Facebook应用程序密钥的目的是什么？ [英] What's purpose of facebook application key

问题描述

当您注册Facebook应用程序时，您将获得

When you register a facebook application you get

应用程序ID：123455678
应用程序密钥：hkjhkh3434hkklljk
应用程序秘密：jkjljlj1233455jk

application id: 123455678 application key: hkjhkh3434hkklljk application secret: jkjljlj1233455jk

对于OAuth 2，只有应用程序标识（也称为client_id）和应用程序秘密（也称为客户端秘诀）是有用的。

For OAuth 2 only application id (a.k.a. client_id) and application secret (a.k.a. client_secret) are userful.

应用密钥？是为了某些后端目的吗？如果是，那么什么是曝光点。

Wondering what's purpose of the application key? Is it for some backend purpose? If yes, then what's point of exposing.

推荐答案

我猜这只是向后兼容的，特别是对于旧的 Facebook Connect 实现和REST API，其中使用了 APP_KEY 。

I guess this is only present for backward compatibility, specifically for old Facebook Connect implementation and REST API where the APP_KEY was used.

正如你在 FB.init Javascript-SDK：

As you can see in the FB.init Javascript-SDK:

<div id="fb-root"></div>
<script>
  window.fbAsyncInit = function() {
    FB.init({
      appId  : 'YOUR APP ID',
      status : true, // check login status
      cookie : true, // enable cookies to allow the server to access the session
      xfbml  : true  // parse XFBML
    });
  };

  (function() {
    var e = document.createElement('script');
    e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
    e.async = true;
    document.getElementById('fb-root').appendChild(e);
  }());
</script>

他们没有提到 apiKey 是用于 PHP-SDK 。

现在，如果你去旧的 connect-js示例：

They don't mention the apiKey which is the code used with the NEW PHP-SDK.
Now if you go to the old connect-js example:

FB.init({ apiKey: '48f06bc570aaf9ed454699ec4fe416df' });

所以调试 connect.facebook.net/en_US/all.js 文件（使用 JSBeautifier ）：

So debugging the connect.facebook.net/en_US/all.js file (using JSBeautifier):

FB.provide('', {
    init: function (a) {
        a = FB.copy(a || {}, {
            logging: true,
            status: true
        });
        FB._apiKey = a.appId || a.apiKey;
        if (!a.logging && window.location.toString().indexOf('fb_debug=1') < 0) FB._logging = false;
        FB.XD.init(a.channelUrl);
        if (FB._apiKey) {
            FB.Cookie.setEnabled(a.cookie);
            a.session = a.session || FB.Cookie.load();
            FB.Auth.setSession(a.session, a.session ? 'connected' : 'unknown');
            if (a.status) FB.getLoginStatus();
        }
        if (a.xfbml) window.setTimeout(function () {
            if (FB.XFBML) FB.Dom.ready(FB.XFBML.parse);
        }, 0);
    }
});

你可以在这里看到，它检查是否存在 apiId 或 apiKey 然后尝试调用图形api和其他其余api：

You can see here that it's checking the presence of apiId or apiKey and then trying to call the graph api and else the rest api:

FB.provide('', {
    api: function () {
        if (typeof arguments[0] === 'string') {
            FB.ApiServer.graph.apply(FB.ApiServer, arguments);
        } else FB.ApiServer.rest.apply(FB.ApiServer, arguments);
    }
});

And：

graph: function () {
    var a = Array.prototype.slice.call(arguments),
        f = a.shift(),
        d = a.shift(),
        c, e, b;
    while (d) {
        var g = typeof d;
        if (g === 'string' && !c) {
            c = d.toLowerCase();
        } else if (g === 'function' && !b) {
            b = d;
        } else if (g === 'object' && !e) {
            e = d;
        } else {
            FB.log('Invalid argument passed to FB.api(): ' + d);
            return;
        }
        d = a.shift();
    }
    c = c || 'get';
    e = e || {};
    if (f[0] === '/') f = f.substr(1);
    if (FB.Array.indexOf(FB.ApiServer.METHODS, c) < 0) {
        FB.log('Invalid method passed to FB.api(): ' + c);
        return;
    }
    FB.ApiServer.oauthRequest('graph', f, c, e, b);
},
rest: function (e, a) {
    var c = e.method.toLowerCase().replace('.', '_');
    if (FB.Auth && c === 'auth_revokeauthorization') {
        var d = a;
        a = function (f) {
            if (f === true) FB.Auth.setSession(null, 'notConnected');
            d && d(f);
        };
    }
    e.format = 'json-strings';
    e.api_key = FB._apiKey;
    var b = FB.ApiServer._readOnlyCalls[c] ? 'api_read' : 'api';
    FB.ApiServer.oauthRequest(b, 'restserver.php', 'get', e, a);
},

正如你可以看到的，它与 Old Rest API ，阅读文档：

As you can see here, it's used with the Old Rest API, reading the documentation there:

REST API支持OAuth 2.0
以及旧的自定义
授权签名方案。有关如何将
现有会话升级到OAuth 2.0的
信息，请参阅
认证升级指南。

The REST API supports both OAuth 2.0 as well as an older, custom authorization signature scheme. See the authentication upgrade guide for information about how to upgrade your existing sessions to OAuth 2.0.

所以 APP_KEY 绝对是向后兼容的！

So the APP_KEY is definitely there for backward compatibility!

这篇关于Facebook应用程序密钥的目的是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！