为什么Facebook OAuth Dialog使用我的应用程序的过期权限列表?
我已经从Facebook删除了20多个权限,但对于我的生活,我无法获得Facebook OAuth Dialog请求以反映新的缩减权限列表。无论我传递什么,它都会继续要求更多权限,而不管我传递的是什么。
我已经尝试过以前在Facebook上与我们的应用程序相关联的帐户,并尝试使用全新的测试帐户(通过Facebook开发人员网站创建,无需预先授权)。我尝试在我的设备上卸载Facebook应用程序和我们的应用程序,我尝试了几种不同的设备。
我正在尝试使用Facebook Android SDK(3.0之前版本)授权用户,但我也尝试绕过它并使用我们的服务器端身份验证流程,并在任何一种情况下显示旧列表。< / p>
我搜索了整个代码库,客户端和服务器,因为某些地方的权限可能隐藏,但它们无处可去。我已经在Facebook SDK中启用了调试和打印语句,并且可以确认它实际上正在接收我更新的.authorize()方法权限列表,并且它正在尝试在FbDialog中加载移动URL(当我使用正确的权限列表卸载Facebook应用程序。但是,它显示的权限包括我之后删除的所有权限。
我甚至尝试将这些权限添加到Facebook开发者网站中我们以前空白的权限列表中,但是我认为这与OAuth Dialog无关。
这也应该与Facebook SDK 3.0+首先只执行读取权限的方法无关,也与Facecbook OAuth Dialog将权限分解为多个页面的事实无关。我的问题是请求更多权限,而不是更少。
具体来说,它要求的内容如下:
笔记,事件,家乡,宗教和政治观点,关系,关系兴趣,聊天状态,朋友关系,关系兴趣,笔记,聊天状态,事件,家乡,宗教和政治观点
然而我已删除所有这些权限。我甚至尝试过只请求user_photos权限,但它继续在OAuth对话框中显示一个长列表。
以前有人有这个问题吗?卸载Facebook和您的应用程序时是否有一些设备缓存未被删除?
我知道Facebook App Developer网站曾经有过更多设置,用于列出经过身份验证的推介的权限等等,这些设置是否有可能留在幕后,即使它们不再可访问?
以下是Android Facebook SDK(3.0之前版本)中FbDialog类的完整日志,我只请求'user_photos',但显示的是以下对话框:
D/Facebook-WebView( 5622): Webview loading URL: https://m.facebook.com/dialog/oauth?display=touch&client_id=xxxx&scope=user_photos&type=user_agent&redirect_uri=fbconnect%3A%2F%2Fsuccess
D/Facebook-WebView( 5622): Redirect URL: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview loading URL: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview onPageFinished: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview loading URL: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview onPageFinished: http://m.facebook.com/login.php?skip_api_login=1&api_key=xxxx&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&cancel_uri=fbconnect%3A%2F%2Fsuccess%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied&display=touch&_rdr
D/Facebook-WebView( 5622): Webview loading URL: https://m.facebook.com/login.php?skip_api_login=1&signed_next=1&next=https%3A%2F%2Fm.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dfbconnect%253A%252F%252Fsuccess%26display%3Dtouch%26scope%3Duser_photos%26type%3Duser_agent%26client_id%3Dxxxx%26ret%3Dlogin&refsrc=http%3A%2F%2Fm.facebook.com%2Flogin.php&app_id=42701128600&refid=9
D/Facebook-WebView( 5622): Redirect URL: https://m.facebook.com/dialog/oauth?redirect_uri=fbconnect%3A%2F%2Fsuccess&display=touch&scope=user_photos&type=user_agent&client_id=xxxx&ret=login&ext=1372379560&hash=AeZmYhdN1rISiaNZ&refid=9&_rdr
D/Facebook-WebView( 5622): Webview loading URL: https://m.facebook.com/dialog/oauth?redirect_uri=fbconnect%3A%2F%2Fsuccess&display=touch&scope=user_photos&type=user_agent&client_id=xxxx&ret=login&ext=1372379560&hash=AeZmYhdN1rISiaNZ&refid=9&_rdr
D/Facebook-WebView( 5622): Webview onPageFinished: https://m.facebook.com/dialog/oauth?redirect_uri=fbconnect%3A%2F%2Fsuccess&display=touch&scope=user_photos&type=user_agent&client_id=xxxx&ret=login&ext=1372379560&hash=AeZmYhdN1rISiaNZ&refid=9&_rdr
更新(已添加代码):
下面我列出了我们的完整权限集,但在上面的日志示例中,我评论了除“user_photos”之外的全部内容。 请求Facebook授权的部分基本上是:
public final class MyFacebook {
private static MyFacebook mInstance = null;
private static Facebook mFBInstance = null;
private String[] mPermissions = null;
private Handler mHandler = null;
public static MyFacebook getInstance() {
if(mInstance == null) {
mInstance = new MyFacebook();
}
return mInstance;
}
public Facebook getFBInstance() {
if(mFBInstance == null) {
mFBInstance = new Facebook("<my facebook app id>");
SessionStore.restore(mFBInstance, MyApplication.getContext());
SessionEvents.addAuthListener(new FacebookAuthListener());
SessionEvents.addLogoutListener(new FacebookLogoutListener());
}
return mFBInstance;
}
private MyFacebook () {
mHandler = new Handler();
}
public String[] getPermissionsList() {
if(mPermissions == null) {
int i = 0;
mPermissions = new String[42];
mPermissions[i++] = "user_about_me";
mPermissions[i++] = "user_activities";
mPermissions[i++] = "user_birthday";
mPermissions[i++] = "user_education_history";
mPermissions[i++] = "user_groups";
mPermissions[i++] = "user_interests";
mPermissions[i++] = "user_likes";
mPermissions[i++] = "user_location";
mPermissions[i++] = "user_photos";
mPermissions[i++] = "user_status";
mPermissions[i++] = "user_videos";
mPermissions[i++] = "user_website";
mPermissions[i++] = "user_work_history";
mPermissions[i++] = "email";
mPermissions[i++] = "read_friendlists";
mPermissions[i++] = "read_mailbox";
mPermissions[i++] = "read_requests";
mPermissions[i++] = "read_stream";
mPermissions[i++] = "user_checkins";
mPermissions[i++] = "friends_about_me";
mPermissions[i++] = "friends_activities";
mPermissions[i++] = "friends_birthday";
mPermissions[i++] = "friends_education_history";
mPermissions[i++] = "friends_groups";
mPermissions[i++] = "friends_interests";
mPermissions[i++] = "friends_likes";
mPermissions[i++] = "friends_location";
mPermissions[i++] = "friends_photos";
mPermissions[i++] = "friends_status";
mPermissions[i++] = "friends_videos";
mPermissions[i++] = "friends_website";
mPermissions[i++] = "friends_work_history";
mPermissions[i++] = "friends_checkins";
mPermissions[i++] = "publish_stream";
mPermissions[i++] = "manage_notifications";
mPermissions[i++] = "publish_actions";
mPermissions[i++] = "user_actions.music";
mPermissions[i++] = "user_actions.news";
mPermissions[i++] = "user_actions.video";
mPermissions[i++] = "friends_actions.music";
mPermissions[i++] = "friends_actions.news";
mPermissions[i++] = "friends_actions.video";
}
return mPermissions;
}
public void logout() {
SessionEvents.onLogoutBegin();
AsyncFacebookRunner asyncRunner = new AsyncFacebookRunner(getInstance().getFBInstance());
asyncRunner.logout(MyApplication.getContext(), new LogoutRequestListener());
}
public static class FacebookAuthListener implements AuthListener {
public void onAuthSucceed() {
Log.d("FB", "onAuthSucceed: ");
SessionStore.save(getInstance().getFBInstance(), MyApplication.getContext());
Log.d("FB", "Finished Saving in onAuthSucceed");
}
public void onAuthFail(String error) {
Log.e("FB", error);
}
}
public static class FacebookLogoutListener implements LogoutListener {
public void onLogoutBegin() {
}
public void onLogoutFinish() {
// remove our stored session
SessionStore.clear(MyApplication.getContext());
}
}
private class LogoutRequestListener extends BaseRequestListener {
public void onComplete(String response, final Object state) {
// callback should be run in the original thread,
// not the background thread
mHandler.post(new Runnable() {
public void run() {
SessionEvents.onLogoutFinish();
}
});
}
}
}
用法:
@JavascriptInterface
public void clientAddAccount(final int network) {
AccountManageActivity.this.runOnUiThread(new Runnable(){
@Override
public void run() {
MyFacebook.getInstance().getFBInstance().authorize(ThisActivity.this, MyFacebook.getInstance().getPermissionsList(),
new FBLoginDialogListener());
}
});
}
...
private final class FBLoginDialogListener implements DialogListener {
public void onComplete(Bundle values) {
Log.d("LB", "Login Success. onComplete");
SessionEvents.onLoginSuccess();
if(MyFacebook.getInstance().getFBInstance().isSessionValid()) {
// do app stuff
}
}
public void onFacebookError(FacebookError error) {
Log.d("LB", "onFacebookError: " + error.getMessage());
SessionEvents.onLoginError(error.getMessage());
// do app stuff
}
public void onError(DialogError error) {
Log.d("LB", "onError: " + error.getMessage());
SessionEvents.onLoginError(error.getMessage());
// do app stuff
}
public void onCancel() {
Log.d("LB", "onCancel");
SessionEvents.onLoginError("Action Canceled");
// do app stuff
}
}
2 个答案:
答案 0 :(得分:1)
原来这是因为Facebook方面的遗留设置与旧的白名单应用方法有关。
该修复程序需要联系Facebook,让他们删除我们的开发者帐户上的那些非标准设置。这种情况很少见,只是因为我们最初是通过联系他们来请求它而列入白名单。
答案 1 :(得分:0)
在您的应用信息中心(https://developers.facebook.com/apps)中,转到设置&gt;权限,删除您不需要的所有权限,然后单击“保存更改”。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?