自 offline_access 弃用以来如何扩展访问令牌的有效性

由于 offline_access 权限 在Facebook 的 身份验证 流程,我们无法在没有该许可的情况下获取所谓的长期访问令牌.

在 Facebook 关于弃用的文档中,它说,服务器端OAuth 生成的访问令牌将长期存在,但不是.

我错过了什么吗?应用设置中的一些设置?我需要使用一些特殊代码来延长访问令牌的到期时间?据我了解文档,对于服务器端身份验证,用户登录时可以通过 PHP SDK 的 getAccessToken() 方法访问的访问令牌是长期存在的.

解决方案

编辑(2012 年 8 月 14 日):
一周前,官方 Facebook PHP SDK 已更新.函数名称更改为 setExtendedAccessToken,并决定我们实际上需要在之后销毁会话,以消除具有两个活动会话的风险.
此外,该函数不再实际返回令牌,而是将其存储在持久数据中.因此,您可以在之后使用公共函数 getAccessToken 获取新的访问令牌.从官方 Facebook PHP SDK github 页面 获取新 SDK,以确保您是最新的.>

原答案:

我在 base_facebook.php 文件中添加了一个新的公共函数,它返回一个新的访问令牌,该令牌将在 60 天后到期.您可以在收到普通访问令牌后向该函数发出请求.我没有测试过,但我假设您还需要在开发者应用的高级设置中启用弃用离线访问".

只需将其添加到 facebook 类中的 base_facebook.php 并调用它即可.它对我有用.

 公共函数 getExtendedAccessToken(){尝试 {//需要通过调用_oauthRequest来绕过json_decode//直接,因为响应不是 JSON 格式.$access_token_response =$this->_oauthRequest($this->getUrl('graph', '/oauth/access_token'), array('client_id' =>$this->getAppId(),'client_secret' =>$this->getAppSecret(),'grant_type'='fb_exchange_token','fb_exchange_token'=>$this->getAccessToken()));} catch (FacebookApiException $e) {//很可能是用户最近撤销了授权.//无论如何,我们没有访问令牌,所以这么说吧.返回假;}如果(空($access_token_response)){返回假;}$response_params = array();parse_str($access_token_response, $response_params);如果 (!isset($response_params['access_token'])) {返回假;}返回 $response_params['access_token'];}

Since the offline_access Permission is deprecated in Facebook's Authentication flow, we have problem getting the so called long lived access tokens without that permission.

In Facebook's document about the deprecation it says, that server side OAuth generated access tokens will be long lived, but they are not.

Am I missing something? Some setting in app settings? Some special code I need to use to extend expiration time of access tokens? As I understand the documentation, for server side authentication, the access token which can be accessed by getAccessToken() method of PHP SDK when the user is logged in is long lived.

解决方案

Edit (August 14th 2012):
A week ago the official Facebook PHP SDK was updated. The function name was changed to setExtendedAccessToken, and it was decided we actually needed to destroy the session afterwards, to remove the risk of having two active sessions.
Also, the function no longer actually returns the token, but instead stores it within the persistant data. You can therefore get the new access token with the public function getAccessToken afterwards. Grab the new SDK from official Facebook PHP SDK github page to make sure you're up to date.

Original Answer:

I have added a new public function to the base_facebook.php file, which returns an new access token which expires in 60 days. You can make a request to this function after you've received the normal access token. I've not tested, but I assume you also need to enable 'deprecate offline_access" in your Advanced settings of the Developer App.

Just add this to your base_facebook.php inside the facebook class and make a call to it. It works for me.

 public function getExtendedAccessToken(){

    try {
        // need to circumvent json_decode by calling _oauthRequest
          // directly, since response isn't JSON format.
        $access_token_response =
            $this->_oauthRequest(
                $this->getUrl('graph', '/oauth/access_token'), array(
                    'client_id' => $this->getAppId(),
                    'client_secret' => $this->getAppSecret(),
                    'grant_type'=>'fb_exchange_token',
                    'fb_exchange_token'=>$this->getAccessToken()
                )
            );
    } catch (FacebookApiException $e) {
      // most likely that user very recently revoked authorization.
      // In any event, we don't have an access token, so say so.
      return false;
    }

    if (empty($access_token_response)) {
      return false;
    }

    $response_params = array();
    parse_str($access_token_response, $response_params);
    if (!isset($response_params['access_token'])) {
      return false;
    }

    return $response_params['access_token'];
}

相关文章