2

The Facebook iOS SDK is granting encrypted or encoded access tokens in this format:

v9ylvkttPnuFWUX4KVdjDPB0SRXkuKX7z281rqjHuG0.eyJpdiI6ImEwWXBDaEtncWpDTU5ibUNuQWdROWcifQ.Y-DwxRY2ZAFZiP7EVuR-HksXqmGw9LXP6umGrfz2XnjSLm0a508u7_jXq0_Kz5a2S8AUUulzUvIRVxTS51_i6VfSByOCbFBIKoBe0-n-Pa8NC29wbuVmGJLvq4W-ezhv0DzA3diiCIqCybt9ELDXoA

Using oAuth on the web, Facebook provides unencrypted / unencoded access tokens in this format (this one is not real):

213455681425|1.BGgrgnfWrdpG_X18.3600.1213252135.2-1334679|dHcDbxGbeYbLg3SRgw12fdf4gd60

How can I decrypt/decode the iOS access token so that I can read the expiration unix time value and user id like I can with the unencoded tokens? The reason I need the expiration date is to determine when it expires, and I need the user id to publish with the appID|appSecret style access token in the event the access token is expired yet the user hasn't revoked publish_stream access.

4

1 回答 1

0

该访问令牌永远不会过期,因为它具有 offline_access 权限。见这里

在这种情况下,用户似乎通过取消对应用程序的授权或更改他/她的密码来使访问令牌过期。为了缓解这种情况,请考虑使用应用取消授权回调 url。以下是更多细节:

当您的应用的用户在 App Dashboard 中将其删除或在 News Feed 中阻止该应用时,可以通过在开发者应用中指定取消授权回调 URL 来通知您的应用。在应用删除期间,我们将发送一个 HTTP POST 请求,其中包含一个参数 signed_request,其中包含刚刚删除您的应用的用户的用户 ID (UID)。您不会在此请求中收到用户访问令牌,并且所有现有用户访问令牌都将自动过期。

http://developers.facebook.com/docs/authentication/

于 2011-07-21T20:09:01.227 回答