Facebook应用程序密钥的目的是什么? [英] What's purpose of facebook application key
问题描述
当您注册Facebook应用程序时,您将获得
When you register a facebook application you get
应用程序ID:123455678
应用程序密钥:hkjhkh3434hkklljk
应用程序秘密:jkjljlj1233455jk
application id: 123455678 application key: hkjhkh3434hkklljk application secret: jkjljlj1233455jk
对于OAuth 2,只有应用程序标识(也称为client_id)和应用程序秘密(也称为客户端秘诀)是有用的。
For OAuth 2 only application id (a.k.a. client_id) and application secret (a.k.a. client_secret) are userful.
应用密钥?是为了某些后端目的吗?如果是,那么什么是曝光点。
Wondering what's purpose of the application key? Is it for some backend purpose? If yes, then what's point of exposing.
推荐答案
我猜这只是向后兼容的,特别是对于旧的 Facebook Connect 实现和REST API,其中使用了 APP_KEY
。
I guess this is only present for backward compatibility, specifically for old Facebook Connect implementation and REST API where the APP_KEY
was used.
正如你在 FB.init
Javascript-SDK:
As you can see in the FB.init
Javascript-SDK:
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({
appId : 'YOUR APP ID',
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});
};
(function() {
var e = document.createElement('script');
e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
e.async = true;
document.getElementById('fb-root').appendChild(e);
}());
</script>
他们没有提到 apiKey
是用于 PHP-SDK 。
现在,如果你去旧的 connect-js示例:
They don't mention the apiKey
which is the code used with the NEW PHP-SDK.
Now if you go to the old connect-js example:
FB.init({ apiKey: '48f06bc570aaf9ed454699ec4fe416df' });
所以调试 connect.facebook.net/en_US/all.js
文件(使用 JSBeautifier ):
So debugging the connect.facebook.net/en_US/all.js
file (using JSBeautifier):
FB.provide('', {
init: function (a) {
a = FB.copy(a || {}, {
logging: true,
status: true
});
FB._apiKey = a.appId || a.apiKey;
if (!a.logging && window.location.toString().indexOf('fb_debug=1') < 0) FB._logging = false;
FB.XD.init(a.channelUrl);
if (FB._apiKey) {
FB.Cookie.setEnabled(a.cookie);
a.session = a.session || FB.Cookie.load();
FB.Auth.setSession(a.session, a.session ? 'connected' : 'unknown');
if (a.status) FB.getLoginStatus();
}
if (a.xfbml) window.setTimeout(function () {
if (FB.XFBML) FB.Dom.ready(FB.XFBML.parse);
}, 0);
}
});
你可以在这里看到,它检查是否存在 apiId
或 apiKey
然后尝试调用图形api和其他其余api:
You can see here that it's checking the presence of apiId
or apiKey
and then trying to call the graph api and else the rest api:
FB.provide('', {
api: function () {
if (typeof arguments[0] === 'string') {
FB.ApiServer.graph.apply(FB.ApiServer, arguments);
} else FB.ApiServer.rest.apply(FB.ApiServer, arguments);
}
});
And:
graph: function () {
var a = Array.prototype.slice.call(arguments),
f = a.shift(),
d = a.shift(),
c, e, b;
while (d) {
var g = typeof d;
if (g === 'string' && !c) {
c = d.toLowerCase();
} else if (g === 'function' && !b) {
b = d;
} else if (g === 'object' && !e) {
e = d;
} else {
FB.log('Invalid argument passed to FB.api(): ' + d);
return;
}
d = a.shift();
}
c = c || 'get';
e = e || {};
if (f[0] === '/') f = f.substr(1);
if (FB.Array.indexOf(FB.ApiServer.METHODS, c) < 0) {
FB.log('Invalid method passed to FB.api(): ' + c);
return;
}
FB.ApiServer.oauthRequest('graph', f, c, e, b);
},
rest: function (e, a) {
var c = e.method.toLowerCase().replace('.', '_');
if (FB.Auth && c === 'auth_revokeauthorization') {
var d = a;
a = function (f) {
if (f === true) FB.Auth.setSession(null, 'notConnected');
d && d(f);
};
}
e.format = 'json-strings';
e.api_key = FB._apiKey;
var b = FB.ApiServer._readOnlyCalls[c] ? 'api_read' : 'api';
FB.ApiServer.oauthRequest(b, 'restserver.php', 'get', e, a);
},
正如你可以看到的,它与 Old Rest API ,阅读文档:
As you can see here, it's used with the Old Rest API, reading the documentation there:
REST API支持OAuth 2.0
以及旧的自定义
授权签名方案。有关如何将
现有会话升级到OAuth 2.0的
信息,请参阅
认证升级指南。
The REST API supports both OAuth 2.0 as well as an older, custom authorization signature scheme. See the authentication upgrade guide for information about how to upgrade your existing sessions to OAuth 2.0.
所以 APP_KEY
绝对是向后兼容的!
So the APP_KEY
is definitely there for backward compatibility!
这篇关于Facebook应用程序密钥的目的是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!