PHP 在服务器上验证 Facebook API 登录 access_token 的 cURL?
PHP cURL to verify Facebook API login access_token on server?
任何人都可以分享一个工作示例,说明如何使用 cURL 在我的 PHP 服务器上验证我从浏览器获得的 Facebook access_token,以便我可以验证浏览器的登录详细信息是值得信赖然后在我的服务器上为我的用户安全地创建一个会话?
复习,我想做的步骤是:
- User clicks "Continue with Facebook" on the browser and gets an access_token.
- I send this to my PHP server.
- The server sends a cURL request to Facebook to validate the user access_token.
- If access_token is valid, then create session for the user on my server.
我有自己的应用程序,包括电子邮件、Google 和 Facebook 登录。感谢您的帮助,谢谢。
After quite some time, I got a working PHP script.
Just replace the missing variable values and it should work. Also make
sure you have cURL working on your PHP server with phpinfo() or some other means;
<?php
///////////////////////////////////////
// prep Facebook verification
///////////////////////////////////////
// sanitize login data
$_POST['facebook_access_token'] = filter_var($_POST['facebook_access_token'], FILTER_SANITIZE_STRING);
// set variables
$facebook_user_access_token = $_POST['facebook_access_token'];
$my_facebook_app_id = 'REPLACE';
$my_facebook_app_secret = 'REPLACE';
$facebook_application = 'REPLACE'; // in my case 'domain.com', as set up in Facebook
///////////////////////////////////////
// get facebook access token
///////////////////////////////////////
$curl_facebook1 = curl_init(); // start curl
$url = "https://graph.facebook.com/oauth/access_token?client_id=".$my_facebook_app_id."&client_secret=".$my_facebook_app_secret."&grant_type=client_credentials"; // set url and parameters
curl_setopt($curl_facebook1, CURLOPT_URL, $url); // set the url variable to curl
curl_setopt($curl_facebook1, CURLOPT_RETURNTRANSFER, true); // return output as string
$output = curl_exec($curl_facebook1); // execute curl call
curl_close($curl_facebook1); // close curl
$decode_output = json_decode($output, true); // decode the response (without true this will crash)
// store access_token
$facebook_access_token = $decode_output['access_token'];
///////////////////////////////////////
// verify my access was legitimate
///////////////////////////////////////
$curl_facebook2 = curl_init(); // start curl
$url = "https://graph.facebook.com/debug_token?input_token=".$facebook_user_access_token."&access_token=".$facebook_access_token; // set url and parameters
curl_setopt($curl_facebook2, CURLOPT_URL, $url); // set the url variable to curl
curl_setopt($curl_facebook2, CURLOPT_RETURNTRANSFER, true); // return output as string
$output2 = curl_exec($curl_facebook2); // execute curl call
curl_close($curl_facebook2); // close curl
$decode_output2 = json_decode($output2, true); // decode the response (without true this will crash)
// test browser and Facebook variables match for security
if ($my_facebook_app_id == $decode_output2['data']['app_id'] && $decode_output2['data']['application'] == $facebook_application && $decode_output2['data']['is_valid'] == true) {
echo 'Success. Login is valid.';
}
else {
echo 'Error.';
}
?>
特别感谢
任何人都可以分享一个工作示例,说明如何使用 cURL 在我的 PHP 服务器上验证我从浏览器获得的 Facebook access_token,以便我可以验证浏览器的登录详细信息是值得信赖然后在我的服务器上为我的用户安全地创建一个会话?
复习,我想做的步骤是:
- User clicks "Continue with Facebook" on the browser and gets an access_token.
- I send this to my PHP server.
- The server sends a cURL request to Facebook to validate the user access_token.
- If access_token is valid, then create session for the user on my server.
我有自己的应用程序,包括电子邮件、Google 和 Facebook 登录。感谢您的帮助,谢谢。
After quite some time, I got a working PHP script.
Just replace the missing variable values and it should work. Also make sure you have cURL working on your PHP server with phpinfo() or some other means;
<?php
///////////////////////////////////////
// prep Facebook verification
///////////////////////////////////////
// sanitize login data
$_POST['facebook_access_token'] = filter_var($_POST['facebook_access_token'], FILTER_SANITIZE_STRING);
// set variables
$facebook_user_access_token = $_POST['facebook_access_token'];
$my_facebook_app_id = 'REPLACE';
$my_facebook_app_secret = 'REPLACE';
$facebook_application = 'REPLACE'; // in my case 'domain.com', as set up in Facebook
///////////////////////////////////////
// get facebook access token
///////////////////////////////////////
$curl_facebook1 = curl_init(); // start curl
$url = "https://graph.facebook.com/oauth/access_token?client_id=".$my_facebook_app_id."&client_secret=".$my_facebook_app_secret."&grant_type=client_credentials"; // set url and parameters
curl_setopt($curl_facebook1, CURLOPT_URL, $url); // set the url variable to curl
curl_setopt($curl_facebook1, CURLOPT_RETURNTRANSFER, true); // return output as string
$output = curl_exec($curl_facebook1); // execute curl call
curl_close($curl_facebook1); // close curl
$decode_output = json_decode($output, true); // decode the response (without true this will crash)
// store access_token
$facebook_access_token = $decode_output['access_token'];
///////////////////////////////////////
// verify my access was legitimate
///////////////////////////////////////
$curl_facebook2 = curl_init(); // start curl
$url = "https://graph.facebook.com/debug_token?input_token=".$facebook_user_access_token."&access_token=".$facebook_access_token; // set url and parameters
curl_setopt($curl_facebook2, CURLOPT_URL, $url); // set the url variable to curl
curl_setopt($curl_facebook2, CURLOPT_RETURNTRANSFER, true); // return output as string
$output2 = curl_exec($curl_facebook2); // execute curl call
curl_close($curl_facebook2); // close curl
$decode_output2 = json_decode($output2, true); // decode the response (without true this will crash)
// test browser and Facebook variables match for security
if ($my_facebook_app_id == $decode_output2['data']['app_id'] && $decode_output2['data']['application'] == $facebook_application && $decode_output2['data']['is_valid'] == true) {
echo 'Success. Login is valid.';
}
else {
echo 'Error.';
}
?>
特别感谢