4

I've been developing an app for the past few weeks and up until now there have been no issues. Just a couple days ago a strange bug has started occurring:

My application uses the PHP SDK and implements the Javascript SDK for user authorization. The user is allowed to roam the application freely, but when they click on a video, FB.login is called to request permissions from the user and get an access token.

jQuery Code 

FB.login(function(response) {

    if (response.authResponse) {

        //Set global vars
        fb_uid = response.authResponse.userID;
        fb_token = response.authResponse.accessToken;

        //If user has already authorized the app
        if (response.status === 'connected') {

            //Create the user record
            $.ajax(site_url + '/facebook/create_fb_user', {
                type: 'POST',
                dataType: 'json',
                data: {fb_uid: fb_uid, token: fb_token},
                success: function (data) {
                    user = data.resp.fb_user;
                    viewVideo(item);
                }
            });
        };
    };
}, {scope: "publish_stream"});

PHP Code

try {

    $this->_fb->setAccessToken($this->request->post('token'));

    $data = $this->_fb->api("/me");

    $model = new Model_Fbuser;
    $model->data = array(
        'fb_uid' => $data['id'],
        'fb_token' => $extended_token
    );
    $resp = $model->update();

    return $this->render_json(array(
        'success' => TRUE,
        'resp' => $resp
    ));

} catch (Exception $e) {

    return $this->render_json(array(
        'success' => FALSE,
        'error' => $e->getMessage(),
        'token' => $this->request->post('token')
    ));

}

The first time the user does this, the FB.login call returns a valid access token, the PHP SDK is able to set the token, and everything works as expected.

However, should the user revoke the application's access in their App Settings, and then return to the application, they are presented with the FB.login once more, but this time, the call returns the same access token they were previously given, which has already had its access revoked. Trying to set the access token with the PHP SDK throws the exception: "Invalid OAuth access token."

Yet if I then check the token in the Facebook debugger, is says it is valid.

Edit: Further investigation reveals that the user is issues the same access token every time in the same session. If the user logs out, then logs back in, then they will receive a new valid token. But if they try to get a new token without logging out first, Facebook reissues them the same invalid one. When trying to use this access token to query information about the user, this is the response:

{"error":{"type":"OAuthException","message":"Error validating access token: The session was invalidated explicitly using an API call."}}
4

1 に答える 1

1

この方法で「無効なOAuthアクセストークン」エラーが発生した場合、通常はFB.logout()を呼び出し、すぐにコールバックでFB.login()を呼び出します。

FB.logout(function(response) {
  // user is now logged out
  FB.login(...)
});

理想的ではありませんが、そのようなユースケースを修正するための最良の方法です。

于 2014-01-14T13:07:26.167 に答える