简体繁体中英

oAuth 2.0, access_token, Facebook, Twitter

原文 2014-07-18 17:50:18 4 1 java/ javascript/ facebook/ oauth/ access-token

I spent a lot of time looking for any clarifications about using oAuth with FB and Twitter. I have to do application which will be using access_token. This token will be used also on diffrent devices to access user account via API. When I'm looking for "how to use access_token" I only finding "how to get token". If I something miss reading documentation please let me know, especially where is example - how to use this token on other devices to access API to send eg. post. I have found Twiiter4j and Facebook4j these libs helped me... I've got this access_token and now what next, how connect to API... I know that it's no possible to get access to Twiiter API - ok, but what about FB and "client side"

please help.

1 answers

Oauth can be complicated so let me try to explain it simply.

User visits your website
Your website checks if it has seen this visitor before (usually with a cookie)
If not, send them to FB/Twitter/Whatever's oauth url. In that redirect, we tell FB/Twitter/Whatever that we're going to need x,y,z permissions (access a users timeline, see a users friends, etc). We also tell FB/Twitter/Whatever that when the user says ok, send them back to www.myurl... Finally, we take everything in this request and "encrypt" it, to prove it's really our site asking. The key to this is only saved on our backend, so the frontend (javascript/html) never sees it.
FB/Twitter/Whatever sees the request. They also see the "encryped" form of the requests. Fb/Twitter/Whatever knows this key too (they gave it to us, it's usually called the "secret" when you're configuring your oauth) They can verify it's really your backend asking for permission.
If the user agrees, we get a token. We store that token (on our backend, php, java, ruby, etc) and remember it belongs to that user.

The main thing to stress here is that in order to do the oauth handshake, you need a secret key that you never output to the browser. That means you'll need to implement part of this on your backend. You've tagged this with java so maybe that means you're using java as your backend, maybe with Google app engine or something. You'll need to find the oauth library for that, and work it out from there.

You can't create the oauth handshake only with frontend code.

How to use access_token in azure with OAuth 2.0

Facebook returns #access_token

Facebook access_token retrieving

How to re generate access_token in Oauth2.0 with refresh_token

Expired access_token received while converting request token of Twitter using oauth_token and oauth_verifier

Salesforce OAuth Access_Token null?

Remove/revoke GitHub OAuth 'access_token'

Facebook search with and without access_token

Get access_token in Facebook Connect

Get Facebook access_token from URL

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use access_token in azure with OAuth 2.0 Facebook returns #access_token Facebook access_token retrieving How to re generate access_token in Oauth2.0 with refresh_token Expired access_token received while converting request token of Twitter using oauth_token and oauth_verifier Salesforce OAuth Access_Token null? Remove/revoke GitHub OAuth 'access_token' Facebook search with and without access_token Get access_token in Facebook Connect Get Facebook access_token from URL

Related Tags

oAuth 2.0, access_token, Facebook, Twitter

Question

1 answers

solution1 0 2014-07-18 18:35:56

solution1
0 2014-07-18 18:35:56