问题
I am writing Facebook login for my site.I am using Javascript Sdk,but I don't understand one thing.
function fbLogin() {
FB.login(function(response) {
if (response.authResponse) {
var token=response.authResponse.accessToken;
FB.api('/me', function(response) {
$.get('main/check_facebook_status/'+token,function(data) {
if (data == "true") {
$('#r_name').val(response.name);
$('#r_username').val(response.username);
$('#r_email').val(response.email);
$('#fbid').val(response.id);
$('#fbtoken').val(token);
}
})
});
} else {
console.log('User cancelled login or did not fully authorize.');
}
}, {scope: 'email, publish_stream'});
}
Can I trust he access token(response.authResponse.accessToken) for identify the user ? Can facebook change the access token ? If changes the access token how can I identify the user ?
Ps:Sorry for bad english
回答1:
Can I trust he access token(response.authResponse.accessToken) for identify the user?
Of-course yes!
Can Facebook change the access token ?
Nope. But it expires after 2 hours, so you have to get the token again. If you want to use this token in future; you can extend the life of the token to 60 days.
You can read more about access tokens here.
[Edit]
The token also becomes invalidated in the following cases-
- User changes the password
- User de-authorizes the app
- User removes the app
来源:https://stackoverflow.com/questions/19884126/facebook-access-token-javascript-sdk