开发者

How to obtain a new Api.AccessToken after user has log out from Facebook

问答 作者:

I'm using Facebook Graph Toolkit and doing ASP.NET website development.

There's a Api object in this toolkit and there's this Api.AccessToken that is giving me a headache!

Here goes the problem description:

  1. User visits my website (say, this case is IE 8 browser).

  2. User clicks on Login to FB (in order for my App to retrieve his FB info via the Api graph).

  3. User logins with his FB credential and Approve the App.

  4. User is redirected back to the same page that he clicks on the Login to FB button (in step 2, because the button, will invoke the method RedirectToFacebookAuthorization() ).

  5. User then logs out from Facebook.com (my website hasn't implement any log out button for this scenario).

  6. User has successfully logged out from his FB account, he revisit my website.

  7. My website throws out an exception message as below:

          OAuthException : Error validating access token: The session is invalid because the user logged out

  8. The user clicks on Login to FB button on my website but no response (actually, the response is the exception message throwing back again). Even if he opens another IE browser window and click on the button, no response too. I've attempted the try/catch and caught the exception only to inform the user that he has already log out from my website and fac开发者_StackOverflowebook.

So the situation is how to make the user to obtain another valid Access Token... I can only think of it is that the user has to click on the Login to FB button on my website but the (previous) Access Token is already invalid and cannot be overwritten by the 2nd attempt to login. And the only way that I have tested in order for the user to re-login to my website using his FB is to close the browser Window (but I don't want such user experience because user doesn't know that he has to close the browser and open it again to login to my website).

Even if the user has chosen to go to Facebook.com and login from there, and then revisit my website, he is still not authenticated and not allow to proceed further on my website.

Please enlighten me on what to resolve the above problem. Is the approach that I'm using is wrong?

EDIT: added the codes for further explanation

Here's my code and

    protected void Page_PreInit(object sender, EventArgs e)
{
    RequireLogin = false;
    ExtendedPermissions = "offline_access,user_about_me,user_activities,user_birthday,";
}

protected void btn_fbLogin_Click(object sender, EventArgs e)
{
    try
    {
        if (Api == null)
            RedirectToFacebookAuthorization();
    }
    catch (Exception ex)
    {
        Response.Write("Failed to login to Facebook.");
    }
}

protected void btn_FBMerge_Click(object sender, EventArgs e)
{
    try
    {
        SqlConnection con = new SqlConnection(conStr);
        SqlCommand cmd = new SqlCommand("getEmail", con);
        cmd.CommandType = CommandType.StoredProcedure;
        SqlParameter demai = new SqlParameter("@dem", SqlDbType.VarChar, 255);
        cmd.Parameters.Add(demai);
        cmd.Parameters["@dem"].Value = lbl_FBEmail.Text;
        SqlDataReader Dr;
        con.Open();
        Dr = cmd.ExecuteReader();
        if (Dr.Read())
        {
            if ((lbl_FBEmail.Text == Dr[9].ToString()))
            {
                // grab each column from DR and place to asp:Labels...
            }
            else
            {
                // show some error message
            }
        }
        else
        {
            // display another division and put the FB email, first name, last name and gender to 4 more labels
        }
    }
    catch (Exception ex)
    {
        Response.Write("Attempt to Merge Facebook failed");
    }
}

protected void btn_Confirm_Click(object sender, EventArgs e)
{
    try
    {
        SqlConnection con = new SqlConnection(conStr);
        SqlCommand cmd = new SqlCommand("mergeFB", con);
        cmd.CommandType = CommandType.StoredProcedure;
        SqlParameter dsomeID = new SqlParameter("@someID", SqlDbType.VarChar, 50);
        SqlParameter dfbID = new SqlParameter("@fbID", SqlDbType.VarChar, 50);
        cmd.Parameters.Add(dsomeID);
        cmd.Parameters.Add(dfbID);
        cmd.Parameters["@someid"].Value = lbl_MyID.Text;
        cmd.Parameters["@fbID"].Value = lbl_FBID.Text;
        con.Open();
        cmd.ExecuteNonQuery();
        con.Close();
        Response.Write("Your Facebook account has been added to mywebsite account successfully");
    }
    catch (Exception ex)
    {
        Response.Write("Attempt to Merge Facebook failed");
    }
}

The problem occurs when the button (method is btn_FBMerge_Click) is clicked and IE gives me forever respond and Firefox give me the error that I mentioned earlier.

If I didn't include the offline_access permission, when I click on the btn_FBMerge_Click button, I don't get that strange problem. Then, this still leads to the main problem which is the Api.AccessToken is invalid issue that I mentioned in my original problem.

If the users token is no longer valid, you will need to show the login button to get a new valid session token. If you want to get a token that doesn't expire, you can prompt the user for "offline_access" extended permission. But only do that if its absolutely necessary as people don't tend to like to give apps that permission without good reason.

继续阅读:facebookfacebook-graph-api

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9