发表新帖
发表新帖

How to verify Facebook access token?

后端 未结
关注
6 1866
囚心锁ツ
囚心锁ツ 2020-11-28 03:26

There\'s only thing that server has to do; just check any access token\'s validity.

Clients send to the server user id and access token obtained by FB.getLogin

相关标签:
6条回答
  • 孤城傲影
    2020-11-28 03:55

    Exchange Access Token for Mobile Number and Country Code (Server Side OR Client Side)

    You can get the mobile number with your access_token with this API https://graph.accountkit.com/v1.1/me/?access_token=xxxxxxxxxxxx. Maybe, once you have the mobile number and the id, you can work with it to verify the user with your server & database.

    xxxxxxxxxx above is the Access Token

    Example Response :

    {
   "id": "61940819992708",
   "phone": {
      "number": "+91XX82923912",
      "country_prefix": "91",
      "national_number": "XX82923912"
   }
}

    Exchange Auth Code for Access Token (Server Side)

    If you have an Auth Code instead, you can first get the Access Token with this API - https://graph.accountkit.com/v1.1/access_token?grant_type=authorization_code&code=xxxxxxxxxx&access_token=AA|yyyyyyyyyy|zzzzzzzzzz

    xxxxxxxxxx, yyyyyyyyyy and zzzzzzzzzz above are the Auth Code, App ID and App Secret respectively.

    Example Response

    {
   "id": "619XX819992708",
   "access_token": "EMAWdcsi711meGS2qQpNk4XBTwUBIDtqYAKoZBbBZAEZCZAXyWVbqvKUyKgDZBniZBFwKVyoVGHXnquCcikBqc9ROF2qAxLRrqBYAvXknwND3dhHU0iLZCRwBNHNlyQZD",
   "token_refresh_interval_sec": XX92000
}

    Note - This is preferred on the server-side since the API requires the APP Secret which is not meant to be shared for security reasons.

    Good Luck.

    0 讨论(0)
  • 暖寄归人
    2020-11-28 03:58

    Just wanted to let you know that up until today I was first obtaining an app access token (via GET request to Facebook), and then using the received token as the app-token-or-admin-token in:

    GET graph.facebook.com/debug_token?
    input_token={token-to-inspect}
    &access_token={app-token-or-admin-token}

    However, I just realized a better way of doing this (with the added benefit of requiring one less GET request):

    GET graph.facebook.com/debug_token?
    input_token={token-to-inspect}
    &access_token={app_id}|{app_secret}

    As described in Facebook's documentation for Access Tokens here.

    0 讨论(0)
  • 臣服心动
    2020-11-28 04:00

    Simply request (HTTP GET):

    https://graph.facebook.com/USER_ID/access_token=xxxxxxxxxxxxxxxxx

    That's it.

    0 讨论(0)
  • 囚心锁ツ
    2020-11-28 04:05

    The app token can be found from this url.

    https://developers.facebook.com/tools/accesstoken

    0 讨论(0)
  • 生来不讨喜
    2020-11-28 04:09

    The officially supported method for this is:

    GET graph.facebook.com/debug_token?
     input_token={token-to-inspect}
     &access_token={app-token-or-admin-token}

    See the check token docs for more information.

    An example response is:

    {
    "data": {
        "app_id": 138483919580948, 
        "application": "Social Cafe", 
        "expires_at": 1352419328, 
        "is_valid": true, 
        "issued_at": 1347235328, 
        "metadata": {
            "sso": "iphone-safari"
        }, 
        "scopes": [
            "email", 
            "publish_actions"
        ], 
        "user_id": 1207059
    }
}
    0 讨论(0)
  • 耶瑟儿~
    2020-11-28 04:13

    You can simply request https://graph.facebook.com/me?access_token=xxxxxxxxxxxxxxxxx if you get an error, the token is invalid. If you get a JSON object with an id property then it is valid.

    Unfortunately this will only tell you if your token is valid, not if it came from your app.

    0 讨论(0)
 看不清?
提交回复
热议问题