如何将访问令牌从PHP实现的JS脚本传递给扩展的localStorage

Question

I am making a browser extension which uses the Facebook php and js SDK.

I need to get the user access token but I cannot use the js SDK locally (as facebook does not offer to connect from an extension directly) so I have to implement the js sdk into a php that is on my server (I cannot use the php sdk here as it does not allow automatic login via cookies but I need this).

So is there a safe way to transfer the access token from the js script part in my php to my localStorage? I could imagine using something like parent.postMessage(token, chrome://chrome_extension_id), is this safe? Or is there a direct way to safe something to the localStorage of the extension?

Another way would be to use the Facebook PHP sdk JavaScriptHelper developers.facebook.com

I already tried this code:

$fb = new Facebook\Facebook([/*...*/]);
$jsHelper = $fb->getJavaScriptHelper();
$access_token = $jsHelper->getAccessToken();
$_SESSION['fb_user_token'] = (string) $access_token;

/*...*/

$response = $fb->get("/?id=$url&fields=share{comment_count}", $_SESSION['_fb_user_token']);

But it does not work, as an object is passed to the get method at the end and not a string. So I think I made a mistake getting the string from the token object.

Answer 1

Ok, I got a solution by using the 2nd option in my original post (using the JavaScriptHelper function).

$access_token->getValue();

This was all I had to do with the access token object to get the access token string.

By the way, this was really helpful to get the available methods of the access token object:

array get_class_methods ( mixed $class_name )