I'm trying to build a JavaScript metro app that pulls Facebook public data (posts from Home Depot for example) through their Graph API. It seems that an access token is always required to interact with the Graph API.
In order to obtain an access token, both the App ID and Secrets needs to be sent to the Facebook OAuth endpoint. This makes sense for server-side code but not for client-side, since the app secret cannot be shipped with client code that can be easily unpackaged/decomplied/intercepted.
So my questions are:
Please keep in mind that:
Thanks!
No
One option is to have the user log in and get an access token for them that way. Another would be to have your own server provide a token creation service, so the secret would not need to be in the app binary.
You can exchange a token to a longer-lived 60 day token https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.