stackoom
  简体   繁体   中英

Facebook API: AppID|AppSecret token?

 原文  2016-09-05 12:37:57       javascript/ facebook/ facebook-graph-api/ facebook-javascript-sdk

Question

I am using JS to fetch a page feed using the facebook graph API, but in order to fetch the page's feed I need an access token. My current access token is set to expire in an hour, but I can use AppID|AppSecret as a permanent access token.

My question is: Since viewing the page source will show the acess token, is using the appID|appSecret combination a safe approach to having a permanent access_token? 

 var facebookFeed = []; window.fbAsyncInit = function () { FB.init({ appId: '173668203065748', xfbml: true, version: 'v2.7' }); FB.api( '/officialstackoverflow/feed', 'GET', { "access_token": "EAACEdEose0cBACP92ZBJexyw6OhDqs7SbBIme4CSisaI4UDgbJHDOa0NVjoXOXSJB7SD6549CB6M3KAdV11ySAn6wlJAMI4YEFEdfw2cM9JpovUG4NZC3VsCWcajbXfXWSWMmQQDR1fM9bzk6YPxMUYOiqBQnWrEm0IzbaCQZDZD", "fields": "full_picture,message,created_time,type,link,id" }, function (response) { writePosts(response.data); } ); }; (function (d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) { return; } js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/sdk.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk')); function writePosts(facebookFeed) { for (i = 0; i < facebookFeed.length; i++) { var currentPost = facebookFeed[i]; var myDate = new Date(currentPost.created_time); if (currentPost.type == "photo" || currentPost.type == "status") { if(!currentPost.link)currentPost.link="http://facebook.com//"+currentPost.id; console.log(currentPost); } } } 
 .facebookText { font-size: 16px; font-weight: 600; font-family: sans-serif; } .facebookImage { width: 100%; border:1px solid rgba(0,0,0,0.1) } .facebookPost { width: 400px; border-bottom: 1px solid rgba(0, 0, 0, 0.3); box-shadow: 0px 5px 15px rgba(0, 0, 0, 0.3); margin-bottom: 20px; padding: 10px 5px 3px 5px; transition: 0.3s ease all; } .facebookPost:hover { cursor: pointer; box-shadow: 0px 5px 15px rgba(0, 0, 0, 0.5); } .facebookTime { font-size: 12px; font-style: italic; padding: 5px 0px; }

1 answers

solution1
 2 ACCPTED  2016-09-05 12:47:18

It is called "App Secret" for a reason, you should not expose it on the client. You should not expose any Token to other users anyway. You need to do that server side, and you should implement some caching - just in case you get many users and hit an API limit.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question facebook graph api node.js invalid appsecret_proof Facebook Javascript API call returns error requiring appsecret_proof argument - but this is client side appId in Facebook JavaScript SDK Is there a way to hide my Facebook appID? Facebook appid amazon ec2 Facebook API passing access token What do the Facebook channelURL and appId do? Share URL on Facebook without using appId? Facebook API - access token works for SOME requests Get a page access token with Facebook graph api
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM