How to access Facebook public data from client-side without compromising app secret
Question
I'm trying to build a JavaScript metro app that pulls Facebook public data (posts from Home Depot for example) through their Graph API. It seems that an access token is always required to interact with the Graph API.
In order to obtain an access token, both the App ID and Secrets needs to be sent to the Facebook OAuth endpoint. This makes sense for server-side code but not for client-side, since the app secret cannot be shipped with client code that can be easily unpackaged/decomplied/intercepted.
So my questions are:
- Is there a way to access the Graph API (public data) without using access tokens?
- Is there a way to obtain an access token without sending over the App Secret?
- Is there a replacement to the offline_access token?
Please keep in mind that:
- I only need to access PUBLIC data.
- NO user login is needed.
Thanks!
1 answers
solution1
1 ACCPTED 2013-09-06 00:20:29
No
One option is to have the user log in and get an access token for them that way. Another would be to have your own server provide a token creation service, so the secret would not need to be in the app binary.
You can exchange a token to a longer-lived 60 day token https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.