[英]Facebook Graph API rejects newly created access token
Earlier today, the Facebook login flow of our web application stopped working for some users. 今天早些时候,我们的Web应用程序的Facebook登录流程已停止为某些用户工作。 When we try to fetch the current profile, an error is returned.
当我们尝试获取当前配置文件时,会返回错误。 It claims that the access token we just generated by redirecting the user to the OAuth login flow has been rejected.
它声称我们刚刚通过将用户重定向到OAuth登录流程而生成的访问令牌已被拒绝。
The reason given is: 给出的理由是:
The access token is invalid since the user hasn't engaged the app in longer than 90 days
访问令牌无效,因为用户未在超过90天内使用该应用
To me, this makes no sense since we do not store the access token anywhere except for the current session and recreate it every time the user logs in with Facebook. 对我来说,这没有任何意义,因为我们不会将访问令牌存储在除当前会话之外的任何位置,并且每次用户使用Facebook登录时都会重新创建它。
The stacktrace from Spring Social for the GET /me
call looks like this: 来自Spring Social的
GET /me
调用的栈跟踪如下所示:
ERR c.s.f.v.resource.AuthenticationResource Exception when connecting with Facebook
org.springframework.social.RevokedAuthorizationException: The authorization has been revoked. Reason: The access token is invalid since the user hasn't engaged the app in longer than 90 days.
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleFacebookError(FacebookErrorHandler.java:85)
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleError(FacebookErrorHandler.java:59)
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:775)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:728)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:702)
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:350)
at org.springframework.social.facebook.api.impl.FacebookTemplate.fetchObject(FacebookTemplate.java:220)
at org.springframework.social.facebook.api.impl.FacebookTemplate.fetchObject(FacebookTemplate.java:215)
The issue is probably related to changes in the Facebook API , but I do not see how this affects the short lived access tokens we create on every login. 问题可能与Facebook API的变化有关,但我不知道这会如何影响我们在每次登录时创建的短期访问令牌。
I ran into this issue when our integration tests logged in with a test user - the following JSON came back from the Graph API: 当我们的集成测试与测试用户一起登录时,我遇到了这个问题 - 以下JSON从Graph API返回:
{
"error": {
"message": "The access token is invalid since the user hasn't engaged the app in longer than 90 days.",
"type": "OAuthException",
"code": 190,
"error_subcode": 493,
"fbtrace_id": "F/1z2AsTRx8"
},
"timestamp_microsecond": "2018-05-30 11:22:01.353949"
}
That was a bigger problem as our test users don't "engage" with the app as such. 这是一个更大的问题,因为我们的测试用户不会与应用程序“互动”。 To fix this I had to:
为了解决这个问题,我不得不:
Once I'd done all those steps my test user (and integration tests) worked again. 一旦我完成了所有这些步骤,我的测试用户(和集成测试)再次工作。
facebook responses: Facebook回复:
Thanks for getting in touch.
感谢您的联系。 This is actually a known issue that we are already tracking in another bug report.
这实际上是我们已经在另一个错误报告中跟踪的已知问题。
I'm going to merge your report with the existing one, so we can deal with the issue in one place.
我要将您的报告与现有报告合并,因此我们可以在一个地方处理该问题。 Please refer to this thread for updates: http://developers.facebook.com/bugs/194772814474841/
请参阅此主题以获取更新: http : //developers.facebook.com/bugs/194772814474841/
My temporal solution was to use JS SDK, it is working correctly in my case... 我的时间解决方案是使用JS SDK,它在我的情况下正常工作...
Update : 更新 :
The issue seems to have just been fixed by Facebook. 这个问题似乎刚刚由Facebook修复。
I filed a bug with Facebook and they are currently (5/3/18) working on a resolution. 我向 Facebook 提交了一个错误 ,他们目前(5/3/18)致力于解决问题。
There are several workarounds suggested here and in the bug comments. 这里和bug评论中提出了几种解决方法。 To summarize:
总结一下:
auth_type=reauthorize
auth_type=reauthorize
手动重新授权用户 I'm going for solution #2 as it seems to be the most straight-forward way. 我正在寻找解决方案#2,因为它似乎是最直接的方式。
I have found this link in FB docs: Refreshing User Access Tokens 我在FB文档中找到了这个链接: 刷新用户访问令牌
Which mentions that after 90 days users must re-establish their token, so in case of such error we should just redirect the user to register again. 其中提到用户必须在90天后重新建立令牌,因此如果出现此类错误,我们应该重定向用户再次注册。
They even mention that they remove tokens of non-active users in the top of this doc. 他们甚至提到他们在本文档的顶部删除了非活跃用户的标记。 Maybe they did a mistake and removed all users tokens.
也许他们犯了一个错误并删除了所有用户令牌。
Anyhow the solution is to redirect users to resubscribe.
无论如何,解决方案是重定向用户重新订阅。
The bug persist according to discussion 根据讨论,这个bug仍然存在
According to a user's comment of mentioned discussion, we revoked permissions of every user of our app and it worked. 根据用户对上述讨论的评论,我们撤销了我们应用的每个用户的权限,并且它有效。 For this we used next graph api endpoint .
为此我们使用了下一个图api 端点 。 We had to persist the users' facebookIDs.
我们必须坚持用户的facebookID。
Regards 问候
TEMPORARY SOLUTION For iOS you need to change SDKs code to support "reauthorize". 临时解决方案对于iOS,您需要更改SDK代码以支持“重新授权”。 In order to change source code you will need to download it using CocoaPods.
要更改源代码,您需要使用CocoaPods下载它。 Then copy the following functions over pods: https://github.com/mavris/FacebookFix
然后通过pod复制以下功能: https : //github.com/mavris/FacebookFix
Add Permission Code in your App 在您的应用中添加权限代码
Likes 喜欢
Android : fbLoginButton.setReadPermissions(Arrays.asList(EMAIL)); Android:fbLoginButton.setReadPermissions(Arrays.asList(EMAIL));
IOS: loginButton.readPermissions = @[@"public_profile", @"email"]; IOS:loginButton.readPermissions = @ [@“public_profile”,@“email”];
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.