{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 欢心 的问题《Chrome Extension: Facebook OAuth with manually ret》','https://www.manongdao.com/q-1252895.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
As stated in the Facebook Oauth Documentation, in order to use the Client Side Flow with a Desktop App, the special return_uri https://www.facebook.com/connect/login_success.html is required.
Opening a new tab from Chrome to the url
https://www.facebook.com/dialog/oauth?client_id=MYAPPID&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token
works as expected, I am redirected to the login_success page with an access_token parameter containing the token. I can request data from the Graph API using simple GET requests (e.g., with jQuery):
$.getJSON("https://graph.facebook.com/me", {access_token : token}, function (d)
{
.. process returned data
});
My question is, can I continue to use the Javascript SDK without using the SDK's internal authorization methods.
FB.getLoginStatus returns an error that my Connect/Canvas URI isn't correct. How am I supposed to check the token status without that method [apart from a manual GET and response matching]?
FB.login obviously fails with the following error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri
(url does not match domain url in the app's config), as there seems to be no way to internally specify the return_uri above.
Is there a way to still rely on the Javascript SDK (especially events) while accessing a token externally? Am I supposed to override the access token?
Yes, you can use it for the normal events (i.e. someone clicked a like button) like so:
Unfortunately for regular API calls you can't use the Facebook JS SDK from within your extensions. You'll have to roll your own API wrapper for that.
An easy way to see if the access token is valid, is to make a graph API call to /me?fields=id with the access token you have saved. That will be fast and you can use the response to see if the access token is still valid. Best practice for extensions is to request the permission
offline_access.Also, I would recommend having the redirect URI be on a domain you own. That way if other extensions are doing the same, your scripts won't interfere. Accessing the token will be the same.