开发者

Is there any standard method that can be used to verify oauth2 access_token on server, which was obtained on client?

问答 作者:

I want to authenticate native devise by oauth2 access token, which was obtained using client side flow (http://developers.facebook.com/docs/authentication/)

Currently I just call one of the protected method using this token and handle AccessDenied error. May be there is build in 开发者_如何学JAVAmethod that validates token?

Here is ruby sample with OAuth2 gem:

begin
  response =  JSON.parse(token.get('/me'))
rescue OAuth2::AccessDenied
  render :json => { errors: {"" => ["Invalid oauth2 token"]}}
else
  ...
end

If I understand your question, you're asking how to handle when a valid access token becomes invalid, for example, if a user removes your app. According to this Facebook blog post: https://developers.facebook.com/blog/post/500/, there is no absolute way except for firing an API call, which you surmised. Guess we are all out of luck.

P.S. That blog post has good details on other scenarios a valid access token might expire.

as far as I know, there is no publicly available method / api that we can validate token.

The closest that I know is the access token linter that Facebook has provided.

继续阅读:facebookoauth-2.0

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9