method=auth.expireSession&format=json&access_token=<access_token>
p.s. my answer is from 2012... Since then, Facebook API has evolved with many major changes. It is more reliable to read the up2date Facebook developer doc
这篇关于如何强制Facebook访问令牌过期?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
