http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-10.5

http://stackoverflow.com/questions/14010876/cant-get-access-token-using-facebook-oauth

code
REQUIRED. The authorization code generated by the
authorization server. The authorization code MUST expire
shortly after it is issued to mitigate the risk of leaks. A
maximum authorization code lifetime of 10 minutes is
RECOMMENDED. The client MUST NOT use the authorization code
more than once. If an authorization code is used more than
once, the authorization server MUST deny the request and SHOULD
revoke (when possible) all tokens previously issued based on
that authorization code. The authorization code is bound to
the client identifier and redirection URI.

authorization codes MUST be short lived and single use

access_token should be posted

Expiration and Extending Tokens

Facebook's official SDKs manage the lifetime of tokens for you. When using iOS, Android or our JavaScript SDK, the SDK will handle making sure that tokens are refreshed before they expire.

很好的facebook api相关的博客: https://www.sammyk.me/

https://github.com/SammyK/LaravelFacebookSdk 这个github的作者

https://developers.facebook.com/docs/reference/login/signed-request

For certain types of apps, a signed request is passed to the app which contains some additional fields of information, even before Permissions have been requested.

The JSON object of the signed request does not have a strict format and varies between the different types of apps that can access it (Canvas, Page Apps, etc.), however you can assume that the payload may contain some of the following fields and values:

Name Description

code

an OAuth Code which can be exchanged for a valid user access token via a subsequent server-side request

algorithm

A JSON string containing the mechanism used to sign the request, normally:HMAC-SHA256.

issued_at

A JSON number containing the Unix timestamp when the request was signed.

user_id

A JSON string containing the User ID of the current user.

user

A JSON object containing the locale string, country string and the ageobject. See the Age Object table for actual min and max values.

oauth_token

A JSON string that can be used when making requests to the Graph API. This is also known as a user access token.

expires

A JSON number containing the Unix timestamp when the oauth_token expires.

app_data

A JSON string containing the content of the app_data query string parameter which may be passed if the app is being loaded within a Page Tab.

page

A JSON object included when a Page tab loads your app. The object contains information about the Page that owns this tab.

Some fields and values, the user_id and oauth_token for example will only be passed if the user haslogged into your app.

facebook api & oauth protocal的更多相关文章

  1. facebook api介绍

    转自(http://sls.weco.net/node/10773) 一.Facebook API 基礎概念 Facebook API 概論 : API 最大的好處在於可以讓程式開發人員只需要根據 A ...

  2. facebook api之Access Tokens

    Access Tokens When someone connects with an app using Facebook Login and approves the reqest for per ...

  3. Facebook API 入门

    Facebook 商业价值简介 Facebook 是一个社交网络服务网站,于 2004 年 2 月 4 日上线,到 2010 年 2 月 2 日, Facebook 正赶超雅虎将成为全球第三大网站,与 ...

  4. facebook api之基本概念(中文)

    Facebook广告API系列 1 Facebook Graph API Facebook提供了一套类rest的接口,统称为Graph API.为啥叫Graph?因为facebook把所有的资源都抽象 ...

  5. facebook api之Access Tokens之Business Manager System User

    Business Manager System User Make programatic, automated actions on ad objects or Pages, or do progr ...

  6. facebook api之Access and Authentication

    Access and Authentication There are three access levels to the Marketing APIs. You can upgrade acces ...

  7. Facebook通过oAuth验证获取json数据

    首先下载facebook相关的动态库,下载文件:facebook.dll 获取授权token方法: private string SetToken(string gettoken)//此处是你的短to ...

  8. facebook api之Ads Insights API

    The Ads Insights API provides API access for reporting and analytics purposes. When exclusively usin ...

  9. facebook api之Marketing API

    General information on the Marketing APIs, access, versioning and more. The main use cases for the M ...

随机推荐

  1. [AHOI 2013]差异

    Description 题库链接 给定一个长度为 \(n\) 的字符串 \(S\) ,令 \(T_i\) 表示它从第 \(i\) 个字符开始的后缀.求 \[\sum_{1\leqslant i< ...

  2. 并发编程之 线程协作工具 LockSupport

    前言 在前面的文章中,我们介绍了并发工具中的4个,Samephore,CyclicBarrier,CountDownLatch,Exchanger,但是我们漏了一个,非常的好用的工具,楼主在这里必须加 ...

  3. 深入出不来nodejs源码-V8引擎初探

    原本打算是把node源码看得差不多了再去深入V8的,但是这两者基本上没办法分开讲. 与express是基于node的封装不同,node是基于V8的一个应用,源码内容已经渗透到V8层面,因此这章简述一下 ...

  4. Groovy中枚举简单使用--一对一映射

    enum LevelEnum { S(1), C(2), B(3), A(4), X(5) private int value LevelEnum( int value) { this.value = ...

  5. hdu 1568 (log取对数 / Fib数通项公式)

    hdu 1568 (log取对数 / Fib数通项公式) 2007年到来了.经过2006年一年的修炼,数学神童zouyu终于把0到100000000的Fibonacci数列 (f[0]=0,f[1]= ...

  6. Android照片墙-多图加载

    http://blog.csdn.net/guolin_blog/article/details/9526203 照片墙这种功能现在应该算是挺常见了,在很多应用中你都可以经常看到照片墙的身影.它的设计 ...

  7. VS C#文件的复制

    /// <summary> /// 复制目录 /// </summary> /// <param name="OldDirectoryPath"> ...

  8. cf232E. Quick Tortoise(分治 bitset dp)

    题意 题目链接 Sol 感觉这个思路还是不错的 #include<bits/stdc++.h> using namespace std; const int MAXN = 501, SS ...

  9. js-ES6学习笔记-对象的扩展

    1.ES6允许直接写入变量和函数,作为对象的属性和方法.这种写法用于函数的返回值,将会非常方便.CommonJS模块输出变量,就非常合适使用简洁写法. var ms = {}; function ge ...

  10. html垂直居中

    参考于http://www.cnblogs.com/yugege/p/5246652.html <!DOCTYPE html> <html lang="en"&g ...