http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-10.5

http://stackoverflow.com/questions/14010876/cant-get-access-token-using-facebook-oauth

code
REQUIRED. The authorization code generated by the
authorization server. The authorization code MUST expire
shortly after it is issued to mitigate the risk of leaks. A
maximum authorization code lifetime of 10 minutes is
RECOMMENDED. The client MUST NOT use the authorization code
more than once. If an authorization code is used more than
once, the authorization server MUST deny the request and SHOULD
revoke (when possible) all tokens previously issued based on
that authorization code. The authorization code is bound to
the client identifier and redirection URI.

authorization codes MUST be short lived and single use

access_token should be posted

Expiration and Extending Tokens

Facebook's official SDKs manage the lifetime of tokens for you. When using iOS, Android or our JavaScript SDK, the SDK will handle making sure that tokens are refreshed before they expire.

很好的facebook api相关的博客: https://www.sammyk.me/

https://github.com/SammyK/LaravelFacebookSdk 这个github的作者

https://developers.facebook.com/docs/reference/login/signed-request

For certain types of apps, a signed request is passed to the app which contains some additional fields of information, even before Permissions have been requested.

The JSON object of the signed request does not have a strict format and varies between the different types of apps that can access it (Canvas, Page Apps, etc.), however you can assume that the payload may contain some of the following fields and values:

Name Description

code

an OAuth Code which can be exchanged for a valid user access token via a subsequent server-side request

algorithm

A JSON string containing the mechanism used to sign the request, normally:HMAC-SHA256.

issued_at

A JSON number containing the Unix timestamp when the request was signed.

user_id

A JSON string containing the User ID of the current user.

user

A JSON object containing the locale string, country string and the ageobject. See the Age Object table for actual min and max values.

oauth_token

A JSON string that can be used when making requests to the Graph API. This is also known as a user access token.

expires

A JSON number containing the Unix timestamp when the oauth_token expires.

app_data

A JSON string containing the content of the app_data query string parameter which may be passed if the app is being loaded within a Page Tab.

page

A JSON object included when a Page tab loads your app. The object contains information about the Page that owns this tab.

Some fields and values, the user_id and oauth_token for example will only be passed if the user haslogged into your app.

facebook api & oauth protocal的更多相关文章

  1. facebook api介绍

    转自(http://sls.weco.net/node/10773) 一.Facebook API 基礎概念 Facebook API 概論 : API 最大的好處在於可以讓程式開發人員只需要根據 A ...

  2. facebook api之Access Tokens

    Access Tokens When someone connects with an app using Facebook Login and approves the reqest for per ...

  3. Facebook API 入门

    Facebook 商业价值简介 Facebook 是一个社交网络服务网站,于 2004 年 2 月 4 日上线,到 2010 年 2 月 2 日, Facebook 正赶超雅虎将成为全球第三大网站,与 ...

  4. facebook api之基本概念(中文)

    Facebook广告API系列 1 Facebook Graph API Facebook提供了一套类rest的接口,统称为Graph API.为啥叫Graph?因为facebook把所有的资源都抽象 ...

  5. facebook api之Access Tokens之Business Manager System User

    Business Manager System User Make programatic, automated actions on ad objects or Pages, or do progr ...

  6. facebook api之Access and Authentication

    Access and Authentication There are three access levels to the Marketing APIs. You can upgrade acces ...

  7. Facebook通过oAuth验证获取json数据

    首先下载facebook相关的动态库,下载文件:facebook.dll 获取授权token方法: private string SetToken(string gettoken)//此处是你的短to ...

  8. facebook api之Ads Insights API

    The Ads Insights API provides API access for reporting and analytics purposes. When exclusively usin ...

  9. facebook api之Marketing API

    General information on the Marketing APIs, access, versioning and more. The main use cases for the M ...

随机推荐

  1. 对类型“DevExpress.Xpf.Grid.GridControl”的构造函数执行符合指定的绑定约束的调用时引发了异常。

    用VS2012 修改别人的WPF代码时碰到这个问题,百度下有人遇到相同问题,不过版本不同,先试下再说. 解决方法:安装Netframework4.5的补丁 地址:http://support.micr ...

  2. IDEA破解教程(破解到2100年)的注意事项

    https://blog.csdn.net/yl1712725180/article/details/80309862 1.上边是教程 2.注意事项,在两个文件中加   -javaagent:加上你j ...

  3. Iframe 父页面自动获取子页面的高度

    <iframe id="mainweb" name="mainweb" src="http://www.baidu.com/" bor ...

  4. MFC进程的创建销毁、线程的创建与交互

    进程的创建 STARTUPINFO si; //**成员DWORD dwFlags;表示结构体当中哪些成员有效.**STARTF_USESHOWWINDOW|STARTF_USEPOSITION PR ...

  5. Oracle XE快捷版(速成版)的限制

    1.CPU上限:无论把数据库安装在多少核的服务器上,都只会提供一个CPU核心的运算能力 2.安装和执行限制:只能安装一个实例且只能运行一个实例 3.用户数据上限:最大11G的用户数据 4.内存使用上限 ...

  6. String 字符串相加比较

    String 字符串相加 对比 public static void main(String[] args) { String a = "helloword"; final Str ...

  7. python深拷贝浅拷贝

    python深拷贝和浅拷贝问题: 什么是深拷贝? (个人理解)深拷贝就是将原有的数据一模一样的拷贝一份,然后存到另一个地址中,而不是引用地址 什么是浅拷贝? (个人理解)就是引用地址 (1)用等于号的 ...

  8. nodejs 新建项目

    第一步: 新建工程-->选择nodejs-->creat 注意: 如果出错就使用第二步!! 第二步:建立express 模板的nodejs 点击下图的命令窗口,依次输入下面命令 命令: & ...

  9. (二)收集的MongoDB命令集合

    一:针对整个数据库的 1."show dbs" 命令可以显示所有数据的列表. 2. "db" 命令可以显示当前数据库对象或集合. 3."use&quo ...

  10. js多线程(worker)

    浏览器端js是单线程执行,所以当js执行高负载运算时,UI渲染就会阻塞,页面就会出现卡顿,用户体验就不是很好 js为此也提供了异步操作,例如: 定时器(setTimeout 和 setInterval ...