我想做与此处描述相反的操作:Can I use oauth token at client side?
我正在构建一项在超链接上执行 Facebook Graph API 查找的服务。碰巧 Facebook Graph API 总是需要 OAuth token 来查找任何内容。
让客户将他们的 OAuth token 传递给我的服务,以便我可以代表他们访问 Facebook Graph API,这有什么问题吗? (为此,我与客户端的连接将通过 HTTPS 进行。)
最佳答案
Google 不建议这样做,但描述了混合方法 here .
To take advantage of all of the benefits of Google+ Sign-In you must use a hybrid server-side flow where a user authorizes your app on the client side using the JavaScript API client and you send a special one-time authorization code to your server. Your server exchanges this one-time-use code to acquire its own access and refresh tokens from Google for the server to be able to make its own API calls, which can be done while the user is offline. This one-time code flow has security advantages over both a pure server-side flow and over sending access tokens to your server.
关于oauth - 将 OAuth token 从设备传递到服务器 : poor form?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12376136/