I want to identify the an android native app user on my web service. I don't want to include a secret in my java, as that would be trivial to find. Using the javascript sdk on the website, the token is signed and I can verify it with the shared secret on the server, but the android sdk just gets a token.
I had hoped that I could pass the token and the signature to my web service and then I could verify that the actions the user were taking were authorized. Is there a way to get a signature of an access token (and the shared se开发者_如何学运维cret) already granted from facebook?
I ended up just passing the auth token to my web service, having the server verify it's valid (by getting graph.facebook.com/me) and then creating my own signed token that I sent back. I authorize based on that token from then on... Kinda lame.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论