Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Decoupled access token handling #129

Merged

Conversation

@SammyK
Copy link
Contributor

@SammyK SammyK commented Jun 24, 2014

This continues #95 but will be improved with #36 and #103.

Access tokens have been decoupled from FacebookSession! Yay. Now we can handle access tokens directly.

use Facebook\Entities\AccessToken;

$accessToken = new AccessToken('my_short_lived_token');

// AccessToken object can be echo'ed as a string
echo $accessToken; // my_short_lived_token

// And exchanged for a long lived token
$longLivedToken = $accessToken->extend();

// . . .

// Obtain a code for this long lived token
$code = AccessToken::getCodeFromAccessToken($longLivedToken);
// Obtain a short-lived token for use on clients
$shortLivedAccessTokenForClients = AccessToken::getAccessTokenFromCode($code);

And you can grab it from FacebookSession and play with it.

use Facebook\FacebookRedirectLoginHelper;

$helper = new FacebookRedirectLoginHelper($redirect_url);
$session = $helper->getSessionFromRedirect();

$accessToken = $session->getAccessToken();

if ($accessToken->isLongLived()) {
  // This is a long lived access token.
  // That means you can get a code with it.
  // Or store it in the database and use later.
}

if ($accessToken->expiresAt()) {
  echo 'Your token expires at ' . $accessToken->expiresAt()->format('Y-m-d H:i:s');
} else {
  echo 'Your token never expires!';
}

FacebookSession::getToken() works the same as it always has (returns a string of the access token).

Now, there is still a lot of work to do on this. There are still some pretty deep method calling as well a too much direct access to Graph in the tests, but it's def a good step in the right direction! :)

*
* @return \DateTime|null
*/
public function expiresAt()

This comment has been minimized.

@yguedidi

yguedidi Jun 25, 2014
Contributor

Should be getExpiresAt(), like in GraphSessionInfo

*
* @return string|null
*/
public function machineId()

This comment has been minimized.

@yguedidi

yguedidi Jun 25, 2014
Contributor

getMachineId() ? :)

*/
public function isLongLived()
{
return $this->expiresAt->getTimestamp() > time() + (60 * 2);

This comment has been minimized.

@yguedidi

yguedidi Jun 25, 2014
Contributor

I think you mean time() + (60 * 60 * 2)

*/
public static function getCodeFromAccessToken($accessToken, $appId = null, $appSecret = null)
{
$accessToken = $accessToken instanceof AccessToken ? (string) $accessToken : $accessToken;

This comment has been minimized.

@yguedidi

yguedidi Jun 25, 2014
Contributor

Ternery statement not needed, just (string) $accessToken

$response = static::request('/oauth/access_token', $params, $appId, $appSecret);
$data = $response->getResponse();

// @TODO fix this malarkey - getResponse() should always return an object

This comment has been minimized.

@yguedidi

yguedidi Jun 25, 2014
Contributor

This should be fixed before merging...

This comment has been minimized.

@SammyK

SammyK Jun 25, 2014
Author Contributor

This is actually a reference to #36, so it'll be fixed with the next big PR. :)

if (is_array($data)) {
if (isset($data['access_token'])) {
$expiresAt = isset($data['expires']) ? time() + $data['expires'] : 0;
$machineId = isset($data['machine_id']) ? $data['machine_id'] : null;

This comment has been minimized.

@yguedidi

yguedidi Jun 25, 2014
Contributor

No machine_id when $data is an array (from doc, "Exchanging code for an access token")


// Update the data on this token
if ($response->getExpiresAt())
{

This comment has been minimized.

@yguedidi

yguedidi Jun 25, 2014
Contributor

Coding style ;)

@@ -272,7 +238,10 @@ public static function newSessionFromSignedRequest(SignedRequest $signedRequest)
&& !$signedRequest->get('oauth_token')) {
return self::newSessionAfterValidation($signedRequest);
}
return new static($signedRequest->get('oauth_token'), $signedRequest);
$accessToken = $signedRequest->get('oauth_token');
$expiresAt = $signedRequest->get('expires') ?: 0;

This comment has been minimized.

@yguedidi

yguedidi Jun 25, 2014
Contributor

$signedRequest->get('expires', 0) :)

@SammyK
Copy link
Contributor Author

@SammyK SammyK commented Jun 25, 2014

Thanks for the code review as always @yguedidi! I'll get cracking on these a bit later today. :)

@SammyK
Copy link
Contributor Author

@SammyK SammyK commented Jun 25, 2014

Done!

gfosco added a commit that referenced this pull request Jun 25, 2014
@gfosco gfosco merged commit ceb0e69 into facebookarchive:master Jun 25, 2014
@SammyK
Copy link
Contributor Author

@SammyK SammyK commented Jun 25, 2014

👍 And now to start tackling #36... Phew! :)

@SammyK SammyK deleted the SammyK:decouple-access-token-handling branch Jun 25, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.