facebook - Can the server get a long-lived access token with the code in `signedRequest`?

Question

Is the code property of authResponse.signedRequest (in the Facebook JavaScript API) useful? I'm generating one like this:

FB.login({ scope: "email" }, function(r) {
    console.log([
        function(d){ return d.split('.')[1]; },
        function(d){ return atob(d.replace('-', '+').replace('_', '/')); },
        JSON.parse,
        function(d){ return d.code; }
    ].reduce(
        function(acc, f) { return f(acc); },
        r.authResponse.signedRequest
    ));
});

The docs say this:

code: an OAuth Code which can be exchanged for a valid user access token via a subsequent server-side request

…but that link redirects to Facebook Login home page. I found the /oauth/access_token endpoint documented here, but it requires a redirect_uri parameter, and there isn't one in this case.

score 0 · Accepted Answer

CBroe が示唆したように、この応答のは、有効期間codeの短いトークンを作成するために JavaScript SDK によって既に使用されているようです。

facebook - Can the server get a long-lived access token with the code in `signedRequest`?

2 に答える 2

Related

Reference