如何在没有HTTP重定向的情况下获取新的“授权码”? [英] How can I obtain a new 'authorization code' without an HTTP redirect?
问题描述
在此网址中,Facebook解释了如何使用Facebook Connect进行身份验证。
基本上,步骤如下:
-
重定向到Facebook为例。因此,我将获得授权代码
https://www.facebook.com / dialog / oauth?client_id = YOUR_APP_ID& redirect_uri = YOUR_URL& scope = email,read_stream
-
对以下地址进行HTTP发布,请求 access_token
https:// graph。 facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
Facebook将使用 access_token 回复最后一个HTTP帖子。
上面收到的 access_token 过期。仍然有效的秒数与 access_token 一起返回。好。
问题是:到期后应该怎么办?
从Facebook的网站:
除了访问令牌(access_token参数)之外,响应包含直到令牌过期的秒数( expires参数)。一旦令牌过期,您将需要重新运行上述步骤以生成新的代码并访问$ _
等待!我无法重新执行上述步骤,因为为了获得新的授权码,我必须重定向(step1)。我不想重定向我想通过网络服务获取新的授权码。用户已经授权我的申请,我再也不会有机会重定向他或她。
我该怎么办? p>
PS:在逻辑上思考,在access_token到期后,我不需要获得新的授权码。一个新的access_token就够了但是,正如我所说,Facebook说授权代码也将到期。
你想使用offline_access权限。这允许令牌长寿命。请参阅权限页面: http://developers.facebook.com/docs/authentication/permissions/ 。
At this url, Facebook explains how to authenticate using Facebook Connect.
Basically, the steps are the following:
Redirect to facebook as the example. As a result I'll get an authorization code
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_streamDo a HTTP post to the following address, asking for an access_token
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
Facebook will answer the last HTTP post with an access_token. Fine.
The access_token received above expires. The number of seconds it will still be valid is returned along with the access_token. Ok.
The problem is: What should I do after it expires?
From Facebook oficial website:
In addition to the access token (the access_token parameter), the response contains the number of seconds until the token expires (the expires parameter). Once the token expires, you will need to re-run the steps above to generate a new code and access_token
Wait! I can't re-run the steps above because in order to obtain a new authorization code I would have to redirect (step1). I don't want to redirect. I want to obtain a new authorization code through a web-service. The user already authorized my application and I won't have an oportunity again to redirect him or her.
What should I do?
PS: Thinking logically, I wouldn't need to gain a new authorization code after access_token expires. A new access_token would be enough. But, as I showed, facebook says authorization code also expires.
You would want to use the "offline_access" permission. This allows the token to be long-lived. See the permissions page: http://developers.facebook.com/docs/authentication/permissions/ .
这篇关于如何在没有HTTP重定向的情况下获取新的“授权码”?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
