+++ access token คืออะไรใน facebook ++++
😋 ปกติ facebook เปิดให้เว็บ (รวมทั้งแอพ) ที่เราเขียนขึ้น
สามารถใช้ระบบ login ของ facebook ได้
ทำให้เว็บนั้นได้สิทธิเข้าถึงข้อมูลส่วนตัวของ user นั้นๆ บน facebook
....
Continue Reading+++ What is access token on Facebook ++++
😋 Facebook is usually open for web (including apps) that we write up.
Facebook login system can be used
Make that web access to user's personal information on Facebook.
.
And in many sites, we must have seen.
Just have an account on Facebook, you can log in.
No need to waste time. Fill out a new subscription.
:
In this post will quote
Using Facebook Login
Behind that success, Facebook will give away access token
So that any web can manage user login
:
Before talking about access token, let me go back to the age of 2534
When "Timberners-Lee" delivered the world's first website.
It's a common thing that human beings use to be.
:
❣ but my weaknesses.... is in the heart
Hey, it's not the weaknesses of the website.
Well it uses HTTP potocol
Which is stateless. Don't remember any status.
The meaning is that Server is very short of memory. Alzheimer's disease.
When it gets request from browser
I don't remember where it came from???
Who sent it, I can't remember anymore!!!!!
:
🤔 to solve this cuddle nha technically
He will give you a server to send session id (or session token)
Which session id is something we can't read and long
It will be sent to browser. Keep this in the cookie.
.
.. Wrong is not that cookie.. but cookies are text
Server will send session id to browser
Keep the value in cookies (keep text on browser side)
:
Programming time on server side
Like PHP when using session _ start ();
Will tell browser to collect session id in text photos such as
PHPSESSID=tqb4s5q7k25234eabbvs11dp02
(session id is a random code)
:
But if it's another language, it may be seen in other words.
E.g. JSSIONID (JAVA EE), PHPSESSID (PHP), and ASPSESSIONID (Microsoft ASP).
.
😉 Even here session id... may think it's a ID code.
:
From now on when users click on what on the web page
Browser will be kind.
Secretly sending this session id to server automatically
Make the server recover from Alzheimer's.
... I remember where the request sent this... yay yay
.
So if the request sent in
It has the same session id
It's considered the same friends.
(Computer vocabulary says these request is in the same SESSION)
.
What if it's not the same session id
It's considered that request is not the same people.
:
👉 Benefits of session id
Will be used in conjunction with login / logout mechanism
1) When user name XXX comes in, there will be a session id.
2) When another user name YY does login, there will be a session id as a different ID.
3) When both users do logout, it will expire session id.
:
Question if we went to wash all the cookies in browser what would happen?
- answer for session id will be gone.
- So who secretly login is holding this web? What is that... huhu
- I have to logout automatically for new login... So sad. Haha.
(server doesn't remember us anymore
Because browser doesn't send session id)
:
Session id sounds like good
😨 but using user / password to login will have disadvantage such as
1) Easy to hacker to sneak in session
To wear sesion id (Cross-Site Request Forgery: CSRF)
... Technically, let's not talk about it. Read it on the
2) It is a burden for server to remember the session id. What rights you have and remember other information of user etc.
3) If you want to give the same user, login different devices such as
Web is fine. Mobile phone is good... It will be more difficult. (I have to copy session)
4) and other disadvantage not mentioned
:
😘 but he has a technique to solve the way.
.
Well, use what's called "acces token"
To get access token
I have to login with user / password to exchange it.
... We have to stand in the cat before we get access token.
Then we can use it instead of login
.
Keep us from feeding user / password often
And each user will get access token. Different look alike.
When it's time for user to do logout, access token will expire immediately.
:
😙 Here access token may compare like a key
Or maybe you can see it as a ticket or a pass... It's up to the imagination.
Difference from session id is
1) access token will not be kept in cookies
2) access token will collect information that can be revealed.
e.g. user _ id, rights, expiration date
(Not a burden for server to remember these information)
:
If you use access token with login mechanism, you will see the advantages like
1) Prevent hacker from using session by Cross-Site Request Forgery (CSRF)
2) Can login from mobile phone and just use the same user.
Just giving away access token... It's like Facebook.
(Not stored in browser cookies)
3) The server can leave a hassle login / logout duty... Throw it to authenticate service outside.
4) Server doesn't need to take care of user information.
:
😀 Cut back to see login mechanism with facebook user / password
The concept is as shown in the photo that I posted. (as an example of php)
Simple summary
- user time login
- It will sneak a switch to Facebook to do login instead.
- Then Facebook will throw back access token to our web
- Then user will use it as a pass. No need to login again.
:
There are many types of access token of Facebook such as
-User Access Token
- App Access Token
- Page Access Token
-Client Token
Each type has different rights. I can't ask for deep.
:
👉 session id and access token all this story
It's a sweet, fragrant hacker. I like it very much.
If they can steal, they can wear a login user.
Then hacker will get all rights like user... done here
.
Except we logout
To make session id or access token expire
Then the hacker will be out of bogs.
:
In the user corner. Just login.
Don't mind access token behind the scenes
But if it's a #programmer, you need to be extra mindful.
Because even four feet know that the philosopher knows.
The biggest giant. Big brother like Facebook.
Still missed it. Let access token out so that it's a big news.
.
👌 So, programming
Let's be mindful about access token. Don't fall off.
Be safe from hakcker to the best
Good luck to all of you.
:
:
Written by Thai programmer thai programmer
:
+++++++++++++
Reference
1) https://developers.facebook.com/docs/php/howto/example_facebook_login?locale=th_TH
2) https://developers.facebook.com/docs/facebook-login/access-tokens?locale=th_THTranslated
同時也有1部Youtube影片,追蹤數超過12萬的網紅prasertcbs,也在其Youtube影片中提到,ดาวน์โหลดไฟล์ประกอบได้ที่ http://goo.gl/dhU776...
「compare java」的推薦目錄:
- 關於compare java 在 โปรแกรมเมอร์ไทย Thai programmer Facebook 的最讚貼文
- 關於compare java 在 矽谷阿雅 Anya Cheng Facebook 的最讚貼文
- 關於compare java 在 prasertcbs Youtube 的最佳解答
- 關於compare java 在 How to compare two instants in Java? - Stack Overflow 的評價
- 關於compare java 在 How does compareTo method works internally in Java? 的評價
- 關於compare java 在 japicmp-base - GitHub Pages 的評價
compare java 在 矽谷阿雅 Anya Cheng Facebook 的最讚貼文
四個月前想去加州大學柏克萊校區報名前台工程程式語言JavaScript,不小心報成後台程式工程程式語言Java😱😱😱,只好硬著頭皮把它上完。
一班十多人,沒背景工作又忙沒時間讀書,作業考試我總是最後一名,老師經常講完一個段落之後就會對著我問「阿雅,你有聽懂嗎?我們可以繼續嗎?」(因為如果我聽懂,全班就都聽懂了!)沒想到還是順利結業了!🎉雖然現在還是一知半解,不真的有辦法獨立寫程式,但比起四個月前的我,又更懂得一些!😊
嘗試新東西?不要害怕,沒有想像的那麼難啦(其實,對文組的我來說寫程式真的很難!哈)老師上課常用甜甜圈做例子解釋語言程式的結構,結業大家就來吃個甜甜圈吧!🍩
Four months ago I registered a coding class at UC Berkeley. I was trying to register front-end language JavaScript but accidentally registered back-end language Java 😱😱😱. With no background plus a busy work, I was usually the worst-performing student in class. When the instructor finished each session, he usually asked me among the whole class of 15, “Anya, you got it? Can we continue?”
But, I still finished the class! Although I still can’t code, compare to my knowledge four months ago, I know much more now.
Try something new? Don’t worry. Is not as hard as you thought (actually, coding is really hard for me who has only social science background, lol!) The instructor always use donuts 🍩 to explain code concept, so we ate donut at after class party!
#UCBerkeley #Java #程式語言 #加州大學柏克萊校區 #終身學習 #嘗試新東西 #TryNewThings #ContinuousEducation #Coding
compare java 在 japicmp-base - GitHub Pages 的推薦與評價
japicmp. japicmp is a tool to compare two versions of a jar archive: java -jar japicmp-0.15.4-jar-with-dependencies.jar -n new-version.jar ... ... <看更多>
compare java 在 How to compare two instants in Java? - Stack Overflow 的推薦與評價
... <看更多>