I'm working on an API that will aggregate data from several website, including facebook. The API has an engine that harvests data on regular intervals, and then the client app polls the API to get the data from all websites centrally.
The problem is that the API has no way of authenticating on the regular, behind-the-scenes harvests, as Facebook insists that the user has to click on the OAuth Dialog. With the short story being that there is no way to login to graph API silently this almost means that developing such an API is not possible (except for harvesting only public data).
However, I'm not easily satisfied by "it's not possible" answers and my clients - even less so. Accessing private information on demmand is defnitely possible as Facebook apps do that. For example, the official Twitter app posts on my wall whenever I tweet. I guess apps only need a permission once and then can access the user's profile as much as they like. So this leads me to think that I should do a combination of a Graph API client and an application that talk to each other, and whenever the API needs to harvest - it asks the app to get the data and fetch it to the API. Or maybe it should be a push model (the app sends the data whenever it's generated) rather than pull (the API requests the data开发者_Go百科 at regular intervals). Am I on the right track? Is any of these the correct design approach?
I did some searching but it's very hard to find any useful discussion on the topic as whatever keywords I try I only find "Can I login silently? No" type of discussions.
You'll want to look into the offline_access
permission. This lets you access a user's data when they don't have an active session, or are offline. That's as close to "silent login" as you can get.
精彩评论