[英]How to access Facebook public data from client-side without compromising app secret
I'm trying to build a JavaScript metro app that pulls Facebook public data (posts from Home Depot for example) through their Graph API. 我正在尝试构建一个JavaScript Metro应用程序,该应用程序通过其Graph API提取Facebook公共数据(例如,来自Home Depot的帖子)。 It seems that an access token is always required to interact with the Graph API. 似乎始终需要访问令牌才能与Graph API进行交互。
In order to obtain an access token, both the App ID and Secrets needs to be sent to the Facebook OAuth endpoint. 为了获得访问令牌,需要将App ID和Secrets都发送到Facebook OAuth端点。 This makes sense for server-side code but not for client-side, since the app secret cannot be shipped with client code that can be easily unpackaged/decomplied/intercepted. 这对于服务器端代码有意义,但对于客户端端则没有意义,因为应用程序密码无法与可以轻松拆包/反汇编/拦截的客户端代码一起提供。
So my questions are: 所以我的问题是:
Please keep in mind that: 请记住:
Thanks! 谢谢!
No 没有
One option is to have the user log in and get an access token for them that way. 一种选择是让用户登录并以这种方式获取他们的访问令牌。 Another would be to have your own server provide a token creation service, so the secret would not need to be in the app binary. 另一个办法是让您自己的服务器提供令牌创建服务,因此秘密不必在应用程序二进制文件中。
You can exchange a token to a longer-lived 60 day token https://developers.facebook.com/docs/facebook-login/access-tokens/#extending 您可以将令牌交换为寿命更长的60天令牌https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.