使用X-FACEBOOK-PLATFORM SASL認證的facebook聊天認證

Question

我正在處理使用X-FACEBOOK-PLATFORM SASL認證機制的facebook聊天認證。

我正在按照Facebook開發人員論壇和計算器的問題所述形成用戶和密碼。

的一點是，如果我使用application_secret作爲密碼，我可以登錄，但根據計算器的問題（下面的鏈接）它應該是從舊的REST API方法auth.promoteSession生成會話

我想使用舊的休息API方法，以避免在我們的桌面應用程序罐中分發application_secret。

所以問題是，你是如何設法用auth.promoteSession登錄的？

我已閱讀下列哪些職位有很大的幫助：

http://community.igniterealtime.org/message/205739#205739
XMPP with Java Asmack library supporting X-FACEBOOK-PLATFORM

而且我用它來fromt的igniterealtime後的類SASLXFacebookPlatformMechanism.java，它被註冊correclty。

我有xmpp_login和offline_access權限。我已經禁用了刪除已過時的身份驗證方法，所以我可以調用舊的休息API方法，在這種情況下：auth.promoteSession 我在Facebook中也使用客戶端流身份驗證。

因此，使用application_secret作爲密碼，我得到：

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features> 
<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dmVyc2lvbj0xJm1ldGhvZD1hdXRoLnhtcHBfbG9naW4mbm9uY2U9NEIxRUQzNTA5MTQ5MDQxRTE4N0QyNTA0NTUzNjBDQjc=</challenge> 
<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/> 

但是，如果使用由auth.promoteSession返回的值，我得到：

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features> 
<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dmVyc2lvbj0xJm1ldGhvZD1hdXRoLnhtcHBfbG9naW4mbm9uY2U9MzhFQkUxOTUxNENGRUU4ODc2NzRDREQ0RjhBMUQ0QjI=</challenge> 
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure> 

Answer 1

是的，它apears我，你需要兩個。 XMPP with Java Asmack library supporting X-FACEBOOK-PLATFORM中的代碼需要調整以包含應用程序密碼以及會話密碼（作爲密碼）。

this.apiKey = keyArray[0]; 
    Log.d("API_KEY", apiKey); 
    this.applicationSecret = "################################"; 
    Log.d("SECRET_KEY", applicationSecret); 
    this.sessionKey = keyArray[1]; 
    Log.d("SESSION_KEY", sessionKey); 

    this.authenticationId = sessionKey; 
    this.password = applicationSecret; 
    this.hostname = host; 

swaping出你appSecret的########################（在你的開發領域找到）

這是從文檔或海事組織的文件中不清楚。會話密鑰通過FB.getSession（）獲得，但其他選項也可以使用。

Answer 2

我已經改變了Android版，現在

public class SASLXFacebookPlatformMechanism extends SASLMechanism { 

    private static final String NAME    = "X-FACEBOOK-PLATFORM"; 

    private String    apiKey   = ""; 
    private String    accessToken  = ""; 

    /** 
    * Constructor. 
    */ 
    public SASLXFacebookPlatformMechanism(SASLAuthentication saslAuthentication) { 
     super(saslAuthentication); 
    } 

    @Override 
    protected void authenticate() throws IOException, XMPPException { 
     getSASLAuthentication().send(new AuthMechanism(NAME, "")); 
    } 

    @Override 
    public void authenticate(String apiKey, String host, String accessToken) throws IOException, XMPPException { 
     if (apiKey == null || accessToken == null) { 
      throw new IllegalArgumentException("Invalid parameters"); 
     } 

     this.apiKey = apiKey; 
     this.accessToken = accessToken; 
     this.hostname = host; 

     String[] mechanisms = { "DIGEST-MD5" }; 
     Map<String, String> props = new HashMap<String, String>(); 
     this.sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, this); 
     authenticate(); 
    } 

    @Override 
    public void authenticate(String username, String host, CallbackHandler cbh) throws IOException, XMPPException { 
     String[] mechanisms = { "DIGEST-MD5" }; 
     Map<String, String> props = new HashMap<String, String>(); 
     this.sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh); 
     authenticate(); 
    } 

    @Override 
    protected String getName() { 
     return NAME; 
    } 

    @Override 
    public void challengeReceived(String challenge) throws IOException { 
     byte[] response = null; 

     if (challenge != null) { 
      String decodedChallenge = new String(Base64.decode(challenge)); 
      Map<String, String> parameters = getQueryMap(decodedChallenge); 

      String version = "1.0"; 
      String nonce = parameters.get("nonce"); 
      String method = parameters.get("method"); 

      String composedResponse = 
       "method=" + URLEncoder.encode(method, "utf-8") + 
         "&nonce=" + URLEncoder.encode(nonce, "utf-8") + 
         "&access_token=" + URLEncoder.encode(accessToken, "utf-8") + 
         "&api_key=" + URLEncoder.encode(apiKey, "utf-8") + 
         "&call_id=0" + 
         "&v=" + URLEncoder.encode(version, "utf-8"); 
      response = composedResponse.getBytes(); 
     } 

     String authenticationText = ""; 

     if (response != null) { 
      authenticationText = Base64.encodeBytes(response); 
     } 

     // Send the authentication to the server 
     getSASLAuthentication().send(new Response(authenticationText)); 
    } 

    private Map<String, String> getQueryMap(String query) { 
     Map<String, String> map = new HashMap<String, String>(); 
     String[] params = query.split("\\&"); 

     for (String param : params) { 
      String[] fields = param.split("=", 2); 
      map.put(fields[0], (fields.length > 1 ? fields[1] : null)); 
     } 

     return map; 
    } 
} 

工作對我來說這個版本只需要應用程序ID和訪問令牌

ConnectionConfiguration config = new ConnectionConfiguration("chat.facebook.com", 5222); 
config.setSASLAuthenticationEnabled(true); 
mFbConnection = new XMPPConnection(config); 

try { 
    SASLAuthentication.registerSASLMechanism("X-FACEBOOK-PLATFORM", SASLXFacebookPlatformMechanism.class); 
    SASLAuthentication.supportSASLMechanism("X-FACEBOOK-PLATFORM", 0); 
    mFbConnection.connect(); 
    mFbConnection.login(apiKey, accessToken, "Application"); 
} catch (XMPPException e) { 
    mFbConnection.disconnect(); 
    e.printStackTrace(); 
} 

我希望這將有助於。