Use “app access tokens” with the Facebook Javascript SDK?
Question
I'm using the Javascript SDK for a Facebook app and a certain API call I want to make, requires an app access token . However, the documentation states:
[…] app access token should never be hard-coded into client-side code, doing so would give everyone who loaded your webpage or decompiled your app full access to your app secret, and therefore the ability to modify your app. This implies that most of the time, you will be using app access tokens only in server to server calls.
and:
Note that because this request uses your app secret, it must never be made in client-side code or in an app binary that could be decompiled. It is important that your app secret is never shared with anyone . Therefore, this API call should only be made using server-side code.
Emphasis not even mine!
So how the heck am I supposed to make API calls that require app access tokens using the JS SDK if I should only do those calls server-side?
1 answers
solution1
1 2014-02-13 08:08:55
The short answer is: You shouldn't! As Adam wrote, if you expose your app access token, somebody could grab it from the source code and do whatever he wants with it! It's a security issue...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.