我需要在不使用浏览器的情况下提供Facebook网络访问权限。 我正在使用Play Framework来满足我的需求,并通过Web服务向FB API发送请求。 我已经使用带有禁用javascript的firebug检查了HTTP的请求参数,并处理了所有重定向以保存cookie。但是当我发送带有所有隐藏参数和cookie的填充表单时,它会将重定向发送到登录页面,而无需令牌。
使用app_id获取请求并注册Web应用程序的秘密:
https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxx&secret=yyyyyyyyyyyyyyyy&redirect_uri=https://myhost.com&response_type=token
它通过参数重定向到https://www.facebook.com/login.php页面进行响应:
skip_api_login=1
api_key=xxxx
signed_next=1
next=https%3A%2F%2Fwww.facebook.com%2Fv2.1%2Fdialog%2Foauth...
display=page
带有相同数据和附加参数的重载参数:_fb_noscript=1
此外,我正在从登录表单中检索数据并使用POST请求发送它。 但它再次将我重定向到登录页面。
我正在使用与Firefox相同的标题来填充我的请求,其中包含来自服务器响应的更新的可变参数:
POST /login.php?login_attempt=1&next=https%3A%2F%2Fwww.facebook.com%2Fv2.1%2Fdialog%2Foauth%3Fredirect_uri%3Dhttps%253A%252F%252Flocalhost%253A9443%26response_type%3Dtoken%26client_id%3Dxxxxxxxxxxxx%26ret%3Dlogin HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://www.facebook.com/login.php?skip_api_login=1&api_key=xxxxxxxxxxxx&signed_next=1&next=https%3A%2F%2Fwww.facebook.com%2Fv2.1%2Fdialog%2Foauth%3Fredirect_uri%3Dhttps%253A%252F%252Flocalhost%253A9443%26response_type%3Dtoken%26client_id%3Dxxxxxxxxxxxx%26ret%3Dlogin&cancel_uri=https%3A%2F%2Flocalhost%3A9443%2F%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied%23_%3D_&display=page&_fb_noscript=1
Cookie: datr=MnsEVMW8ZS7nkPtR2E4HrKko; reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fskip_api_login%3D1%26api_key%3Dxxxxxxxxxxxx%26signed_next%3D1%26next%3Dhttps%253A%252F%252Fwww.facebook.com%252Fv2.1%252Fdialog%252Foauth%253Fredirect_uri%253Dhttps%25253A%25252F%25252Flocalhost%25253A9443%2526response_type%253Dtoken%2526client_id%253Dxxxxxxxxxxxx%2526ret%253Dlogin%26cancel_uri%3Dhttps%253A%252F%252Flocalhost%253A9443%252F%253Ferror%253Daccess_denied%2526error_code%253D200%2526error_description%253DPermissions%252Berror%2526error_reason%253Duser_denied%2523_%253D_%26display%3Dpage; reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Flogin.php%3Fskip_api_login%3D1%26api_key%3Dxxxxxxxxxxxx%26signed_next%3D1%26next%3Dhttps%253A%252F%252Fwww.facebook.com%252Fv2.1%252Fdialog%252Foauth%253Fredirect_uri%253Dhttps%25253A%25252F%25252Flocalhost%25253A9443%2526response_type%253Dtoken%2526client_id%253Dxxxxxxxxxxxx%2526ret%253Dlogin%26cancel_uri%3Dhttps%253A%252F%252Flocalhost%253A9443%252F%253Ferror%253Daccess_denied%2526error_code%253D200%2526error_description%253DPermissions%252Berror%2526error_reason%253Duser_denied%2523_%253D_%26display%3Dpage; noscript=1
Connection: keep-alive
有没有办法在没有浏览器的情况下通过POST / GET请求直接获取Facebook访问令牌?