0
我在使用我的redirect uri进行身份验证时遇到问题。Facebook正在重定向到我的网站以外的网站
如果我将其设置为我的网站,用户将进行身份验证,因为$_Request['code']
设置,但随后用户将在我的网站,我不希望出现这种情况
如果我重定向到apps.facebook .com/myapp,那么没有设置$_Request['code']
,用户将不会进行身份验证,只是看到一个空白页面。
有什么办法可以在PHP中做到这一点,我有代码在页面呈现之前运行。
你们如何解决这个问题?
我的登录功能:
public static function login($redirect) {
$app_id = AppInfo::appID();
$app_secret = AppInfo::appSecret();
$home = urlencode(AppInfo::getHome());
// See https://developers.facebook.com/docs/reference/api/permissions/
// for a full list of permissions
$scope = 'user_photos,publish_stream';
session_start();
$code = $_REQUEST["code"];
// If we don't have a code returned from Facebook, the first step is to get
if (empty($code)) {
// CSRF protection - for more information, look at 'Security Considerations'
// at 'https://developers.facebook.com/docs/authentication/'
$state = md5(uniqid(rand(), TRUE));
setcookie(
AppInfo::appID() . '-fb-app',
$state,
$expires = 0,
$path = "",
$domain = "",
$secure = "",
$httponly = true);
// Now form the login URL that you will use to authorize your app
$authorize_url = "https://www.facebook.com/dialog/oauth?client_id=$app_id" .
"&redirect_uri=$home&state=" . $state . "&scope=$scope";
// Now we redirect the user to the login page
echo("<script> window.location.href='" . $authorize_url . "'</script>");
return false;
// Once we have that code, we can now request an access-token. We check to
// ensure that the state has remained the same.
} else if ($_REQUEST['state'] === $_COOKIE[AppInfo::appID() . '-fb-app']) {
$ch = curl_init("https://graph.facebook.com/oauth/access_token");
curl_setopt($ch, CURLOPT_POSTFIELDS,
"client_id=$app_id&redirect_uri=$home&client_secret=$app_secret" .
"&code=$code&scope=$scope");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
// Once we get a response, we then parse it to extract the access token
parse_str($response, $params);
$token = $params['access_token'];
return $token;
// In the event that the two states do not match, we return false to signify
// that something has gone wrong during authentication
} else {
echo("States do not match. CSRF?");
return false;
}
}
@mogulzalp有没有办法在PHP中做到这一点,我有运行代码的页面呈现之前,这将意味着更少的加载时间给用户 – Jakob
@moguzalp - 好吧。谢谢你的回答,虽然这是我迄今为止最好的:) – Jakob
@Jakob我可以看到你的完整代码吗? 为什么yu正在使用该代码? – Felix