facebook php sdk - 如果用户没有授予权限,则会捕获(身份验证失败)
[英]facebook php sdk - catch if user didnt give permissions (authentication failed)
问题描述
Documentation says: "redirect_uri - (optional) The URL to redirect the user to once the login/authorization process is complete. The user will be redirected to the URL on both login success and failure, so you must check the error parameters in the URL as described in the authentication documentation. If this property is not specified, the user will be redirected to the current URL (ie the URL of the page where this method was called, typically the current URL in the user's browser)." 
文档说:“redirect_uri - (可选)在登录/授权过程完成后将用户重定向到的URL。用户将在登录成功和失败时重定向到URL,因此您必须检查URL中的错误参数如验证文档中所述。如果未指定此属性,则用户将被重定向到当前URL(即调用此方法的页面的URL,通常是用户浏览器中的当前URL)。 So there is a method to catch if user refused autnentication/permissions, but link to corresponding documentation doesnt exist anymore ( https://developers.facebook.com/docs/authentication/ ). 因此,有一种方法可以捕获用户是否拒绝了身份验证/权限,但是不再存在与相应文档的链接( https://developers.facebook.com/docs/authentication/ )。
For the simplicity, redirect_uri is same address as a starting php file, and the php code is as simple as: 为简单起见,redirect_uri与起始php文件的地址相同,php代码简单如下:
require 'facebook.php';
$facebook = new Facebook(array(
'appId' => 'X',
'secret' => 'Y',
));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
if (!$user) {
$params = array(
'scope' => 'read_stream, friends_likes',
'redirect_uri' => 'http://myapp.com/app'
);
$loginUrl = $facebook->getLoginUrl($params);
}
Anybody knows how to catch that information? 谁知道如何捕获这些信息?
3 个解决方案
解决方案1
11 已采纳 2013-02-08 11:23:45
You can do following to check the permissions: 您可以执行以下操作来检查权限:
$permissions = $facebook->api("/me/permissions");
if( array_key_exists('publish_stream', $permissions['data'][0]) ) {
// Permission is granted!
// Do the related task
$post_id = $facebook->api('/me/feed', 'post', array('message'=>'Hello World!'));
} else {
// We don't have the permission
// Alert the user or ask for the permission!
header( "Location: " . $facebook->getLoginUrl(array("scope" => "publish_stream")) );
}
解决方案2
0 2015-10-06 23:55:07
It should be noted that in the newest PHP facebook SDK, there is no method ->api. 应该注意的是,在最新的PHP facebook SDK中,没有方法 - > api。 There also seems to be an issue using this check (sometimes) to get permissions. 使用此检查(有时)来获取权限似乎也存在问题。 When using the older SDK, sometimes (randomly by user it seemed) some users were getting "OAuthException: (#412) User has not installed the application" even though a check on the FB access token debugger showed proper permissions. 当使用较旧的SDK时,有时(似乎是用户随机)某些用户得到“OAuthException:(#412)用户尚未安装应用程序”,即使对FB访问令牌调试器的检查显示了适当的权限。 After I updated to new SDK, and figured out the new way to get a simple data list of permissions, everything worked again. 在我更新到新的SDK之后,找到了获取简单数据权限列表的新方法,一切都恢复了。
It took me a lot of digging in the FB website to find this solution, so I paste it here to hopefully save somebody else a few hours. 我花了很多时间在FB网站上找到这个解决方案,所以我把它粘贴在这里,希望能在几个小时内保存其他人。 They real life saver was my discovery of the getDecodedBody method (a very hard to find trick in FB docs). 他们真正的救星是我发现的getDecodedBody方法(FB文档中很难找到的技巧)。 My example just checks for publish_actions. 我的例子只是检查publish_actions。
$fb = new Facebook\Facebook([
'app_id' => your_app_id,
'app_secret' => your_secret,
'default_graph_version' => 'v2.2',
]);
$badperms=true; //start by assume bad permissions
try {
$response = $fb->get('/me/permissions', $at);
$perms = $response->getDecodedBody();
if($badperms){
foreach($perms['data'] AS $perm){
if($perm['permission']=='publish_actions' && $perm['status']=='granted') $badperms=false;
}
}
} catch(Facebook\Exceptions\FacebookResponseException $e) {
log("MSG-received facebook Response exception!! ".$e->getMessage());
} catch(Facebook\Exceptions\FacebookSDKException $e) {
log("MSG-received facebook SDK exception!! ".$e->getMessage());
}
if($badperms) {
//do something like reflow auth
}
解决方案3
0 2015-12-22 13:13:42
I just had the same issue, I didn't know how to treat the cancel action (both in facebook php api and google oauth2). 我只是有同样的问题,我不知道如何对待取消行动(在facebook php api和google oauth2)。
The solution is much easier than expected. 解决方案比预期的要容易得多。
The response in case of permission not accepted (at all) comes with at least one parameter/variable: error in the URL. 在未接受许可的情况下(根本没有)响应至少有一个参数/变量:URL中的错误。
In facebook that response looks like: 在Facebook中,响应看起来像:
error=access_denied&error_code=200&error_description=Permissions+error&error_reason=user_denied
for google you only get the 对于谷歌你只能得到
error=access_denied
but it should be enough. 但它应该足够了。
I'm just checking if error is set and if it's set I am redirecting the response to my login page. 我只是检查是否设置了错误,如果设置了错误,我将响应重定向到我的登录页面。
I hope it will help someone because it's really not documented this step. 我希望它会对某人有所帮助,因为这一步确实没有记录。 By the way: version of facebook API: v5 version of google API oAuth2: 2.0 (i think - google doc is really a mess when it comes to finding the latest versions) 顺便说一句:facebook API的版本:google API oAuth2:2.0的v5版本(我认为 - google doc在查找最新版本时确实很乱)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.