开发者

Once I have the access_token, how do I get the associated user_id server side?

I know I can request:

https://graph.facebook.com/me?access_token=ACCESS_TOKEN 

But 'me' which refers to the 'active user' which presumably is the user logged on to facebook开发者_开发技巧 on this machine which would be the server, I need the facebook user at the clients end user_id so my server can make requests to the GraphAPI about that user using the format:

https://graph.facebook.com/USER_ID?access_token=ACCESS_TOKEN 


I guess you are missing the fundamentals of the user authentication concept which is not only related to Facebook.

Let us assume that two users A & B visited domain.com/fb_profile.php, which contains (the example file from the PHP-SDK):

<?php

require '../src/facebook.php';

$facebook = new Facebook(array(
  'appId'  => 'APPLICATION_ID',
  'secret' => 'APPLICATION_SECRET',
  'cookie' => true,
));


$session = $facebook->getSession();

$me = null;
// Session based API call.
if ($session) {
  try {
    $uid = $facebook->getUser();
    $me = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
  }
}

// rest of code

They both logged in successfully, and the page reloaded. What happened now is that we have a valid session for both users!
And when the fb_profile.php is requested from the user A (client) the $facebook->api('/me'); will be holding the "active user" details from that specific request (client)! and your machine (the server) will be holding the sessions for all the logged in users!

So each time fb_profile.php is requested from a client with a valid session, the result of executing $facebook->api('/me'); will be related to that specific session from that specific client!

So what have you said here (in bold) is wrong:

But 'me' which refers to the 'active user' which presumably is the user logged on to facebook on this machine which would be the server

And by the way, when you have a valid session both:

$facebook->api('/me');

And:

$facebook->api('/USER_ID');

Will return the same info (of course the USER_ID is the id of the user logged in on the client-side).


Looking at the source code of the SDK's I found they parse the user_id from the access token:

        /*
         * access_token:
         *   1249203702|2.h1MTNeLqcLqw__.86400.129394400-605430316|-WE1iH_CV-afTgyhDPc
         *                                               |_______|
         *                                                   |
         *                                                user id
         */

BUT one shouldnt have to do this as instead of requesting the token your app should redirect them to the landing page following which facebook will re POST the signed_request with the access_token and user_id. The facebook documentation on authorisation (it seems to have since been updated) wrongly told ones app to request token but that is only applicable for websites not apps. I find it annoying how the facebook docs keep telling one how simple it is yet they fail to simply explain it and get wrong anyway...

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜