我正在使用一个 facebook 客户端库,它只要求一个访问令牌,而不是应用程序 ID/秘密,以便发出请求。
这对我来说有点奇怪,因为 Facebook javascript SDK 也需要应用程序 ID,而 PHP SDK 需要应用程序 ID 和应用程序密码。
应用程序 id/secret 是否不需要,如果我只是提供访问令牌,就足够了吗?
例如,如果用户已授予我的应用程序 publish_stream 权限,并且我尝试仅使用访问令牌将某些内容发布到他的时间线,那会成功吗?
(我使用的客户端是用于 java 的 RestFB)。
well you need to pass the app-id and the app-secret only when you're exchanging the code for access_token for the first time when the user authenticates your app and you can store this access token in your DB to make further API calls, otherwise it should only be the access_token that you need to pass in the API call that you make. And since you are only trying to post something to the users wall, that should only require the users access_token.
There are a few exceptions that explicitly require you to pass the app-id and app-secret like, when you're handling expired tokens.