[英]How to pass access token from php implemented js script to localStorage of extension
I am making a browser extension which uses the Facebook php and js SDK. 我正在制作一个使用Facebook php和js SDK的浏览器扩展。
I need to get the user access token but I cannot use the js SDK locally (as facebook does not offer to connect from an extension directly) so I have to implement the js sdk into a php that is on my server (I cannot use the php sdk here as it does not allow automatic login via cookies but I need this). 我需要获取用户访问令牌,但无法在本地使用js SDK(因为facebook不提供直接从扩展名进行连接的功能),因此我必须将js sdk实现到服务器上的php中(我不能使用php sdk,因为它不允许通过Cookie自动登录,但我需要这样做)。
So is there a safe way to transfer the access token from the js script part in my php to my localStorage? 那么,是否存在将访问令牌从我的PHP的js脚本部分转移到我的localStorage的安全方法? I could imagine using something like parent.postMessage(token, chrome://chrome_extension_id), is this safe? 我可以想象使用诸如parent.postMessage(token,chrome:// chrome_extension_id)之类的东西安全吗? Or is there a direct way to safe something to the localStorage of the extension? 还是有直接的方法可以保护扩展的localStorage安全?
Another way would be to use the Facebook PHP sdk JavaScriptHelper developers.facebook.com 另一种方法是使用Facebook PHP sdk JavaScriptHelper developers.facebook.com
I already tried this code: 我已经尝试过此代码:
$fb = new Facebook\Facebook([/*...*/]);
$jsHelper = $fb->getJavaScriptHelper();
$access_token = $jsHelper->getAccessToken();
$_SESSION['fb_user_token'] = (string) $access_token;
/*...*/
$response = $fb->get("/?id=$url&fields=share{comment_count}", $_SESSION['_fb_user_token']);
But it does not work, as an object is passed to the get method at the end and not a string. 但这是行不通的,因为将对象而不是字符串传递到get方法的末尾。 So I think I made a mistake getting the string from the token object. 因此,我认为从令牌对象获取字符串时出错。
Ok, I got a solution by using the 2nd option in my original post (using the JavaScriptHelper function). 好的,我在原始帖子中使用了第二个选项(使用JavaScriptHelper函数)得到了一个解决方案。
$access_token->getValue();
This was all I had to do with the access token object to get the access token string. 这就是我要使用访问令牌对象来获取访问令牌字符串的全部操作。
By the way, this was really helpful to get the available methods of the access token object: 顺便说一句,这对于获取访问令牌对象的可用方法非常有帮助:
array get_class_methods ( mixed $class_name )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.