Facebook的访问令牌 - 服务器端身份验证
您好我试图使用Facebook服务器端authenticaion以获得访问令牌,但不断收到我引发的错误。
Hello i'm trying to use facebook server-side authenticaion to get the access token but keep getting errors thrown at me.
我现在用的波纹管:
$app_id = "YOUR_APP_ID";
$app_secret = "YOUR_APP_SECRET";
$my_url = "YOUR_URL";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
应用程序ID和APP秘密已被删除,所以不要对那部分忧虑。
我得到的get_file_contents超时错误。
App ID and APP Secret have been removed so dont worry about that part. I get errors about the get_file_contents time out.
[function.file-GET-内容]:未能打开流:连接超时
出
[function.file-get-contents]: failed to open stream: Connection timed out
有没有获得访问令牌另一个或更好的办法?
Is there another or better way of getting the access tokens?
贝娄是版本我都试过,包括卷曲的想法:
Bellow is the version i have tried including the cURL idea:
function get_data_cURL($url)
{
$ch = curl_init();
$timeout = 5;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function getAccessToken(){
$app_id = FB_APP_ID;
$app_secret = FB_SECRET_ID;
$canvas_URL = FB_CANVAS_URL;
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_URL) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_URL)
. "&client_secret=" . $app_secret . "&code=" . $code;
$returned_content = get_data_cURL($token_url);
echo'Well Done! - '.$returned_content;
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
}
的详细信息:的
应用程序设置 - 帆布网址: http://www.apps.elistone.co.uk / DrawMyFriend /
App Settings - Canvas URL: http://www.apps.elistone.co.uk/DrawMyFriend/
FB_APP_ID = The Facebook App ID
FB_SECRET_ID = The Facebook Secret ID
FB_CANVAS_URL = http://www.apps.elistone.co.uk/DrawMyFriend/
即使有这样的更新我仍然得到这个错误:
Even with this update i still get this error:
的旧的错误的
干得好! - {错误:{消息:错误验证验证
code,类型:OAuthException,code:100}}
Well Done! - {"error":{"message":"Error validating verification code.","type":"OAuthException","code":100}}
新错误
这似乎被重定向删除状态code而引起的。
This seems to be caused by the redirect removing the state code.
状态不匹配。你可能是CSRF的受害者。 -
193c791ddd71c3fd84d411db5554c315(州code)
The state does not match. You may be a victim of CSRF. - 193c791ddd71c3fd84d411db5554c315 (state code)
我也试图通过改变绕过CSRF保护:
I have also tried bypassing the CSRF protection by changing:
if($_REQUEST['state'] == $_SESSION['state'])
TO:
if(!empty($code))
但是,这仍然使旧的错误问题,我听说它是由重定向链接什么引起的,但林不知道如何解决它。
But this still gives the old error problem, I have heard it is caused by something in the redirect link but im not sure how to fix it.
问题解决了
沿时间尝试后,我已导致使用以下,以获取用户访问令牌使用PHP SDK:
After trying along time i have resulted to using the PHP SDK using the below to get the user access token:
$app_id = FB_APP_ID;
$app_secret = FB_SECRET_ID;
$canvas_URL = FB_PAGE_URL;
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . $canvas_URL . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$facebook->api('oauth/access_token', array(
'client_id' => FB_APP_ID,
'client_secret' => FB_SECRET_ID,
'type' => 'client_cred',
'code' => $code,
));
$token = $facebook->getAccessToken();
echo$token;
}
我现在打算把它变成一些八九不离十功能。
非常感谢您对大家的时间和帮助。
I am now going to turn this into some sorta function. Thank you very much for everyones time and help.
希望这可以帮助有需要的人在未来的(除非Facebook的突然改变一切)
Hope this helps people in need in the future (unless Facebook changes everything suddenly)
我建议你使用 PHP SDK库获得与Facebook API通信。而且只需使用 getAccessToken()或 getAccessTokenFrom code()方法。
I recommend you to use PHP SDK library for communicating with Facebook API. And simply use getAccessToken() or getAccessTokenFromCode() methods.
更新
要找回你获得访问令牌之前发送的OAuth请求用户访问令牌。在回答更新详情:
To retrieve user access token you have to send oauth request before getting access token. Details in answer update:
$facebook->api('oauth/access_token', array(
'client_id' => APP_ID,
'client_secret' => APP_SECRET,
'type' => 'client_cred',
'code' => $code,
));
$token = $facebook->getAccessToken();