我已经从 Facebook 为我们的应用程序删除了 20 多个权限,但在我的一生中,我无法获得 Facebook OAuth Dialog 请求来反映新的减少权限列表。无论我传入什么,它都会继续要求比我要求更多的权限。
我已经尝试使用之前在 facebook 上与我们的应用程序链接的帐户,并且我尝试使用全新的测试帐户(通过 facebook 开发者网站创建,没有预先授权它们)。我尝试在我的设备上卸载 Facebook 应用和我们的应用,我尝试了几种不同的设备。
我正在尝试使用 Facebook Android SDK(3.0 之前)授权用户,但我也尝试绕过它并使用我们的服务器端身份验证流程,它在任何一种情况下都会显示旧列表。
我已经搜索了我们的整个代码库、客户端和服务器,以寻找可能隐藏的某个地方的权限,但它们无处可寻。我已经在 Facebook SDK 中打开了调试和打印语句,并且可以确认它实际上正在接收我更新的 .authorize() 方法的权限列表,并且它正在尝试在 FbDialog 中加载移动 url(当我使用正确的权限列表卸载 facebook 应用程序)。但是,它显示的权限包括我已删除的所有权限。
我什至尝试将权限添加到我们之前在 Facebook 开发人员网站中的空白权限列表中,以获取 App Center 列表,尽管我认为这与 OAuth Dialog 无关。
这也应该与 Facebook SDK 3.0+ 首先只执行读取权限的方法无关,也与 Facecbook OAuth Dialog 将权限分解为多个页面的事实无关。我的问题是它请求的权限比我想要的多,而不是更少。
具体来说,它要求以下内容:
笔记、事件、家乡、宗教和政治观点、关系、关系兴趣、聊天状态、朋友的关系、关系兴趣、笔记、聊天状态、事件、家乡、宗教和政治观点
但是我已经删除了所有这些权限。我什至尝试只请求 user_photos 权限,但它继续在 OAuth 对话框中显示一长串。
以前有人遇到过这个问题吗?卸载 facebook 和您的应用程序时是否有一些设备缓存未删除?
我知道 Facebook App Developer 网站中曾经有更多设置,用于列出经过身份验证的推荐的权限等,这些设置是否可能以某种方式保留在幕后,即使它们不再可访问?
这是来自 Android Facebook SDK(3.0 之前)中 FbDialog 类的完整日志,我只请求“user_photos”,但仍显示以下对话框:
D/Facebook-WebView( 5622): Webview loading URL: https://m.facebook.com/dialog/oauth?display=touch&client_id=xxxx&scope=user_photos&type=user_agent&redirect_uri=fbconnect%3A%2F%2Fsuccess
D/Facebook-WebView( 5622): Redirect URL: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview loading URL: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview onPageFinished: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview loading URL: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview onPageFinished: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview loading URL: https://m.facebook.com/login.php?skip_api_login=1&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&refsrc=http%3A%2F%2Fm.facebook.com%2Flogin.php&app_id=42701128600&refid=9
D/Facebook-WebView( 5622): Redirect URL: https://m.facebook.com/dialog/oauth?redirect_uri=fbconnect%3A%2F%2Fsuccess&display=touch&scope=user_photos&type=user_agent&client_id=xxxx&ret=login&ext=1372379560&hash=AeZmYhdN1rISiaNZ&refid=9&_rdr
D/Facebook-WebView( 5622): Webview loading URL: https://m.facebook.com/dialog/oauth?redirect_uri=fbconnect%3A%2F%2Fsuccess&display=touch&scope=user_photos&type=user_agent&client_id=xxxx&ret=login&ext=1372379560&hash=AeZmYhdN1rISiaNZ&refid=9&_rdr
D/Facebook-WebView( 5622): Webview onPageFinished: https://m.facebook.com/dialog/oauth?redirect_uri=fbconnect%3A%2F%2Fsuccess&display=touch&scope=user_photos&type=user_agent&client_id=xxxx&ret=login&ext=1372379560&hash=AeZmYhdN1rISiaNZ&refid=9&_rdr
更新(添加代码):
下面我列出了我们的完整权限集,但在上面的日志示例中,我将除“user_photos”之外的所有内容都注释掉了。请求 Facebook 授权的部分本质上是:
public final class MyFacebook {
private static MyFacebook mInstance = null;
private static Facebook mFBInstance = null;
private String[] mPermissions = null;
private Handler mHandler = null;
public static MyFacebook getInstance() {
if(mInstance == null) {
mInstance = new MyFacebook();
}
return mInstance;
}
public Facebook getFBInstance() {
if(mFBInstance == null) {
mFBInstance = new Facebook("<my facebook app id>");
SessionStore.restore(mFBInstance, MyApplication.getContext());
SessionEvents.addAuthListener(new FacebookAuthListener());
SessionEvents.addLogoutListener(new FacebookLogoutListener());
}
return mFBInstance;
}
private MyFacebook () {
mHandler = new Handler();
}
public String[] getPermissionsList() {
if(mPermissions == null) {
int i = 0;
mPermissions = new String[42];
mPermissions[i++] = "user_about_me";
mPermissions[i++] = "user_activities";
mPermissions[i++] = "user_birthday";
mPermissions[i++] = "user_education_history";
mPermissions[i++] = "user_groups";
mPermissions[i++] = "user_interests";
mPermissions[i++] = "user_likes";
mPermissions[i++] = "user_location";
mPermissions[i++] = "user_photos";
mPermissions[i++] = "user_status";
mPermissions[i++] = "user_videos";
mPermissions[i++] = "user_website";
mPermissions[i++] = "user_work_history";
mPermissions[i++] = "email";
mPermissions[i++] = "read_friendlists";
mPermissions[i++] = "read_mailbox";
mPermissions[i++] = "read_requests";
mPermissions[i++] = "read_stream";
mPermissions[i++] = "user_checkins";
mPermissions[i++] = "friends_about_me";
mPermissions[i++] = "friends_activities";
mPermissions[i++] = "friends_birthday";
mPermissions[i++] = "friends_education_history";
mPermissions[i++] = "friends_groups";
mPermissions[i++] = "friends_interests";
mPermissions[i++] = "friends_likes";
mPermissions[i++] = "friends_location";
mPermissions[i++] = "friends_photos";
mPermissions[i++] = "friends_status";
mPermissions[i++] = "friends_videos";
mPermissions[i++] = "friends_website";
mPermissions[i++] = "friends_work_history";
mPermissions[i++] = "friends_checkins";
mPermissions[i++] = "publish_stream";
mPermissions[i++] = "manage_notifications";
mPermissions[i++] = "publish_actions";
mPermissions[i++] = "user_actions.music";
mPermissions[i++] = "user_actions.news";
mPermissions[i++] = "user_actions.video";
mPermissions[i++] = "friends_actions.music";
mPermissions[i++] = "friends_actions.news";
mPermissions[i++] = "friends_actions.video";
}
return mPermissions;
}
public void logout() {
SessionEvents.onLogoutBegin();
AsyncFacebookRunner asyncRunner = new AsyncFacebookRunner(getInstance().getFBInstance());
asyncRunner.logout(MyApplication.getContext(), new LogoutRequestListener());
}
public static class FacebookAuthListener implements AuthListener {
public void onAuthSucceed() {
Log.d("FB", "onAuthSucceed: ");
SessionStore.save(getInstance().getFBInstance(), MyApplication.getContext());
Log.d("FB", "Finished Saving in onAuthSucceed");
}
public void onAuthFail(String error) {
Log.e("FB", error);
}
}
public static class FacebookLogoutListener implements LogoutListener {
public void onLogoutBegin() {
}
public void onLogoutFinish() {
// remove our stored session
SessionStore.clear(MyApplication.getContext());
}
}
private class LogoutRequestListener extends BaseRequestListener {
public void onComplete(String response, final Object state) {
// callback should be run in the original thread,
// not the background thread
mHandler.post(new Runnable() {
public void run() {
SessionEvents.onLogoutFinish();
}
});
}
}
}
以及用法:
@JavascriptInterface
public void clientAddAccount(final int network) {
AccountManageActivity.this.runOnUiThread(new Runnable(){
@Override
public void run() {
MyFacebook.getInstance().getFBInstance().authorize(ThisActivity.this, MyFacebook.getInstance().getPermissionsList(),
new FBLoginDialogListener());
}
});
}
...
private final class FBLoginDialogListener implements DialogListener {
public void onComplete(Bundle values) {
Log.d("LB", "Login Success. onComplete");
SessionEvents.onLoginSuccess();
if(MyFacebook.getInstance().getFBInstance().isSessionValid()) {
// do app stuff
}
}
public void onFacebookError(FacebookError error) {
Log.d("LB", "onFacebookError: " + error.getMessage());
SessionEvents.onLoginError(error.getMessage());
// do app stuff
}
public void onError(DialogError error) {
Log.d("LB", "onError: " + error.getMessage());
SessionEvents.onLoginError(error.getMessage());
// do app stuff
}
public void onCancel() {
Log.d("LB", "onCancel");
SessionEvents.onLoginError("Action Canceled");
// do app stuff
}
}