How can I reauthenticate with Facebook after the OAuth 2.0 changes to the sdk?_问答_开发者

How can I reauthenticate with Facebook after the OAuth 2.0 changes to the sdk?

开发者 https://www.devze.com 2023-04-08 05:14 出处：网络

In our app we had some actions that we required the user to reauthenticate before proceeding. We used code like below to make this happen.

FB.login(
  function(response) { /* code here */ }, 
  {auth_type: 'reauthenticate', auth_nonce: '...'}
);

It looks like the auth_type option is no longer supported, because I am gettin开发者_如何学Gog the following log message: 'FB.login() called when user is already connected.' and the user is not being asked to reauthenticate.

Does anyone have any ideas how to reauthenticate after the changes for OAuth 2.0?

It appears that, for the time being (and I qualify that because Facebook seems to change their API response on a whim), you can get auth_type: reauthenticate to work properly IF you also specify permissions (the scope parameter in OAuth 2.0). Check out this example:

http://www.fbrell.com/saved/a78ba61535bbec6bc7a3136a7ae7dea1

In the example, click Run Code, and then try the "FB.login()" and "FB.login() with Permissions" buttons. Both are coded to use auth_type: reauthenticate, but only the latter actually gives you the FB prompt once you are logged in.

Here are the relevant examples:

// DOES NOT PROMPT
document.getElementById('fb-login').onclick = function() {
  FB.login(
    function(response) {
      Log.info('FB.login callback', response);
    },
    { auth_type: 'reauthenticate' }
  );
};

// PROMPTS AS EXPECTED
document.getElementById('fb-permissions').onclick = function() {
  FB.login(
    function(response) {
      Log.info('FB.login with permissions callback', response);
    },
    { scope: 'offline_access', auth_type: 'reauthenticate' }
  );
};

So, the answer is, Yes, auth_type: reauthenticate DOES work, but ONLY if you also specify a valid scope parameter. (And yes, I tried it with an empty scope, and it acted the same as not using scope at all.)

You can use an iframe to make sure the cookie is always valid.

facebook auto re-login from cookie php

Using FacebookRedirectLoginHelper::getReAuthenticationUrl everything works fine. Internally the method put 'auth_type' => 'reauthenticate' and pass also all the permissions required.

Now the issue is that only prompt to the user to re-enter the password without the possibility to "switch" between users or without the possibility to insert also the username.

Does someone found a solution for this issue? I manage an application with multi accounts and when the user need to generate again the token this is an issue :( Thanks, Alex.