Facebook将令牌作为哈希而不是查询字符串的一部分返回
I am using https://www.facebook.com/v2.10/dialog/oauth endpoint to get access tokens in order to publish on behalf of my users.
I am trying to follow this guide: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/
My request looks like this: https://www.facebook.com/v2.10/dialog/oauth?client_id=...&response_type=code%20token%20granted_scopes&redirect_uri=...
And I am getting the following back: http://localhost:8000/?%2Fcallback&some=query#access_token=...&expires_in=6094
The question is why I am getting the token and expire_in as hash (notice the # above) instead of part of the query string so I can capture it by PHP's $_GET? And how can I fix that?
我正在使用 https://www.facebook.com/v2.10/dialog/oauth 端点获取访问令牌以便代表我的用户发布。 p> \ n
我正在尝试遵循本指南: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/ p>
我的请求如下所示: https: //www.facebook.com/v2.10/dialog/oauth?client_id=...&response_type=code%20token%20granted_scopes&redirect_uri= ... p>
我得到以下回复: http:// localhost:8000 /?%2Fcallback& some = query#access_token = ...& expires_in = 6094 p>
问题是我为什么 获取令牌和expire_in作为哈希(注意上面的#)而不是查询字符串的一部分所以我可以通过PHP的$ _GET捕获它? 我该如何解决这个问题呢? p> div>
The question is why I am getting the token and expire_in as hash (notice the # above) instead of part of the query string so I can capture it by PHP's $_GET? And how can I fix that?
The parameter response_type specifies what you get back, see https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login
You can choose whether you want a code returned as GET parameter, a token in the hash - or both, for a client- and server-side app that might need the/a token on both, but would on the server-side rather exchange a code via API, than trust a token send from the client. And you can also ask for the granted scope of permissions the user accepted - for apps that need to know whether certain essential permissions were granted, that can save an extra API request.