使Facebook访问令牌无效? [英] Invalidating a facebook access token?
问题描述
是否可以使Facebook访问令牌无效?
Is it possible to invalidate a facebook access token?
由于最近不推荐使用offline_access,我需要这样做。
I need to do this due to the recent deprecation of offline_access.
问题是令牌不能超过60天。即使用户返回到应用程序(除非我有误会?)
The problem is that the token cannot be extended beyond 60 days. Even if the user returns to the app (unless I am misunderstanding?)
所以,我想做的是使令牌无效,然后立即将用户重新登录我可以获得一个新的访问令牌,新的60天到期日期。只要用户每两个月一次,一切都应该可以。
So, what I want to do is invalidate the token, then immediately log the user back in so that I can get a new access token back, with a new 60 day expiry date. As long as the user comes by once every two months, everything should be OK.
我不想将用户从Facebook中登录,所以FB.logout不可用
I do not want to log the user out of Facebook so FB.logout is not usable.
可以吗?
推荐答案
您可以发送DELETE请求 / me / permissions 这应该(我认为)使用户的会话无效。
You can send a DELETE request to /me/permissions which should (I think) invalidate the session for the user.
但是,我真的不明白你为什么要这么做
您可以使用服务器端身份验证,最终获得60天令牌,无论您以前有什么令牌。
所以,每次你想再多60天,只需使用服务器端进程验证用户。
However, I don't really see why you want to do that. You can just use the server side authentication which ends up with a 60 days token regardless of what token you had before. So, every time you want 60 more days just authenticate the user using the server side process.
这篇关于使Facebook访问令牌无效?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
