Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Pass appsecret_proof as a query string parameter as it maybe be ignored if passed in as a body parameter #1073

Open
@kullfar

Description

@kullfar

Specifically for some POST requests in current implementation we get API calls from the server require an appsecret_proof argument response. Some POST endpoints will send the HTTP body with form encoded data, which would mean the body parameters are ignored.

Tangibly related it may be worth also implementing it followinghttps://developers.facebook.com/docs/facebook-login/security/#proof (using timestamp in proof computation is not enforced but recommended by FB)

  // See https://developers.facebook.com/docs/facebook-login/security/#proof  var appsecretTime = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());  final String appsecretProofPlain = accessToken + "|" + appsecretTime;  for (byte b : mac.doFinal(appsecretProofPlain.getBytes())) {    appsecretProof.format("%02x", b);  }  request.addQuerystringParameter("appsecret_proof", appsecretProof.toString());  request.addQuerystringParameter("appsecret_time", String.valueOf(appsecretTime));

image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      [8]ページ先頭
      ©2009-2025 Movatter.jp