即使使用offline_access,Facebook访问令牌也会过期
[英]Facebook access token expires even with offline_access
问题描述
Users login Facebook on my website via an URL that redirects them to https://graph.facebook.com/oauth/authorize?client_id=116908145XXXXXX&display=page&scope=offline_access&redirect_uri=http://localhost:8000/account/services/?service=facebookcallback 
用户通过URL将我们的网站重定向到https://graph.facebook.com/oauth/authorize?client_id=116908145XXXXXX&display=page&scope=offline_access&redirect_uri=http://localhost:8000/account/services/?service=facebookcallback
On the callback page I make a request with the code I receive to get the access token, at this URL 在回调页面上,我使用我收到的代码发出请求以获取访问令牌,在此URL处
https://graph.facebook.com/oauth/access_token?code=2.3m2hLauQJpWTGFExUK6O3w__.3600.1290081600-100001796185871%7.....&format=json&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Faccount%2Fservices%2F%3Fservice%3Dfacebookcallback&client_id=116908145040447&scope=offline_access&client_secret=...
The response I get is this access_token=116908145XXXXXX|2.3m2hLauQJpWTGFExUK6O3w__.3600.1290081600-100001796185871|S3MG...&expires=3912 我得到的响应是access_token=116908145XXXXXX|2.3m2hLauQJpWTGFExUK6O3w__.3600.1290081600-100001796185871|S3MG...&expires=3912
As it can be seen from the token it has an expiration date. 从令牌中可以看出它有一个到期日期。
The token expires some hours after the request. 令牌在请求后几个小时到期。 Shouldn't I receive an access token without expiration date if I make the requests with scope=offline_access ? 如果我使用scope = offline_access发出请求,我是否应该收到没有过期日期的访问令牌?
2 个解决方案
解决方案1
2 2012-06-04 20:10:16
Old post, but the info might be useful for someone else. 旧帖子,但信息可能对其他人有用。
Facebook now disables offline_access by default. Facebook现在默认禁用offline_access。 You must enable an app migration if you still want to use it. 如果您仍想使用它,则必须启用应用程序迁移。
With the migration off, tokens will be "short lived" and last only an hour or two. 随着迁移的关闭,令牌将“短暂”并持续一两个小时。 You can get an extended token which lasts about 60 days by making a request to 您可以通过提出请求获得一个持续约60天的扩展令牌
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
解决方案2
1 2010-11-23 01:56:35
tokens you get with offline_access permissions, are "long-lived" as facebook says in their documentation, but it is not said that it has no expiration / infinite. 你通过offline_access权限获得的令牌,就像facebook在他们的文档中所说的那样“长寿”,但并不是说它没有过期/无限期。 Even if you get this not-time-bounded access_token, it can still expire if the user changes his password or if he removes your application. 即使您获得了这个没有时间限制的access_token,如果用户更改了密码或者他删除了您的应用程序,它仍然会过期。
But to answer your question directly, yes you should get a long-lived access_token using "scope=offline_access". 但是直接回答你的问题,是的,你应该使用“scope = offline_access”获得一个长期存在的access_token。 Also, please check if the dialog showed "Access my data anytime" 此外,请检查对话框是否显示“随时访问我的数据”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.