Chrome扩展程序:Facebook OAuth手动检索访问令牌? [英] Chrome Extension: Facebook OAuth with manually retrieved access token?
问题描述
如 Facebook Oauth文档所述,为了将客户端流与桌面应用程序,需要特殊的return_uri https://www.facebook.com/connect/login_success.html 。
从Chrome打开一个新标签到网址
https://www.facebook.com/dialog/oauth?client_id=MYAPPID& redirect_uri = https://www.facebook.com/connect/login_success.html& response_type = token
按预期工作,我被重定向到具有包含令牌的 access_token 参数的login_success页面。我可以使用简单的GET请求(例如使用jQuery)从Graph API请求数据:
$。getJSON(https: //graph.facebook.com/me,{access_token:token},function(d)
{
..进程返回数据
});
我的问题是,我可以继续使用没有的Javascript SDK SDK的内部授权方法。
FB.getLoginStatus 返回一个我的Connect / Canvas URI不正确的错误。除了手动获取和响应匹配之外,我应该如何检查令牌状态?
FB.login 显然失败,出现以下错误:
API错误代码:191
错误消息:无效的redirect_uri
(url与应用的配置中的域url不匹配),因为似乎没有办法在内部指定return_uri。
在外部访问令牌时,是否还有依靠JavaScript SDK(特别是事件)的方法?我应该覆盖访问令牌吗?
是的,您可以将其用于正常事件(即有人点击了一个按钮)如下:
< div id =fb-root>< / DIV>
< script type =text / javascriptsrc =http://connect.facebook.net/en_US/all.js#xfbml=1id =facebook-jssdk>< / script> ;
< script type =text / javascript>
FB.Event.subscribe('edge.create',
function(response){
console.log(response);
}
);
< / script>
不幸的是,对于常规API调用,您不能在扩展中使用Facebook JS SDK。你必须滚动自己的API包装器。
一个简单的方法来看看访问令牌是否有效,是对/ me进行图形API调用?fields = id与您保存的访问令牌。这将很快,您可以使用响应来查看访问令牌是否仍然有效。扩展程序的最佳做法是请求权限 offline_access 。
此外,我建议将重定向URI置于您拥有的域名这样,如果其他扩展程序正在执行相同的操作,您的脚本将不会干扰。访问令牌将是一样的。
As stated in the Facebook Oauth Documentation, in order to use the Client Side Flow with a Desktop App, the special return_uri https://www.facebook.com/connect/login_success.html is required.
Opening a new tab from Chrome to the url
https://www.facebook.com/dialog/oauth?client_id=MYAPPID&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token
works as expected, I am redirected to the login_success page with an access_token parameter containing the token. I can request data from the Graph API using simple GET requests (e.g., with jQuery):
$.getJSON("https://graph.facebook.com/me", {access_token : token}, function (d)
{
.. process returned data
});
My question is, can I continue to use the Javascript SDK without using the SDK's internal authorization methods.
FB.getLoginStatus returns an error that my Connect/Canvas URI isn't correct. How am I supposed to check the token status without that method [apart from a manual GET and response matching]?
FB.login obviously fails with the following error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri
(url does not match domain url in the app's config), as there seems to be no way to internally specify the return_uri above.
Is there a way to still rely on the Javascript SDK (especially events) while accessing a token externally? Am I supposed to override the access token?
Yes, you can use it for the normal events (i.e. someone clicked a like button) like so:
<div id="fb-root"></div>
<script type="text/javascript" src="http://connect.facebook.net/en_US/all.js#xfbml=1" id="facebook-jssdk"></script>
<script type="text/javascript">
FB.Event.subscribe('edge.create',
function(response) {
console.log(response);
}
);
</script>
Unfortunately for regular API calls you can't use the Facebook JS SDK from within your extensions. You'll have to roll your own API wrapper for that.
An easy way to see if the access token is valid, is to make a graph API call to /me?fields=id with the access token you have saved. That will be fast and you can use the response to see if the access token is still valid. Best practice for extensions is to request the permission offline_access.
Also, I would recommend having the redirect URI be on a domain you own. That way if other extensions are doing the same, your scripts won't interfere. Accessing the token will be the same.
这篇关于Chrome扩展程序:Facebook OAuth手动检索访问令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
