down_load1117 2017-10-30 03:22
浏览 63
已采纳

Facebook将令牌作为哈希而不是查询字符串的一部分返回

I am using https://www.facebook.com/v2.10/dialog/oauth endpoint to get access tokens in order to publish on behalf of my users.

I am trying to follow this guide: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/

My request looks like this: https://www.facebook.com/v2.10/dialog/oauth?client_id=...&response_type=code%20token%20granted_scopes&redirect_uri=...

And I am getting the following back: http://localhost:8000/?%2Fcallback&some=query#access_token=...&expires_in=6094

The question is why I am getting the token and expire_in as hash (notice the # above) instead of part of the query string so I can capture it by PHP's $_GET? And how can I fix that?

  • 写回答

1条回答 默认 最新

  • doq1969 2017-10-30 18:56
    关注

    The question is why I am getting the token and expire_in as hash (notice the # above) instead of part of the query string so I can capture it by PHP's $_GET? And how can I fix that?

    The parameter response_type specifies what you get back, see https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login

    You can choose whether you want a code returned as GET parameter, a token in the hash - or both, for a client- and server-side app that might need the/a token on both, but would on the server-side rather exchange a code via API, than trust a token send from the client. And you can also ask for the granted scope of permissions the user accepted - for apps that need to know whether certain essential permissions were granted, that can save an extra API request.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 (标签-STM32|关键词-智能小车)
  • ¥20 关于#stm32#的问题,请各位专家解答!
  • ¥15 (标签-python)
  • ¥20 搭建awx,试了很多版本都有错
  • ¥15 java corba的客户端该如何指定使用本地某个固定IP去连接服务端?
  • ¥15 activiti工作流问题,求解答
  • ¥15 有人写过RPA后台管理系统么?
  • ¥15 Bioage计算生物学年龄
  • ¥20 如何将FPGA Alveo U50恢复原来出厂设置哇?
  • ¥50 cocos2d-x lua 在mac上接入lua protobuf?