如何从客户端访问Facebook公共数据而不损害应用程序机密
[英]How to access Facebook public data from client-side without compromising app secret
问题描述
I'm trying to build a JavaScript metro app that pulls Facebook public data (posts from Home Depot for example) through their Graph API. 
我正在尝试构建一个JavaScript Metro应用程序,该应用程序通过其Graph API提取Facebook公共数据(例如,来自Home Depot的帖子)。 It seems that an access token is always required to interact with the Graph API. 似乎始终需要访问令牌才能与Graph API进行交互。
In order to obtain an access token, both the App ID and Secrets needs to be sent to the Facebook OAuth endpoint. 为了获得访问令牌,需要将App ID和Secrets都发送到Facebook OAuth端点。 This makes sense for server-side code but not for client-side, since the app secret cannot be shipped with client code that can be easily unpackaged/decomplied/intercepted. 这对于服务器端代码有意义,但对于客户端端则没有意义,因为应用程序密码无法与可以轻松拆包/反汇编/拦截的客户端代码一起提供。
So my questions are: 所以我的问题是:
- Is there a way to access the Graph API (public data) without using access tokens? 有没有不用访问令牌就可以访问Graph API(公共数据)的方法?
- Is there a way to obtain an access token without sending over the App Secret? 有没有一种方法可以获取访问令牌而无需通过App Secret发送?
- Is there a replacement to the offline_access token? 可以对offline_access令牌进行替换吗?
Please keep in mind that: 请记住:
- I only need to access PUBLIC data. 我只需要访问PUBLIC数据。
- NO user login is needed. 无需用户登录。
Thanks! 谢谢!
1 个解决方案
解决方案1
1 已采纳 2013-09-06 00:20:29
No
没有 One option is to have the user log in and get an access token for them that way.
一种选择是让用户登录并以这种方式获取他们的访问令牌。 Another would be to have your own server provide a token creation service, so the secret would not need to be in the app binary. 另一个办法是让您自己的服务器提供令牌创建服务,因此秘密不必在应用程序二进制文件中。 You can exchange a token to a longer-lived 60 day token https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
您可以将令牌交换为寿命更长的60天令牌https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.