最近工作需要,调研了国外几个大网站(facebook、twitter和youtube等)的应用开发相关事项,阅读官方API文档, 并整理资料与大家分享。本文是关于facebook认证和授权方面的资料整理,参考文档http://developers.facebook.com/docs/authentication/, 翻译和整理, 未经编码测试,估计很多错误烦请批评指正。
Facebook 平台使用OAuth2 协议作为认证和授权协议,它有两种认证流程,服务器端流程(Server-Sizde Flow)和客户端流程(Client-Side Flow), 这些认证流程可被用于开发网站应用,移动应用或者桌面应用。
此文档使用用户登录的例子,概述了facebook支持的两种认证和授权流程,在这个例子,服务器端使用PHP,客户端使用HTML/JavaScript, 但是它们能够很方便地转换为其它的编程语言。 两种认证和授权流程,服务器端(server-side)和客户端(client-side), 服务器端流程是由Web服务器调用Graph API完成认证和授权, 客户端流程是由客户端调用Graph API完成认证和授权, 例如使用运行在浏览器上的javascript或者本地移动应用或桌面应用。
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL


https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream

http://YOUR_URL?error_reason=user_denied&
error=access_denied&error_description=The+user+denied+your+request.
http://YOUR_URL?code=A_CODE_GENERATED_BY_SERVER
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE


<?php
$app_id = "YOUR_APP_ID";
$app_secret = "YOUR_APP_SECRET";
$my_url = "YOUR_URL";
session_start();
$code = $_REQUEST["code"];
if(empty($code)) {
$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
if($_REQUEST['state'] == $_SESSION['state']) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = @file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
else {
echo("The state does not match. You may be a victim of CSRF.");
}
?>
https://www.facebook.com/dialog/oauth? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&response_type=token
http://YOUR_URL#access_token=166942940015970%7C2.sa0&expires_in=64090

<html>
<head>
<title>Client Flow Example</title>
</head>
<body>
<script>
function displayUser(user) {
var userName = document.getElementById('userName');
var greetingText = document.createTextNode('Greetings, '
+ user.name + '.');
userName.appendChild(greetingText);
}
var appID = "YOUR_APP_ID";
if (window.location.hash.length == 0) {
var path = 'https://www.facebook.com/dialog/oauth?';
var queryParams = ['client_id=' + appID,
'redirect_uri=' + window.location,
'response_type=token'];
var query = queryParams.join('&');
var url = path + query;
window.open(url);
} else {
var accessToken = window.location.hash.substring(1);
var path = "https://graph.facebook.com/me?";
var queryParams = [accessToken, 'callback=displayUser'];
var query = queryParams.join('&');
var url = path + query;
// use jsonp to call the graph
var script = document.createElement('script');
script.src = url;
document.body.appendChild(script);
}
</script>
<p id="userName"></p>
</body>
</html>