翻了下以前的日记,决定把一些笔记晒出来分享,需求是这样,需要通过c/c++写的应用实现上传图片等到facebook,以下是用curl模拟的登录facebook,并取得权限的一些记录,有可能facebook的接口已经改了,但是原理是一样的,能用curl命令实现,c/c++就可以调用libcurl来实现程序控制的。
要有权限就得有access token
得到access token的一种方式
1. Embed a web browser and implement the client-side authentication flow:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token
2. After the user authorizes your app, Facebook will redirect the user to that URL and pass an the access token in the URI fragment:
https://www.facebook.com/connect/login_success.html#
access_token=USER_ACCESS_TOKEN
You should detect this redirect and then read the access token out of the URI using whatever mechanisms provided by your OS and development framework of choice.
有了access token就可以做很多事,比如上传图片
facebook官方是没有c/c++的SDK的,怎么办,只能自己模拟了
浏览器上登录facebook
然后输入如下网址
www.facebook.com/dialog/oauth?client_id=1470040476543038&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token&scope=publish_stream
FireBug调试过程得到
首先要登录
参数
login_attempt=1
next=http://www.facebook.com/dialog/oauth?redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&scope&response_type=token&client_id=1470040476543038&ret=login
响应头信息原始头信息
Content-Length 0
Content-Type text/html; charset=utf-8
Date Mon, 03 Mar 2014 05:59:35 GMT
Location https://www.facebook.com/dialog/oauth?redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&scope&response_type=token&client_id=1470040476543038&ret=login&ext=1393829975&hash=Aeb966W9Vn7Emfbh
P3P CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie .... 省略
X-Content-Type-Options nosniff
X-FB-Debug fbR0tG4VekxlzA2VgThtTndz6ZvIxf3f/rcVmE7R38Q=
X-Firefox-Spdy 3
请求头信息原始头信息
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Connection keep-alive
Cookie ...省略
Host www.facebook.com
Referer https://www.facebook.com/login.php?skip_api_login=1&api_key=1470040476543038&signed_next=1&next=http%3A%2F%2Fwww.facebook.com%2Fdialog%2Foauth%3Fredirect_uri%3Dhttps%253A%252F%252Fwww.facebook.com%252Fconnect%252Flogin_success.html%26scope%26response_type%3Dtoken%26client_id%3D1470040476543038%26ret%3Dlogin&cancel_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied%23_%3D_&display=page
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0
来自上传流的请求头信息
Content-Length 263
Content-Type application/x-www-form-urlencoded
POST 发送登录数据
参数application/x-www-form-urlencoded
api_key 1470040476543038
default_persistent 0
display page
email [email protected]
enable_profile_selector
legacy_return 1
lgnjs 1393826345
lgnrnd 215903_6na7
lsd AVpLUPfd
pass xxx
profile_selector_ids
signed_next 1
skip_api_login 1
timezone -480
trynum 1
源代码
lsd=AVpLUPfd&api_key=1470040476543038&display=page&enable_profile_selector=&legacy_return=1&profile_selector_ids=&skip_api_login=1&signed_next=1&trynum=1&timezone=-480&lgnrnd=215903_6na7&lgnjs=1393826345&email=xxx%40gmail.com&pass=xxx&default_persistent=0
登录成功
会弹出一个确认窗口, 提示yxtec 将收到你的以下信息:公开简介和好友列表。
有一个确定按钮,按下表示授权应用权限,使用浏览器调试工具,查看此按钮代码
<button class="_42ft _4jy0 layerConfirm autofocus uiOverlayButton _4jy3 _4jy1 selected" tabindex="0" value="1" name="__CONFIRM__" type="submit">确定</button>
请求网址: https://www.facebook.com/dialog/oauth/read
请求方法: POST
状态码: HTTP/1.1 200 OK
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0
Referer: https://www.facebook.com//dialog/oauth?client_id=1470040476543038&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token&scope=publish_stream
Pragma: no-cache
Host: www.facebook.com
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 690
Connection: keep-alive
Cache-Control: no-cache
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
请求主体
fb_dtsg=AQAPpgDY&app_id=1470040476543038&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&display=page&access_token=&sdk=&from_post=1&public_info_nux=1&private=&login=&read=public_profile%2Cuser_friends%2Cprivate&write=publish_stream%2Cpublish_actions%2Ccreate_note%2Cphoto_upload%2Cpublish_checkins%2Cshare_item%2Cstatus_update%2Cvideo_upload&extended=&social_confirm=&confirm=&gdp_version=3&seen_scopes=public_profile%2Cuser_friends%2Cprivate&auth_type=&auth_nonce=&ref=Default&return_format=access_token&domain=&sso_device=&__CONFIRM__=1&__user=100004031577075&__a=1&__dyn=7n8ahyj35zolgDxyG8HzC2iq2W8GAdBGfJ4WpU&__req=3&ttstamp=2658165801121036889&__rev=1137246
类似的curl调用如下
curl ‘https://www.facebook.com/dialog/oauth/read‘ -H ‘Cache-Control: no-cache‘ -H ‘Connection: keep-alive‘ -H ‘Content-Type: application/x-www-form-urlencoded; charset=UTF-8‘
-H ‘Cookie: datr=nA0MU25HFWQzbwDP0i3K8cBQ; lu=whQM2Svo8Iit9SFVT8ts3tow; fr=0apOrql4rhFrR0a34.AWWbh9DIRhkl-6zfWOSA0CUfw9o.BTDA29.a9.FMM.AWWIJK8b; c_user=100004031577075; csm=2; s=Aa58jMNHwHD7h3Vo.BTFBpG; xs=192%3AkIVz8zlr8gQ6eQ%3A2%3A1393826374%3A4488; p=138;
presence=EM393828878EuserFA21B04031577075A2EstateFDsb2F0Et2F_5b_5dElm2FnullEuct2F1393827192BEtrFnullEtwF1487050164EatF1393828057576G393828878080CEchFDp_5f1B04031577075F1CC; act=1393828905479%2F1; wd=1366x405; _e_0d0t_0=%5B%220d0t%22%2C1393828905469%2C%22act%22%2C1393828905460%2C0%2C%22__CONFIRM__%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2Fdialog%2Foauth%3Fclient_id%3D1470040476543038%26redirect_uri%3Dhttps%253A%252F%252Fwww.facebook.com%252Fconnect%252Flogin_success.html%26response_type%3Dtoken%26scope%3Dpublish_stream%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C863%2C371%2C0%2C981%2C%22vnfcpd%22%2C%22%2Fdialog%2Foauth%3Apage%22%2C18%5D;
_e_0d0t_1=%5B%220d0t%22%2C1393828905483%2C%22act%22%2C1393828905479%2C1%2C%22%2Fdialog%2Foauth%2Fread%22%2C%22f%22%2C%22submit%22%2C%22-%22%2C%22r%22%2C%22%2Fdialog%2Foauth%3Fclient_id%3D1470040476543038%26redirect_uri%3Dhttps%253A%252F%252Fwww.facebook.com%252Fconnect%252Flogin_success.html%26response_type%3Dtoken%26scope%3Dpublish_stream%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C0%2C0%2C0%2C0%2C%22vnfcpd%22%2C%22%2Fdialog%2Foauth%3Apage%22%2C18%5D‘
-H ‘Host: www.facebook.com‘ -H ‘Pragma: no-cache‘ -H ‘Referer: https://www.facebook.com/dialog/oauth?client_id=1470040476543038&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&response_type=token&scope=publish_stream‘ -H ‘User-Agent:
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0‘ --data ‘fb_dtsg=AQDFqGu2&app_id=1470040476543038&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&display=page&access_token=&sdk=&from_post=1&public_info_nux=1&private=&login=&read=public_profile%2Cuser_friends%2Cprivate&write=publish_stream%2Cpublish_actions%2Ccreate_note%2Cphoto_upload%2Cpublish_checkins%2Cshare_item%2Cstatus_update%2Cvideo_upload&extended=&social_confirm=&confirm=&gdp_version=3&seen_scopes=public_profile%2Cuser_friends%2Cprivate&auth_type=&auth_nonce=&ref=Default&return_format=access_token&domain=&sso_device=&__CONFIRM__=1&__user=100004031577075‘
然后会跳转到一个成功页面
https://www.facebook.com/connect/login_success.html#access_token=CAAU4ZCnho6D4BAPl3AnjId1gvMg7bvHET7xNzIPIaYXmtW0bDTcLkLVPkcB249WUTfgmlx6PUl8mFBeIAarr1tuHyNodZATWZCMszZCLv1fLxfHGRwhiv4YJQ33tZAdPz5l16uZAxEMOwzmYAQMz8Ws7aC9pNzzSWLfKdgRTZB5BWZClxEE6qoEBTZAWfK31Iyt0ZD&expires_in=6755
接着会要求写权限,照样会弹出一个要求确认的界面
POST https://www.facebook.com/dialog/oauth/write
参数application/x-www-form-urlencoded
__CONFIRM__ 1
__a 1
__dyn 7n8ahyj35zolgDxyG8HzC2iq2W8GAdBGfJ4WpU
__req 7
__rev 1142402
__user 100004031577075
access_token
app_id 1470040476543038
audience[0][value] 80
auth_nonce
auth_type
confirm
display page
domain
extended
fb_dtsg AQDFqGu2
from_post 1
gdp_version 3
login
private
read
redirect_uri https://www.facebook.com/connect/login_success.html
ref Default
return_format access_token
sdk
seen_scopes publish_stream,publish_actions,create_note,photo_upload,publish_checkins,share_item,status_update,video_upload
social_confirm
sso_device
ttstamp 2658168701137111750
write publish_stream,publish_actions,create_note,photo_upload,publish_checkins,share_item,status_update,video_upload
源代码
fb_dtsg=AQDFqGu2&app_id=1470040476543038&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&display=page&access_token=&sdk=&from_post=1&private=&login=&read=&write=publish_stream%2Cpublish_actions%2Ccreate_note%2Cphoto_upload%2Cpublish_checkins%2Cshare_item%2Cstatus_update%2Cvideo_upload&extended=&social_confirm=&confirm=&gdp_version=3&seen_scopes=publish_stream%2Cpublish_actions%2Ccreate_note%2Cphoto_upload%2Cpublish_checkins%2Cshare_item%2Cstatus_update%2Cvideo_upload&auth_type=&auth_nonce=&ref=Default&return_format=access_token&domain=&sso_device=&audience[0][value]=80&__CONFIRM__=1&__user=100004031577075&__a=1&__dyn=7n8ahyj35zolgDxyG8HzC2iq2W8GAdBGfJ4WpU&__req=7&ttstamp=2658168701137111750&__rev=1142402
"&__a=1&__dyn=7n8ahyj35zolgDxyG8HzC2iq2W8GAdBGfJ4WpU&__req=7&ttstamp=2658168701137111750&__rev=1142402"这部分是不必须的
因为官方没有c/c++的SDK,目前facebook的原理是分析网页http数据,用curl模拟用户授权,登录,上传。 只要facebook改了页面,那么就得重新分析一次数据,然后再进行get post等的模拟。
有两个c++相关的代码,C++ REST SDK 与facebook-cpp-graph-api,似乎可用于windows
其他的一些有用的资料:
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
This guide will take you through each step of the login flow and show you how to implement each one without using our SDKs:
http://www.autoitscript.com/forum/topic/152680-like-fanpage-facebook-live-http-headers/
http://stackoverflow.com/questions/16576532/facebook-like-button-returns-incorrect-query-params
http://stackoverflow.com/questions/16076275/facebook-invite-friend-dialog-app-non-users-filter-seems-to-have-no-effect
http://www.google.com.hk/#newwindow=1&q=facebook+__dyn%3D&safe=strict
作者:帅得不敢出门 程序员群:31843264