开发者

Facebook user deauthorizes the app

问答 作者:

when user accepts the facebook application from my website, I am storing the user details and facebook details(access token) in database.

when he removes my application from facebook i want to remove the detail from database. how to do this?

I can give Deautho开发者_JAVA百科rize Callback url. if some one removes application, it will redirect to this page. but, wt should be the code here to delete the data from db? I means, when it redirect, will it post the access token details, so that i can charge fro access token and delete that row.

It's clearly stated in the authentication document:

App Deauthorization

When a user of your app removes it in the App Dashboard or blocks the app in the News Feed, your app can be notified by specifying a Deauthorize Callback URL in the Developer App. During app removal we will send an HTTP POST request containing a single parameter, signed_request, which contains the user id (UID) of the user that just removed your app. You will not receive an user access token in this request and all existing user access tokens will be automatically expired.

So using the signed_request function on its own docuement: 

<?php
function parse_signed_request($signed_request, $secret) {
  list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

  // decode the data
  $sig = base64_url_decode($encoded_sig);
  $data = json_decode(base64_url_decode($payload), true);

  if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
    error_log('Unknown algorithm. Expected HMAC-SHA256');
    return null;
  }

  // check sig
  $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
  if ($sig !== $expected_sig) {
    error_log('Bad Signed JSON signature!');
    return null;
  }

  return $data;
}

function base64_url_decode($input) {
  return base64_decode(strtr($input, '-_', '+/'));
}

$result = parse_signed_request($_REQUEST['signed_request'],"APP_SECRET");


$myFile = "deauthorize.txt";
$fh = fopen($myFile, 'w') or die("can't open file");
fwrite($fh, $result["user_id"] . "\n");
fclose($fh);

?>

So all you need to do is get the $result["user_id"] query your DB and remove the record.

P.S: I would recommend adding a new field called active and just deactivate the user instead of removing the record all together.

EDIT:
Facebook will NOT redirect the user to the deauthorize URL! it'll ping it only:

Facebook pings this URL when a user deauthorizes your app

This code is not working, although it gets called when a user deauthorizes the app the only data passed into the function is a "1" (Tested with test user and my own FB account when app is live)

file_put_contents("test.txt",$fbUserId . " ". print_r($_REQUEST['signed_request']));

in test.txt file " 1"

继续阅读:facebookphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9