如何延长访问令牌的有效性,因为offline_access已被弃用 [英] How to extend access token validity since offline_access deprecation
问题描述
由于 offline_access 权限已被弃用Facebook的验证流程,我们在没有该权限的情况下,会出现所谓的长期访问令牌问题。
在 Facebook关于弃用的文档中,该服务器端OAuth生成的访问令牌将长期存在,但不是。我/我缺少一些东西吗?
应用设置中有些设置?我需要使用一些特殊代码来延长访问令牌的到期时间?据了解文档,对于服务器端身份验证,当用户登录时,可以通过PHP SDK的
getAccessToken()方法访问访问令牌。 编辑(2012年8月14日):
一周前官方Facebook PHP SDK已更新。功能名称已更改为 setExtendedAccessToken ,并且决定我们实际上需要在之后销毁会话,以消除有两个活动会话的风险。
另外,函数no更长的实际返回令牌,而是将其存储在持久性数据中。因此,您可以使用public function getAccessToken 获取新的访问令牌。从官方Facebook PHP SDK github页面获取新的SDK,以确保您最新。 p>
原始答案
我已经在base_facebook.php中添加了一个新的公共函数文件,它返回一个新的访问令牌,在60天内到期。您可以在收到正常访问令牌后向该功能发出请求。我还没有测试,但我认为您还需要在开发者应用程序的高级设置中启用deprecate offline_access。
只需将其添加到base_facebook.php在facebook类里面打电话给它,它适用于我。
public function getExtendedAccessToken(){
try {
//需要通过直接调用_oauthRequest
//来绕过json_decode,因为响应不是JSON格式
$ access_token_response =
$ this-> ; _oauthRequest(
$ this-> getUrl('graph','/ oauth / access_token'),数组(
'client_id'=> $ this-> getAppId(),
'client_secret'=> $ this-> getAppSecret(),
'grant_type'=>'fb_exchange_token',
'fb_exchange_token'=> $ this-> getAccessToken()
)
);
} catch(FacebookApiException $ e){
//很可能该用户最近被撤销了授权。
//无论如何,我们没有访问令牌,所以说。
返回false;
}
if(empty($ access_token_response)){
return false;
}
$ response_params = array();
parse_str($ access_token_response,$ response_params);
if(!isset($ response_params ['access_token'])){
return false;
}
return $ response_params ['access_token'];
}
Since the offline_access Permission is deprecated in Facebook's Authentication flow, we have problem geting the so called long lived access tokens without that permission.
In Facebook's document about the deprecation it says, that server side OAuth generated access tokens will be long lived, but they are not.
Am I missing something? Some setting in app settings? Some special code I need to use to extend expiration time of access tokens? As I understand the documentation, for server side authentication, the access token wich can be accessed by getAccessToken() method of PHP SDK when the user is logged in is long lived.
Edit (August 14th 2012):
A week ago the official Facebook PHP SDK was updated. The function name was changed to setExtendedAccessToken, and it was decided we actually needed to destroy the session afterwards, to remove the risk of having two active sessions.
Also, the function no longer actually returns the token, but instead stores it within the persistant data. You can therefore get the new access token with the public function getAccessToken afterwards. Grab the new SDK from official Facebook PHP SDK github page to make sure you're up to date.
Original Answer:
I have added a new public function to the base_facebook.php file, which returns an new access token which expires in 60 days. You can make a request to this function after you've received the normal access token. I've not tested, but I assume you also need to enable 'deprecate offline_access" in your Advanced settings of the Developer App.
Just add this to your base_facebook.php inside the facebook class and make a call to it. It works for me.
public function getExtendedAccessToken(){
try {
// need to circumvent json_decode by calling _oauthRequest
// directly, since response isn't JSON format.
$access_token_response =
$this->_oauthRequest(
$this->getUrl('graph', '/oauth/access_token'), array(
'client_id' => $this->getAppId(),
'client_secret' => $this->getAppSecret(),
'grant_type'=>'fb_exchange_token',
'fb_exchange_token'=>$this->getAccessToken()
)
);
} catch (FacebookApiException $e) {
// most likely that user very recently revoked authorization.
// In any event, we don't have an access token, so say so.
return false;
}
if (empty($access_token_response)) {
return false;
}
$response_params = array();
parse_str($access_token_response, $response_params);
if (!isset($response_params['access_token'])) {
return false;
}
return $response_params['access_token'];
}
这篇关于如何延长访问令牌的有效性,因为offline_access已被弃用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
