使用X-FACEBOOK-PLATFORM SASL认证的facebook聊天认证

Question

我正在处理使用X-FACEBOOK-PLATFORM SASL认证机制的facebook聊天认证。

我正在按照Facebook开发人员论坛和计算器的问题所述形成用户和密码。

的一点是，如果我使用application_secret作为密码，我可以登录，但根据计算器的问题（下面的链接）它应该是从旧的REST API方法auth.promoteSession生成会话

我想使用旧的休息API方法，以避免在我们的桌面应用程序罐中分发application_secret。

所以问题是，你是如何设法用auth.promoteSession登录的？

我已阅读下列哪些职位有很大的帮助：

http://community.igniterealtime.org/message/205739#205739
XMPP with Java Asmack library supporting X-FACEBOOK-PLATFORM

而且我用它来fromt的igniterealtime后的类SASLXFacebookPlatformMechanism.java，它被注册correclty。

我有xmpp_login和offline_access权限。我已经禁用了删除已过时的身份验证方法，所以我可以调用旧的休息API方法，在这种情况下：auth.promoteSession 我在Facebook中也使用客户端流身份验证。

因此，使用application_secret作为密码，我得到：

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features> 
<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dmVyc2lvbj0xJm1ldGhvZD1hdXRoLnhtcHBfbG9naW4mbm9uY2U9NEIxRUQzNTA5MTQ5MDQxRTE4N0QyNTA0NTUzNjBDQjc=</challenge> 
<success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/> 

但是，如果使用由auth.promoteSession返回的值，我得到：

<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features> 
<challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dmVyc2lvbj0xJm1ldGhvZD1hdXRoLnhtcHBfbG9naW4mbm9uY2U9MzhFQkUxOTUxNENGRUU4ODc2NzRDREQ0RjhBMUQ0QjI=</challenge> 
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure> 

Answer 1

是的，它apears我，你需要两个。 XMPP with Java Asmack library supporting X-FACEBOOK-PLATFORM中的代码需要调整以包含应用程序密码以及会话密码（作为密码）。

this.apiKey = keyArray[0]; 
    Log.d("API_KEY", apiKey); 
    this.applicationSecret = "################################"; 
    Log.d("SECRET_KEY", applicationSecret); 
    this.sessionKey = keyArray[1]; 
    Log.d("SESSION_KEY", sessionKey); 

    this.authenticationId = sessionKey; 
    this.password = applicationSecret; 
    this.hostname = host; 

swaping出你appSecret的########################（在你的开发领域找到）

这是从文档或海事组织的文件中不清楚。会话密钥通过FB.getSession（）获得，但其他选项也可以使用。

Answer 2

我已经改变了Android版，现在

public class SASLXFacebookPlatformMechanism extends SASLMechanism { 

    private static final String NAME    = "X-FACEBOOK-PLATFORM"; 

    private String    apiKey   = ""; 
    private String    accessToken  = ""; 

    /** 
    * Constructor. 
    */ 
    public SASLXFacebookPlatformMechanism(SASLAuthentication saslAuthentication) { 
     super(saslAuthentication); 
    } 

    @Override 
    protected void authenticate() throws IOException, XMPPException { 
     getSASLAuthentication().send(new AuthMechanism(NAME, "")); 
    } 

    @Override 
    public void authenticate(String apiKey, String host, String accessToken) throws IOException, XMPPException { 
     if (apiKey == null || accessToken == null) { 
      throw new IllegalArgumentException("Invalid parameters"); 
     } 

     this.apiKey = apiKey; 
     this.accessToken = accessToken; 
     this.hostname = host; 

     String[] mechanisms = { "DIGEST-MD5" }; 
     Map<String, String> props = new HashMap<String, String>(); 
     this.sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, this); 
     authenticate(); 
    } 

    @Override 
    public void authenticate(String username, String host, CallbackHandler cbh) throws IOException, XMPPException { 
     String[] mechanisms = { "DIGEST-MD5" }; 
     Map<String, String> props = new HashMap<String, String>(); 
     this.sc = Sasl.createSaslClient(mechanisms, null, "xmpp", host, props, cbh); 
     authenticate(); 
    } 

    @Override 
    protected String getName() { 
     return NAME; 
    } 

    @Override 
    public void challengeReceived(String challenge) throws IOException { 
     byte[] response = null; 

     if (challenge != null) { 
      String decodedChallenge = new String(Base64.decode(challenge)); 
      Map<String, String> parameters = getQueryMap(decodedChallenge); 

      String version = "1.0"; 
      String nonce = parameters.get("nonce"); 
      String method = parameters.get("method"); 

      String composedResponse = 
       "method=" + URLEncoder.encode(method, "utf-8") + 
         "&nonce=" + URLEncoder.encode(nonce, "utf-8") + 
         "&access_token=" + URLEncoder.encode(accessToken, "utf-8") + 
         "&api_key=" + URLEncoder.encode(apiKey, "utf-8") + 
         "&call_id=0" + 
         "&v=" + URLEncoder.encode(version, "utf-8"); 
      response = composedResponse.getBytes(); 
     } 

     String authenticationText = ""; 

     if (response != null) { 
      authenticationText = Base64.encodeBytes(response); 
     } 

     // Send the authentication to the server 
     getSASLAuthentication().send(new Response(authenticationText)); 
    } 

    private Map<String, String> getQueryMap(String query) { 
     Map<String, String> map = new HashMap<String, String>(); 
     String[] params = query.split("\\&"); 

     for (String param : params) { 
      String[] fields = param.split("=", 2); 
      map.put(fields[0], (fields.length > 1 ? fields[1] : null)); 
     } 

     return map; 
    } 
} 

工作对我来说这个版本只需要应用程序ID和访问令牌

ConnectionConfiguration config = new ConnectionConfiguration("chat.facebook.com", 5222); 
config.setSASLAuthenticationEnabled(true); 
mFbConnection = new XMPPConnection(config); 

try { 
    SASLAuthentication.registerSASLMechanism("X-FACEBOOK-PLATFORM", SASLXFacebookPlatformMechanism.class); 
    SASLAuthentication.supportSASLMechanism("X-FACEBOOK-PLATFORM", 0); 
    mFbConnection.connect(); 
    mFbConnection.login(apiKey, accessToken, "Application"); 
} catch (XMPPException e) { 
    mFbConnection.disconnect(); 
    e.printStackTrace(); 
} 

我希望这将有助于。