facebook注销API - 为什么下一个 [英] facebook logout API - Why Next?
问题描述
这似乎反映了FB文档,表明我应该导航到
https://www.facebook.com/logout.php?next= [redirect_uri]& access_token = [token]
然而,那个不工作,并且默默地将我重定向到了主页。
我最好的猜测是Facebook不喜欢我提供的下一个URI。我更新了我的FB应用程序设置,但是它们还没有传播,或者还没有其他的功能。
我看过推荐使用InternetSetOption的帖子,但是该API在我的应用程序流程中,注销导致导航到我的应用程序中的另一个silverlight页面,所以我真的不需要浏览器重定向为了我的目的,所以我可以只是忘记访问令牌,而不实际告诉FB使它无效,但这似乎是弱和不安全的。
所以,等待更长时间,看看应用程序域是否改变传播到FB的服务器,并解决问题我有一个不同的问题:
为什么Facebook API关心我是否提供下一个?我不应该只能告诉他们使令牌无效并发生这种情况吗?
有没有一个我在这里错过的逻辑片?
谢谢!
更新:我写了一个开源的 WP7的Facebook登录/注销控制,允许这个(检查示例项目)。它通过基本上使用Web浏览器控件导航到注销页面,然后通过将JavaScript注入Web浏览器控件来提交注销表单。这个想法来自于此博客文章。
最接近的办法是通过向/ me /权限发出一个HTTP DELETE来撤消扩展权限,如 here 。简单地忘记认证令牌不是一个坏的选择,因为访问令牌通常只有一个小时或两个小时,除非你要求offline_access。如果用户过于担心,他们可以在Facebook.com上的设置页面上删除您的申请。
I'm writing a Windows Phone 7 app and have gotten Facebook login working using the C# sdk, but logging out has proven interesting. I've read this post:
Cannot Logout of Facebook with Facebook C# SDK
which seems to mirror the FB docs which indicate I should navigate to
https://www.facebook.com/logout.php?next=[redirect_uri]&access_token=[token]
However, that doesn't work and silently redirects me back to the facebook home page.
My best guess at the moment is facebook doesn't like the "next" URI I'm providing. I updated my FB app settings but either they haven't propagated yet, or something else is still not working.
I've seen posts recommending using InternetSetOption, but that API is not available on the phone.
In my application flow, logout leads to navigating to a different silverlight page in my app, so I really don't need the browser redirect for my purpose anyway, so I could just "forget" the access token without actually telling FB to invalidate it, but that seems weak and insecure.
So, while I wait longer to see if the app domain changes propagate across FB's servers and solve the problem I have a different question:
Why should the Facebook APIs care whether I provide "next" or not? Shouldn't I just be able to tell them to invalidate a token and have it happen?
Is there a logic piece I'm missing here?
Thanks!
Update: I wrote an open-source Facebook login/logout control for WP7 that allows this (check the example project). It works by essentially using the web browser control to navigate to the logout page and then submit the logout form by injecting javascript into the web browser control. The idea came from this blog post.
The closest thing would be to revoke the extended permissions by issuing an HTTP DELETE to /me/permissions as documented here. Simply forgetting the auth token isn't a bad option either as the access tokens are generally only good for an hour or two unless you asked for offline_access. And if a user is overly concerned, they can remove your application on their settings page on facebook.com.
这篇关于facebook注销API - 为什么下一个的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
