http://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-10.5

http://stackoverflow.com/questions/14010876/cant-get-access-token-using-facebook-oauth

code
REQUIRED. The authorization code generated by the
authorization server. The authorization code MUST expire
shortly after it is issued to mitigate the risk of leaks. A
maximum authorization code lifetime of 10 minutes is
RECOMMENDED. The client MUST NOT use the authorization code
more than once. If an authorization code is used more than
once, the authorization server MUST deny the request and SHOULD
revoke (when possible) all tokens previously issued based on
that authorization code. The authorization code is bound to
the client identifier and redirection URI.

authorization codes MUST be short lived and single use

access_token should be posted

Expiration and Extending Tokens

Facebook's official SDKs manage the lifetime of tokens for you. When using iOS, Android or our JavaScript SDK, the SDK will handle making sure that tokens are refreshed before they expire.

很好的facebook api相关的博客: https://www.sammyk.me/

https://github.com/SammyK/LaravelFacebookSdk 这个github的作者

https://developers.facebook.com/docs/reference/login/signed-request

For certain types of apps, a signed request is passed to the app which contains some additional fields of information, even before Permissions have been requested.

The JSON object of the signed request does not have a strict format and varies between the different types of apps that can access it (Canvas, Page Apps, etc.), however you can assume that the payload may contain some of the following fields and values:

Name Description

code

an OAuth Code which can be exchanged for a valid user access token via a subsequent server-side request

algorithm

A JSON string containing the mechanism used to sign the request, normally:HMAC-SHA256.

issued_at

A JSON number containing the Unix timestamp when the request was signed.

user_id

A JSON string containing the User ID of the current user.

user

A JSON object containing the locale string, country string and the ageobject. See the Age Object table for actual min and max values.

oauth_token

A JSON string that can be used when making requests to the Graph API. This is also known as a user access token.

expires

A JSON number containing the Unix timestamp when the oauth_token expires.

app_data

A JSON string containing the content of the app_data query string parameter which may be passed if the app is being loaded within a Page Tab.

page

A JSON object included when a Page tab loads your app. The object contains information about the Page that owns this tab.

Some fields and values, the user_id and oauth_token for example will only be passed if the user haslogged into your app.

facebook api & oauth protocal的更多相关文章

  1. facebook api介绍

    转自(http://sls.weco.net/node/10773) 一.Facebook API 基礎概念 Facebook API 概論 : API 最大的好處在於可以讓程式開發人員只需要根據 A ...

  2. facebook api之Access Tokens

    Access Tokens When someone connects with an app using Facebook Login and approves the reqest for per ...

  3. Facebook API 入门

    Facebook 商业价值简介 Facebook 是一个社交网络服务网站,于 2004 年 2 月 4 日上线,到 2010 年 2 月 2 日, Facebook 正赶超雅虎将成为全球第三大网站,与 ...

  4. facebook api之基本概念(中文)

    Facebook广告API系列 1 Facebook Graph API Facebook提供了一套类rest的接口,统称为Graph API.为啥叫Graph?因为facebook把所有的资源都抽象 ...

  5. facebook api之Access Tokens之Business Manager System User

    Business Manager System User Make programatic, automated actions on ad objects or Pages, or do progr ...

  6. facebook api之Access and Authentication

    Access and Authentication There are three access levels to the Marketing APIs. You can upgrade acces ...

  7. Facebook通过oAuth验证获取json数据

    首先下载facebook相关的动态库,下载文件:facebook.dll 获取授权token方法: private string SetToken(string gettoken)//此处是你的短to ...

  8. facebook api之Ads Insights API

    The Ads Insights API provides API access for reporting and analytics purposes. When exclusively usin ...

  9. facebook api之Marketing API

    General information on the Marketing APIs, access, versioning and more. The main use cases for the M ...

随机推荐

  1. 对Java虚拟机理解

    深入理解Java虚拟机 Java技术体系 Java体系分为四个平台 Java card 运行在小内存上的 Java ME 运行在手机上 Java SE 完整Java 核心api JavaEE 支持使用 ...

  2. python学习之内存机制

    不可变对象(字符串.元组) 1. a = 1 首先在内存中创建对象1,并记录对象的引用计数为1次. id(a) 查看变量a引用的对象的内存地址 2. b = 1 内存中已存在对象1,变量b引用对象1, ...

  3. mybatis-generator-maven逆向工程

    在idea 中使用 mybatis的  mybatis-generator-maven-plugin  可以根据数据库 生成 dao层,pojo类,Mapper文件. 一:  在  pom.xml  ...

  4. 排查CentOS7.0的联网情况

    1.ifconfig命令. 查看网络配置是否有问题 在/etc/sysconfig/network-scripts/ifcfg-ens33里面配置好网络,记住onboot=on这个选项一定要设置,不然 ...

  5. pycharm虚拟环境

    pycharm虚拟环境 1. 选择一个本地的空目录,---该目录就作为python虚拟环境目录, 2. 选择本地python安装目录: 3. 勾选该选项后则可以使用base interpreter中的 ...

  6. 用node.js模拟服务器和客户端

    服务器 代码 var net = require("net") var server = net.createServer(); server.listen(12306," ...

  7. js-ES6学习笔记-Generator函数的异步应用

    1.ES6 诞生以前,异步编程的方法,大概有下面四种. 回调函数 事件监听 发布/订阅 Promise 对象 Generator 函数将 JavaScript 异步编程带入了一个全新的阶段. 2.所谓 ...

  8. Asp Url汉字乱码的问题

    1.js <a target="_blank" href="/asp/download.asp?File=' + escape(item.FileName) + ' ...

  9. 安装ArcGIS Enterprise WebGIS (Portal ArcGIS Server DataStore ) 系统后如何应对网络环境的配置修改

    客户往往在部署完ArcGIS WebGIS系统后,由于需要满足业务或者网络管理的要求,需要修改系统的网络环境的配置,下文将从常见的几个场景来讲述如何去应对这些变动. 1.网络IP地址变动 由于在部署W ...

  10. Android Dragger2快速入门浅析

    定Dagger2的基本介绍:dagger2是一个依赖注入框架,在编译期间自动生成代码,负责依赖对象的创建. 使用Dagger2的好处:为了进一步解耦和方便测试,我们会使用依赖注入的方式构建对象 (不使 ...