在服务器端流请求长时间访问 [英] Requesting long lived access_token on serverside flow

问题描述

我有一个Java网络应用程序，用于向用户Facebook的墙壁发布项目，当用户最初注册时，我们将获得一个60天的access_token，这个持久化到我们的数据库，现在我将使用我们的当用户登录我们的网站时，Facebook的按钮会更新令牌，这一切都很好，因为他们通常会访问超过60天。

I have a Java web app that posts items to our users facebook walls, when the user initially signs up we get a 60 day access_token which is persisted to our database, now that the offline_access is be removed I using our 'Login with facebook' button to update the tokens when the user logs into our website, this is all good as they will typically visit more than 60 days apart.

我已经实现了上述它工作得很好...但后来我发现从登录操作生成的访问令牌在1小时后过期....显然不是很好，我们不能在离开时挂在墙上。

I have implemented the above and it works well...but then I found that the access tokens that are being generated from the login action expire after 1 hour....obviously not good a we cant post to their walls while they are away.

下面的代码演示了如何通过signed_request方法（在Java SEAM应用程序中）获取令牌，这样可以正常工作，但令牌是短命的

The code below demonstrates how we are getting the tokens via the signed_request method (in Java SEAM App), this works ok, but the tokens are short-lived

任何人都可以建议如何确保令牌是60天类型

Can anyone suggest how to ensure the tokens are the 60-day type

谢谢

public void loginWithFacebook(){
    accessToken = null;
    try {
        accessToken = FaceBookSecurity.getFBAccessToken();
    } catch (Exception e) {
        log.error("Error getting FB access token: "+e);
    }
    FacebookClient facebookClient = new DefaultFacebookClient(accessToken);
    com.restfb.types.User facebookUser = facebookClient.fetchObject("me", com.restfb.types.User.class);
    facebookEmail = facebookUser.getEmail();
    if (facebookEmail != null) {
        new RunAsOperation(true) {
            public void execute() {
                user = ((UserDAO)Component.getInstance("userDAO")).findByEmail(StringUtils.lowerCase(facebookEmail));
                if (user != null && user.getFacebookToken() != null && !accessToken.equals(user.getFacebookToken())) {
                    user.setFacebookToken(accessToken);
                    log.error("FB: updating "+user.getFirstname()+" "+user.getSurname()+"s FB token to: "+accessToken);
                }
            }
        }.run();
        if (user != null) {
            //set the user as logged in

            return;
        }
    }
    messagePoster.postPopupErrorMessage(messages.get("facebookLoginFailed"));
}

public static String getFBAccessToken()
        throws Exception {

    HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
    Cookie fbCookie = getFBCookie(request);

    String fbCookieValue = fbCookie.getValue();
    String[] stringArgs = fbCookieValue.split("\\.");
    String encodedPayload = stringArgs[1];
    JsonObject data;
    try{
        String payload = base64UrlDecode(encodedPayload);

        // gets the js object from the cookie
        data = new JsonObject(payload);
    }catch (Exception e){
        return "";
    }

    String authUrl = getAuthURL(data.getString("code"));
    URL url = new URL(authUrl);
    URI uri = new URI(url.getProtocol(), url.getHost(), url.getPath(),
            url.getQuery(), null);
    String result = readURL(uri.toURL());

    String[] resultSplited = result.split("&");
    return resultSplited[0].split("=")[1];
}

// creates the url for calling to oauth.
public static String getAuthURL(String authCode) {
    String url = "https://graph.facebook.com/oauth/access_token?client_id="
            + FacebookApp.appId
            + "&redirect_uri=&client_secret="
            + FacebookApp.appSecret + "&code="
            + authCode;
    return url;
}

// reads the url.
private static String readURL(URL url) throws IOException {
    InputStream is = url.openStream();
    InputStreamReader inStreamReader = new InputStreamReader(is);
    BufferedReader reader = new BufferedReader(inStreamReader);
    String s = "";
    int r;
    while ((r = is.read()) != -1) {
        s = reader.readLine();
    }
    reader.close();
    return s;
}

private static String base64UrlDecode(String input){
    return new String(Base64.decodeBase64(input.getBytes()));
}

推荐答案

如果你需要的是发布到用户的墙上，然后您还可以使用 app_access_token ，前提是您要求 publish_stream 权限。

If all you need is to post to the user's wall, then you can also use app_access_token provided you have asked for publish_stream permission.

您可以拨打：

https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&client_secret=YOUR_APP_SECRET
&grant_type=client_credentials

阅读这个。

编辑：app access_tokens不要过期，直到应用程式密码重置为止。

app access_tokens do not expire until the app secret is reset.

这篇关于在服务器端流请求长时间访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！