2

也许你能帮我做点什么。我想使用 Spring Social 在 Facebook 页面上获取所有公开可用的帖子。

我不需要对某个用户或某事进行 OAuth 身份验证,因为我不想以某人的名义发布、评论或任何内容。

尽管如此,Facebook 仍需要在发出请求时传递访问令牌。所以我正在执行以下操作来获取所有公共帖子。

现在我的问题是:有没有更简单、更简洁的方法来做到这一点,或者 Spring Social 是否只支持完整的用户身份验证 OAuth 舞蹈而不是这种相当简单的方法?

public List<Post> fetchFacebookPosts() {

    String accessTokenUrlString = String.format("https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=%s&client_secret=%s&redirect_url=%s", getFacebookAppId(), getFacebookAppSecret(), "http://www.return.url");

    String token = "";

    try {
        // HTTPURLConnection stuff omitted
        // returns: accessToken=xxxx|xxxxxxxxxxxxx

        token = response.toString().substring(response.toString().indexOf("=")+1);

    } catch (IOException e) {
        // ...
    }

    FacebookTemplate facebookTemplate = new FacebookTemplate(token);
    return facebookTemplate.feedOperations().getFeed("12345678");
}
4

3 回答 3

2

要获取 Facebook 页面的提要,您甚至可以使用最基本的访问令牌 ,App Access Token而无需用户登录/授权。

String appAccessToken = APP-ID + '|' + APP_SECRET;

在这些文章中阅读有关不同访问令牌的更多信息:

于 2014-07-30T17:50:27.353 回答
1

In addition to OAuth 2 authorization code grant (the full user-authorized token flow), Spring Social's OAuth2Template also supports password grant and client credentials grant.

Password grant would require that you obtain a user's credentials, but you wouldn't have to take them through the entire OAuth flow. It's generally recommended that password grant only be used for native applications where the redirect flow would be awkward or impossible. Even so, Facebook (as far as I know) doesn't support password grant, so that option is off the table.

Facebook does support client credentials grant via OAuth2Template's authenticateClient() methods. In this scenario, you trade your application's credentials (given to you by Facebook) for an access token. Be aware, however, that the token you get is limited to only be used for requests that aren't user-centric.

Generally, most of Facebook's API requires a user token...which you must get via the full authorization flow. This isn't a limitation of Spring Social...it's strict security limitation enacted by Facebook.

于 2014-07-30T17:41:04.220 回答
0

在这种情况下,文档 [1] 非常清楚。您需要一个 access_token。要求 access_token 并不意味着它仅用于发布内容。这是 Facebook 的要求,Spring Social 对此无能为力。

[1] https://developers.facebook.com/docs/graph-api/reference/v2.0/page/feed/

于 2014-07-30T15:35:35.413 回答