http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-10.5

http://stackoverflow.com/questions/14010876/cant-get-access-token-using-facebook-oauth

code
REQUIRED. The authorization code generated by the
authorization server. The authorization code MUST expire
shortly after it is issued to mitigate the risk of leaks. A
maximum authorization code lifetime of 10 minutes is
RECOMMENDED. The client MUST NOT use the authorization code
more than once. If an authorization code is used more than
once, the authorization server MUST deny the request and SHOULD
revoke (when possible) all tokens previously issued based on
that authorization code. The authorization code is bound to
the client identifier and redirection URI.

authorization codes MUST be short lived and single use

access_token should be posted

Expiration and Extending Tokens

Facebook's official SDKs manage the lifetime of tokens for you. When using iOS, Android or our JavaScript SDK, the SDK will handle making sure that tokens are refreshed before they expire.

很好的facebook api相关的博客: https://www.sammyk.me/

https://github.com/SammyK/LaravelFacebookSdk 这个github的作者

https://developers.facebook.com/docs/reference/login/signed-request

For certain types of apps, a signed request is passed to the app which contains some additional fields of information, even before Permissions have been requested.

The JSON object of the signed request does not have a strict format and varies between the different types of apps that can access it (Canvas, Page Apps, etc.), however you can assume that the payload may contain some of the following fields and values:

Name Description

code

an OAuth Code which can be exchanged for a valid user access token via a subsequent server-side request

algorithm

A JSON string containing the mechanism used to sign the request, normally:HMAC-SHA256.

issued_at

A JSON number containing the Unix timestamp when the request was signed.

user_id

A JSON string containing the User ID of the current user.

user

A JSON object containing the locale string, country string and the ageobject. See the Age Object table for actual min and max values.

oauth_token

A JSON string that can be used when making requests to the Graph API. This is also known as a user access token.

expires

A JSON number containing the Unix timestamp when the oauth_token expires.

app_data

A JSON string containing the content of the app_data query string parameter which may be passed if the app is being loaded within a Page Tab.

page

A JSON object included when a Page tab loads your app. The object contains information about the Page that owns this tab.

Some fields and values, the user_id and oauth_token for example will only be passed if the user haslogged into your app.

facebook api & oauth protocal的更多相关文章

  1. facebook api介绍

    转自(http://sls.weco.net/node/10773) 一.Facebook API 基礎概念 Facebook API 概論 : API 最大的好處在於可以讓程式開發人員只需要根據 A ...

  2. facebook api之Access Tokens

    Access Tokens When someone connects with an app using Facebook Login and approves the reqest for per ...

  3. Facebook API 入门

    Facebook 商业价值简介 Facebook 是一个社交网络服务网站,于 2004 年 2 月 4 日上线,到 2010 年 2 月 2 日, Facebook 正赶超雅虎将成为全球第三大网站,与 ...

  4. facebook api之基本概念(中文)

    Facebook广告API系列 1 Facebook Graph API Facebook提供了一套类rest的接口,统称为Graph API.为啥叫Graph?因为facebook把所有的资源都抽象 ...

  5. facebook api之Access Tokens之Business Manager System User

    Business Manager System User Make programatic, automated actions on ad objects or Pages, or do progr ...

  6. facebook api之Access and Authentication

    Access and Authentication There are three access levels to the Marketing APIs. You can upgrade acces ...

  7. Facebook通过oAuth验证获取json数据

    首先下载facebook相关的动态库,下载文件:facebook.dll 获取授权token方法: private string SetToken(string gettoken)//此处是你的短to ...

  8. facebook api之Ads Insights API

    The Ads Insights API provides API access for reporting and analytics purposes. When exclusively usin ...

  9. facebook api之Marketing API

    General information on the Marketing APIs, access, versioning and more. The main use cases for the M ...

随机推荐

  1. 【转】学习使用:before和:after伪元素

    如果你一直密切关注着各种网页设计的博客,你可能已经注意到了:before和:after伪元素已经在前端开发中获得了相当多的关注.特别是在Nicolas Gallagher的博客中,后期运用了很多伪类元 ...

  2. printf中用法详解

    %c 单个字符 %d 十进制整数 %f 十进制浮点数 %o 八进制数 %s 字符串 %u 无符号十进制数 %x 十六进制数 %% 输出百分号% printf的格式控制的完整格式: %  -  0  m ...

  3. js实现iview表格 排名列

    (有误,请勿观看) 一.排名的简单实现 //排名例子1 //需要排名的数组 //var myArray = [5,7, 7, 9, 8, 6, 23]; //新数组 //var thisArray = ...

  4. [javaSE] 看知乎学习工厂模式

    factory的“本质”就是根据不同的输入创建出不同类型的对象. 引入factory的原因就是你需要根据不同的输入创建不同类型的对象. 简单工厂模式相当于是一个工厂中有各种产品,创建在一个类中,客户无 ...

  5. Java基础——Servlet(五)

    哈哈哈...学习Servlet学了半个多月,因为中间有比较灰心的时候,有几天是啥都不学了的状态,看了好几部励志的电影.呃~还是得继续吧.本来计划是好好夯实这里的基础,结果在网找到了介绍比较全面的视频, ...

  6. Ubuntu 18.04 安装 Docker-ce(就是Docker社区版本)

    一步都不用改,跟着走就行 1.更换国内软件源,推荐中国科技大学的源,稳定速度快(可选) sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak ...

  7. Android - 网络基础

    Android网络编程(一)HTTP协议原理 Android网络请求心路历程 HttpURLConnection和HttpClient对比: http://blog.csdn.net/guolin_b ...

  8. springboot学习-springboot使用spring-data-jpa操作MySQL数据库

    我们在上一篇搭建了一个简单的springboot应用,这一篇将介绍使用spring-data-jpa操作数据库. 新建一个MySQL数据库,这里数据库名为springboot,建立user_info数 ...

  9. oracle 中如何查询当前用户可以看到的表名、表对应的所有字段

    前言:利用 oracle 的视图来查询表的相关信息. oracle 查询当前用户下的表名 + 表注释 select t.table_name tableName, f.comments comment ...

  10. PHP中类和对象的相关函数

    class_exists 判断一个类是否存在,参数为一个名字! interface_exists 判断一个接口是否存在,参数也是为一个名字! method_exists 判断一个方法是否存在! 需要两 ...