Php 如何向我当前的facebook应用程序用户请求额外权限?
我使用此代码请求用户对我的应用程序进行许可Php 如何向我当前的facebook应用程序用户请求额外权限?,php,facebook,facebook-graph-api,Php,Facebook,Facebook Graph Api,我使用此代码请求用户对我的应用程序进行许可 $app_id = "1231654321654121"; $canvas_page = "http://apps.facebook.com/manydldotnet/"; $auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=em
$app_id = "1231654321654121";
$canvas_page = "http://apps.facebook.com/manydldotnet/";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=email,read_stream";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
}
但现在我需要向当前用户请求发布流权限,
我在scope参数中添加了publish_stream权限,但它不适用于之前已授予应用权限的用户
那么我该如何解决这个问题呢
谢谢…显然,一旦用户授权您的应用程序,用户id将始终出现在已签名的请求中。因此,您需要检索用户的权限并进行检查 下面是一个例子:
<?php
$app_id = "APP_ID";
$app_secret = "APP_SECRET";
$canvas_page = "http://apps.facebook.com/appnamespace/";
$GRAPH_URL = "https://graph.facebook.com/";
$scope = "publish_stream,email";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=" . $scope;
$signed_request = $_REQUEST["signed_request"];
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
exit;
}
$permissions = json_decode(file_get_contents($GRAPH_URL . "me/permissions?access_token=" . $data["oauth_token"]), TRUE);
if( array_key_exists('publish_stream', $permissions['data'][0]) ) {
// Permission is granted!
// Do the related task
echo "You granted the publish_stream permission to my app!";
} else {
// We don't have the permission
// Alert the user or ask for the permission!
echo("<script> top.location.href='" . $auth_url . "'</script>");
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
在我的教程中可以找到更多信息:显然,一旦用户授权您的应用程序,用户id将始终出现在已签名的请求中。因此,您需要检索用户的权限并进行检查 下面是一个例子:
<?php
$app_id = "APP_ID";
$app_secret = "APP_SECRET";
$canvas_page = "http://apps.facebook.com/appnamespace/";
$GRAPH_URL = "https://graph.facebook.com/";
$scope = "publish_stream,email";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=" . $scope;
$signed_request = $_REQUEST["signed_request"];
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
exit;
}
$permissions = json_decode(file_get_contents($GRAPH_URL . "me/permissions?access_token=" . $data["oauth_token"]), TRUE);
if( array_key_exists('publish_stream', $permissions['data'][0]) ) {
// Permission is granted!
// Do the related task
echo "You granted the publish_stream permission to my app!";
} else {
// We don't have the permission
// Alert the user or ask for the permission!
echo("<script> top.location.href='" . $auth_url . "'</script>");
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
?>
更多信息可以在我的教程中找到:我很确定,一旦你将你正在请求的新权限添加到你的范围中,facebook将自动使用应用程序的“请求访问”对话框再次提示他们,用户只需批准他们即可 我敢肯定,一旦你将你请求的新权限添加到你的范围中,facebook将自动使用应用程序的“请求访问”对话框再次提示他们,用户只需批准他们即可 这相当简洁,请解释发生了什么。这相当简洁,请解释发生了什么。
<fb:login-button scope="create_event">Grant Permissions to create events</fb:login-button>