0

承认经过身份验证的推荐机制当前不适用于 Facebook 应用程序的移动 Web 设置,我遇到了基于返回代码验证访问令牌的问题。

我试图获取访问令牌的 URL 是: https ://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-开发/挑战&返回=真

这是访问者在通过此 URL 进行预身份验证后发送到的 URL:http ://apps.facebook.com/fanhood-dev/challenge?fh_gameChallengeID=2678 。但是,与常规的经过身份验证的引用不同,没有额外的数据传递到 URL 中,因此应用程序可以缩短 oauth 重定向循环。

此时,我将访问者重定向到移动 OAuth 对话框以对其进行身份验证: http://m.facebook.com/dialog/oauth?client_id=250258605018414&redirect_uri=https%3A%2F%2Fstaging.fanhood.com%2Ffacebook %2Fmobile%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid%3D9%26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&scope=email%2Cfriends_about_me%2Cfriends_education_history_interest%2Cfriends_education_friends_interest%2 %2Cfriends_likes%2Cfriends_location%2Coffline_access%2Cpublish_actions%2Cpublish_stream%2Cuser_activities%2Cuser_birthday%2Cuser_education_history%2Cuser_hometown%2Cuser_games_activity%2Cuser_interests%2Cuser_likes%2Cuser_location&response_type=code&display=touch

当用户被重定向回来时,我确实收到了一个代码来交换:

Code: AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ

但是,我目前没有任何交换此代码的请求有效。我正在尝试不同的 redirect_uri 格式变体,但都不起作用:

原始 URL 为 redirect_uri:

我有一种机制可以去除特定的查询参数,按字母顺序重新排序,然后重新组合,以便 redirect_uris 在请求之间保持一致。在这种情况下,redirect_uri 与传递给对话 URL 的内容完全匹配: https ://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com /fanhood-dev/challenge&returned=true == https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=真的

https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=https%3A%2F%2Fstaging.fanhood.com%2Ffacebook%2Fmobile%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid%3D9% 26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&code=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21

对经过身份验证的推荐的空白 redirect_uri 尝试:

https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=&code=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21

redirect_uri 结构为我们的移动画布 URL:

https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=https%3A%2F%2Fm.facebook.com%2Fapps%2Ffanhood-dev%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid% 3D9%26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&code=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21

redirect_uri 结构为我们的画布 URL:

https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=https%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid%3D9% 26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&code=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21

有谁知道 Facebook 用于移动 OAuth 请求的 redirect_uri 格式?如果支持查询参数?这个相同的 URL 适用于我们的常规画布应用程序,但不适用于我们的移动版本。

4

1 回答 1

1

请参阅Authenticated Referrals & Server-Side Auth Flow -什么是redirect_uri?

当我在 &code=... 之后剥离 request_uri 部分时,它开始工作。

于 2012-08-16T13:21:31.980 回答