php-删除";代码“;facebook应用程序URL中的参数
我现在已经完成了我的facebook应用程序,它可以工作了,但是,当用户第一次授权使用该应用程序时,我会将他们重定向到facebook文档中给出的位置php-删除";代码“;facebook应用程序URL中的参数,php,facebook,url,parameters,Php,Facebook,Url,Parameters,我现在已经完成了我的facebook应用程序,它可以工作了,但是,当用户第一次授权使用该应用程序时,我会将他们重定向到facebook文档中给出的位置 $app_id = "123456789"; $canvas_page = "http://apps.facebook.com/myapp/"; $auth_url = "http://www.facebook.com/dialog/oauth?client_id=".$app_id."&redirect_uri=".urlencod
$app_id = "123456789";
$canvas_page = "http://apps.facebook.com/myapp/";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id=".$app_id."&redirect_uri=".urlencode($canvas_page)."&scope=email,publish_stream";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if(empty($data["user_id"])){
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
echo "Welcome User: " . $data["user_id"]."<br/>";
// UPDATE CODE START
// below code from facebook docs
$app_secret = "asdfghjkl1234567890qwerty";
$my_url = "http://apps.facebook.com/myapp/";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
} else {
echo("The state does not match. You may be a victim of CSRF.");
}
// UPDATE CODE END
}
die();
$app_id=“123456789”;
$canvas_page=”http://apps.facebook.com/myapp/";
$auth_url=”http://www.facebook.com/dialog/oauth?client_id=“$app\u id.”&redirect\u uri=“.urlencode($canvas\u page)。“&scope=email,publish\u stream”;
$signed_request=$_request[“signed_request”];
列表($encoded_sig,$payload)=分解('.',$signed_请求,2);
$data=json_解码(base64_解码(strtr($payload,'-'','+/')),true);
if(空($data[“user\u id”])){
echo(“top.location.href=”。$auth_url。””;
}否则{
echo“欢迎用户:”.$data[“用户id”]。“
”;
//更新代码开始
//下面是来自facebook文档的代码
$app_secret=“asdfghjkl1234567890qwerty”;
$my_url=”http://apps.facebook.com/myapp/";
会话_start();
$code=$_请求[“code”];
if(空($code)){
$_SESSION['state']=md5(uniqid(rand(),TRUE));//CSRF保护
$dialog_url=”http://www.facebook.com/dialog/oauth?client_id="
.$app\u id.&redirect\u uri=“.urlencode($my\u url)。”&state=”
.u会话[“状态];
echo(“top.location.href=”。$dialog\u url。””;
}
if($\u请求['state']=$\u会话['state']){
$token_url=”https://graph.facebook.com/oauth/access_token?"
“client_id=“.app_id.”和redirect_uri=“.urlencode($my_url)
.“&client_secret=”.$app_secret.&code=”.$code;
$response=file\u get\u contents($token\u url);
$params=null;
parse_str($response,$params);
$graph_url=”https://graph.facebook.com/me?access_token="
.$params['access_token'];
$user=json_decode(文件获取内容($graph_url));
echo(“你好”。$user->name);
}否则{
echo(“状态不匹配。您可能是CSRF的受害者”);
}
//更新代码结束
}
模具();
问题在于,在浏览器url中,它看起来类似于以下内容:
什么是“代码”参数,为什么它会出现,我如何去掉它
关于您需要使用该
代码
来获取访问令牌。在此之前,您尚未完成身份验证过程
从文档中,获得该代码后,需要将其发送到Facebook Graph API:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
总之,FacebookOAuth身份验证是一个两步过程,您只完成了其中一步
谢谢