http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-10.5

http://stackoverflow.com/questions/14010876/cant-get-access-token-using-facebook-oauth

code
REQUIRED. The authorization code generated by the
authorization server. The authorization code MUST expire
shortly after it is issued to mitigate the risk of leaks. A
maximum authorization code lifetime of 10 minutes is
RECOMMENDED. The client MUST NOT use the authorization code
more than once. If an authorization code is used more than
once, the authorization server MUST deny the request and SHOULD
revoke (when possible) all tokens previously issued based on
that authorization code. The authorization code is bound to
the client identifier and redirection URI.

authorization codes MUST be short lived and single use

access_token should be posted

Expiration and Extending Tokens

Facebook's official SDKs manage the lifetime of tokens for you. When using iOS, Android or our JavaScript SDK, the SDK will handle making sure that tokens are refreshed before they expire.

很好的facebook api相关的博客: https://www.sammyk.me/

https://github.com/SammyK/LaravelFacebookSdk 这个github的作者

https://developers.facebook.com/docs/reference/login/signed-request

For certain types of apps, a signed request is passed to the app which contains some additional fields of information, even before Permissions have been requested.

The JSON object of the signed request does not have a strict format and varies between the different types of apps that can access it (Canvas, Page Apps, etc.), however you can assume that the payload may contain some of the following fields and values:

Name Description

code

an OAuth Code which can be exchanged for a valid user access token via a subsequent server-side request

algorithm

A JSON string containing the mechanism used to sign the request, normally:HMAC-SHA256.

issued_at

A JSON number containing the Unix timestamp when the request was signed.

user_id

A JSON string containing the User ID of the current user.

user

A JSON object containing the locale string, country string and the ageobject. See the Age Object table for actual min and max values.

oauth_token

A JSON string that can be used when making requests to the Graph API. This is also known as a user access token.

expires

A JSON number containing the Unix timestamp when the oauth_token expires.

app_data

A JSON string containing the content of the app_data query string parameter which may be passed if the app is being loaded within a Page Tab.

page

A JSON object included when a Page tab loads your app. The object contains information about the Page that owns this tab.

Some fields and values, the user_id and oauth_token for example will only be passed if the user haslogged into your app.

facebook api & oauth protocal的更多相关文章

  1. facebook api介绍

    转自(http://sls.weco.net/node/10773) 一.Facebook API 基礎概念 Facebook API 概論 : API 最大的好處在於可以讓程式開發人員只需要根據 A ...

  2. facebook api之Access Tokens

    Access Tokens When someone connects with an app using Facebook Login and approves the reqest for per ...

  3. Facebook API 入门

    Facebook 商业价值简介 Facebook 是一个社交网络服务网站,于 2004 年 2 月 4 日上线,到 2010 年 2 月 2 日, Facebook 正赶超雅虎将成为全球第三大网站,与 ...

  4. facebook api之基本概念(中文)

    Facebook广告API系列 1 Facebook Graph API Facebook提供了一套类rest的接口,统称为Graph API.为啥叫Graph?因为facebook把所有的资源都抽象 ...

  5. facebook api之Access Tokens之Business Manager System User

    Business Manager System User Make programatic, automated actions on ad objects or Pages, or do progr ...

  6. facebook api之Access and Authentication

    Access and Authentication There are three access levels to the Marketing APIs. You can upgrade acces ...

  7. Facebook通过oAuth验证获取json数据

    首先下载facebook相关的动态库,下载文件:facebook.dll 获取授权token方法: private string SetToken(string gettoken)//此处是你的短to ...

  8. facebook api之Ads Insights API

    The Ads Insights API provides API access for reporting and analytics purposes. When exclusively usin ...

  9. facebook api之Marketing API

    General information on the Marketing APIs, access, versioning and more. The main use cases for the M ...

随机推荐

  1. c#关于路径的总结(转)

    来源:http://www.cnblogs.com/yugongmengjiutian/articles/5521165.html 前一段时间写代码时经常遇到获取路径问题,总是感觉有点乱,于是就总结了 ...

  2. Nginx初探

    nginx是一款轻量级的web服务器.反向代理服务器和电子邮件服务器,占有内存少,并发能力强. 本文将简单介绍如何安装.启动nginx,部署web项目,应用反向代理. 一.安装 可参考https:// ...

  3. Computer - 在VM7虚拟机中使用主机打印机

    在VM7虚拟机中使用主机打印机 在VMware Workstation 7中提供了一项新的功能:虚拟机可以直接使用主机的打印机.在以前的版本中,如果想在虚拟机中使用主机的打印机,一般是在主机创建“打印 ...

  4. 关于centos 防火墙设置(nginx无法访问)

    参考:http://blog.csdn.net/rosten/article/details/25053523 或者:http://blog.csdn.net/zhang197093/article/ ...

  5. Java四中引用

      在JDK1.2以后将对象应用分为4中,强引用,软引用,弱引用,虚引用,这样的方式可以更加灵活控制对象的声明周期     强引用   String str = "123";   ...

  6. 如何监听对 HIVE 元数据的操作

    目录 简介 HIVE 基本操作 获取 HIVE 源码 编译 HIVE 源码 启动 HIVE 停止 HIVE 监听对 HIVE 元数据的操作 参考文档 简介 公司有个元数据管理平台,会定期同步 HIVE ...

  7. Herding(hdu4709)三点运用行列式求面积

    Herding Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 32768/32768 K (Java/Others)Total Submis ...

  8. mysql 添加用户

    CREATE USER 'user_name'@'%' IDENTIFIED BY '12345';      -- %  代表所有ip可以访问 GRANT all ON *.* TO 'user_n ...

  9. JavaScript小细节点罗列(2)

    break 语句和 continue 语句 break语句和continue语句都具有跳转作用,可以让代码不按既有的顺序执行. break语句用于跳出代码块或循环. var i = 0; while( ...

  10. 关于子元素的margin-top溢出和元素浮动对父元素高度影响解决方案

    以下是个人学习笔记,仅供学习参考. 1.关于子元素的margin-top作用在无margin-top-border的父元素上导致子元素的margin-top溢出问题. 在给没有margin-top-b ...