I want khổng lồ provide a service using the facebook api to third parties. Is it possible for us to share access tokens? If the third các buổi tiệc nhỏ gives my service a user"s access token, can I access that users data even if my app_id & secret vị not match the tiện ích that requested it?

Should I have the users go through a separate oauth flow on my site even if they have already completed it for the other third party?

Thanks.

Bạn đang xem: Sharing facebook access tokens across apps

-ken


*

*

Regarding:

Is it possible for us khổng lồ cốt truyện access tokens?

&,

can I access that users data even if my app_id & secret vì not match the ứng dụng that requested it?

The answer is No. From the specs OAuth2 section 10.3:

Access token credentials (as well as any confidential access token attributes) MUST be kept confidential in transit and storage, and only shared among mỏi the authorization hệ thống, the resource servers the access token is valid for, and the client khổng lồ whom the access token is issued.

Should I have the users go through a separate oauth flow on my site even if they have already completed it for the other third party?

The answer is Yes. If you"re using facebook as authorization hệ thống, & you restart the oauth flow again, your user will only need to lớn approve sầu your other phầm mềm (third party).


Share
Improve this answer
Follow
answered Atruyền thông quảng cáo 16 "12 at 16:01
*

Antonio SacoAntonio Saco
1,5401212 silver badges1919 bronze badges
2
Add a comment |
10
Even that user access token is issued only for one phầm mềm it can be easily used from any other application.

Example:

Copy access token and open other machine|browser và go to https://graph.facebook.com/me?access_token= - you still able to lớn retrieve information about your Facebook user!

Here https://developers.facebook.com/docs/concepts/login/access-tokens-and-types/ it mentioned that

Our Data Policies explicitly prohibit any sharing of an Access Token for your tiện ích with any other app. However, we vày allow developers to lớn nói qua Tokens between a native implementation and a hệ thống implementation of the same App (ie. using the same App ID) as long as the transfer takes place using HTTPS.

Xem thêm: Hướng Dẫn Cách Sửa Tên Trên Facebook 2021, Cách Thay Đổi Tên Trang Fanpage Facebook


Share
Improve sầu this answer
Follow
answered Apr 16 "13 at 11:07
*

Eugen FidelinEugen Fidelin
1,3111818 silver badges20trăng tròn bronze badges
2
Add a comment |
3
Each access token is issued only for one tiện ích - it cannot be used with different application IDs.


Share
Improve sầu this answer
Follow
answered Aquảng bá 14 "12 at 19:30
*

ClaudiuClaudiu
3,25211 gold badge1313 silver badges2727 bronze badges
Add a comment |

Your Answer


Thanks for contributing an answer to lớn Staông xã Overflow!

Please be sure lớn answer the question. Provide details và tóm tắt your research!

But avoid

Asking for help, clarification, or responding khổng lồ other answers.Making statements based on opinion; bachồng them up with references or personal experience.

To learn more, see our tips on writing great answers.

Xem thêm: Tổng Hợp Tool Đăng Bài Facebook 2021 Ai Cũng Cần, Tool Tự Động Đăng Bài Vào Các Nhóm Trên Facebook


Draft saved
Draft discarded

Sign up or log in


Sign up using Google
Sign up using Facebook
Sign up using E-Mail & Password
Submit

Post as a guest


Name
Thư điện tử Required, but never shown


Post as a guest


Name
Thư điện tử

Required, but never shown


Post Your Answer Disthẻ

By clicking “Post Your Answer”, you agree khổng lồ our terms of service, privacy policy & cookie policy


Not the answer you're looking for? Browse other questions tagged oauth-2.0 facebook-oauth facebook-access-token or ask your own question.


The Overflow Blog
Featured on Meta
Related
60
Get application id from user access token (or verify the source application for a token)
1
Are there different types of phầm mềm access tokens?
9
facebook user access token across different platforms
4
Unable lớn extend some users' access tokens for our application
1
Using oauth2 service (lượt thích facebook) lớn authorize my ứng dụng access khổng lồ third buổi tiệc ngọt app
16
Unable to lớn get a long term access token using facebook graph api
3
Handling an expired long lived access token, server side - facebook
1
How is native sầu client only Facebook Login secure if you never send your client secret to get an access token?
Hot Network Questions more hot questions

Question feed
Subscribe to lớn RSS
Question feed To subscribe to this RSS feed, copy and paste this URL inkhổng lồ your RSS reader.


Staông xã Overflow
Products
Company
Stack Exchange Network
site design / logo sản phẩm © 2021 Stack Exchange Inc; user contributions licensed under cc by-sa. rev2021.6.25.39582


Staông chồng Overflow works best with JavaScript enabled
*

Your privacy

By clicking “Accept all cookies”, you agree Stachồng Exchange can store cookies on your device & discthua trận information in accordance with our Cookie Policy.


Chuyên mục: Tại sao cần làm digital marketing