我承认经过身份验证的推荐机制目前不适用于Facebook应用程序的移动网络设置,因此在基于返回代码验证访问令牌时遇到了问题。
我试图为其获取访问令牌的URL是:https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&return=真实
这是访问者通过此URL进行预身份验证后发送到的URL:http://apps.facebook.com/fanhood-dev/challenge?fh_gameChallengeID=2678.但是,与常规的经过身份验证的引用不同,没有额外的数据传递到URL中,因此应用程序可以缩短oauth重定向循环。
此时,我将访问者重定向到移动OAuth对话框以对其进行身份验证:http://m.facebook.com/dialog/oauth?client_id=250258605018414&redirect_uri=https%3A%2F%2Fstaging.fanhood.com%2Ffacebook%2Fmobile%2FchallengeID%3DFh_gameChallengeID%3%3D2678%26ref%3Web_canvas%26refid%3D9%26refsrc%3http%3A%2F%2F%2Apps.facebook.com%2Ffanhood dev%2Fchachallenge%26return%3True&scope=电子邮件%2friends_about_me%2friend_education_history%2friend_hometown%2friend_interest%2friend_likes%2friend_location%2Offline_access%2publish_actions%2publish_stream%2user_activities%2user_birthday%2user_education_history%2user_hometown%2user_games_activity%2user_interests%2user_likes%2user_location&response_type=代码&display=触摸
当用户被重定向回时,我确实收到了一个要交换的代码:
代码:AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6ymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZvyJbJDnqOesB3zFLr5ohpgtpQ
但是,我交换此代码的请求目前都不起作用。我正在尝试redirect_uri格式的不同变体,但都不起作用:
作为redirect_uri的原始URL:
我有一种机制,可以去掉特定的查询参数,按字母顺序重新排序,然后重新组装,使redirect_uris在请求之间保持一致。在这种情况下,redirect_uri与传递给对话框URL的内容完全匹配:https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&return=true==https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&return=真实
https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=https%3A%2F%2Fstaging.fanhood.com%2Ffacebook%2Fmobile%2FchallengeID%3DFh_gameChallengeID%3%3D2678%26ref%3Web_canvas%26refid%3D9%26refsrc%3http%3A%2F%2F%2Apps.facebook.com%2Ffanhood dev%2Fchachallenge%26return%3True&代码=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwy3Ch08rkNh-YEIa6HV_LHxl6ymfkAbQEMgSA6F4bdtINsCQ7QlLpcRwrZWkzxZvyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21
通过身份验证的推荐的空白重定向uri尝试(_U):
https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=&代码=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwy3Ch08rkNh-YEIa6HV_LHxl6ymfkAbQEMgSA6F4bdtINsCQ7QlLpcRwrZWkzxZvyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21
redirect_uri结构为我们的移动画布URL:
https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=https%3A%2F%2Fm.facebook.com%2Apps%2Fanhood dev%2Fchallenge%3Fh_gameChallengeID%3D2678%26ref%3Web_canvas%26refd%3D9%26refsrc%3http%3A%2F%2F%2Apps.facebook.com%2Fanhood-dev%2Fchallenge%26return%3True&代码=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwy3Ch08rkNh-YEIa6HV_LHxl6ymfkAbQEMgSA6F4bdtINsCQ7QlLpcRwrZWkzxZvyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21
redirect_uri结构为我们的画布URL:
https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=https%3A%2F%2Apps.facebook.com%2Fanhood dev%2Fchallenge%3Fh_gameChallengeID%3D2678%26ref%3Web_canvas%26refd%3D9%26refsrc%3http%3A%2F%2F%2Apps.facebook.com%2Ffanhood dev%2FChamllenge%26return%3True&代码=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwy3Ch08rkNh-YEIa6HV_LHxl6ymfkAbQEMgSA6F4bdtINsCQ7QlLpcRwrZWkzxZvyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21
有人知道Facebook在移动OAuth请求中使用哪种重定向_uri格式吗?如果支持查询参数?这个URL适用于我们的常规canvas应用程序,只是不适用于移动版本。
请参阅Authenticated Referrals&服务器端身份验证流-什么是redirect_uri?
当我在&代码=。。。它开始工作了。