Facebook Oauth Access Token Different when using G

2019-03-15 15:22发布

(Disclaimer: The access_tokens and appIds in this post are fake and are just intended to look real)

I'm trying to generate an access_token using the call to the following:

https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=123456789000000&client_secret=03252f2ff1eddffe234a0dc7256abb8c

That gives me an access_token in this format:

access_token=123456789000000|TR528Smvi4AXMM21Zhmi5XmJwmk

If I try to access a fan page that's protected with that token like this I get false back: http://graph.facebook.com/109813019043531?access_token=123456789000000|TR528Smvi4AXMM21Zhmi5XmJwmk

Now, if I use the Graph API Explorer and select the same App as the one I'm using above to generate the access token I get an access token that looks like this:

ABBDSqE43jFSSbrS7ujvyLZClfyKDCZBhAuLXTtr9nwelj4MFwlijzejljEoNItC3lijzm3shemzq3jDFCdAZD

If I use that access token to access the URL (http://graph.facebook.com/109813019043531) it works as expected.

My question is, what is the difference between the two and how can I programmatically generate one that works like the second token?

1条回答
一夜七次
2楼-- · 2019-03-15 15:44

The first one you show is an APP access token. The second one from Graph API Explorer is a USER access token. There is a third type called PAGE access token. Each do something different.

APP access tokens are used to get information that your app is privileged to access. And in some cases where publish_stream is granted from an app user, you can use it to post to that user's wall, without needing a USER access token.

USER access tokens are given to your app and they relate to the permissions a specific app user has granted to your application so you app can act on their behalf.

PAGE access tokens are given to page admins so they can act on behalf of the page. To go from a user access token to a page access token, call /me/accounts using the user access token to get a list of pages they admin along with each pages access tokens.

If you have an access token and you want to know more information about it, lint it at https://developers.facebook.com/tools/lint

For more information on access tokens see: https://developers.facebook.com/docs/authentication

查看更多
登录 后发表回答