Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Decrypt OAuth 2.0 access token

Tags:

facebook

oauth-2.0

Is it possible to decrypt Facebook's new OAuth 2.0 access_token ?

I need to somehow get user_id and app_id from the access_token.

PS:

I need to get the user_id and app_id ONLY from the access_token as Facebook Linter used to do.

like image 716
glarkou Avatar asked Sep 03 '11 01:09

glarkou

2 Answers

As others have already pointed out, the access_token is a unique random string, so it cannot be decrypted as such. Also, we all know that the user_id and app_id are prerequesites to generate the token in the first place.

However, let's assume you stored your token(s) in a database and lost the associated user_id and app_id. In that case, it is a valid question on how to retrieve them having only the token at hand. If your token is still valid, this is possible. If it is expired, you're out of luck.

To retrieve the user_id, make a call to:

https://graph.facebook.com/me?fields=id&access_token=xxx

To retrieve the app_id, make a call to:

https://graph.facebook.com/app?fields=id&access_token=xxx

In both cases, the associated id's will be part of the JSON response, regardless of the access_token being an encrypted or unencrypted one.

Let's illustrate this with an example. Let's assume Mark Zuckerberg uses the Graph API Explorer to generate an access_token. Calling the /me endpoint gives you:

{
  "id": "68310606562"
}

and calling the /app endpoint gives you:

{
  "id": "145634995501895"
}

The ids you were looking for are part of the response.

Please note that this does not work with the access_token shown on https://developers.facebook.com/apps (not sure if this is a Facebook mistake or intentional). Please use the access_token that your app receives via OAuth.

like image 194
kongo09 Avatar answered Oct 21 '22 02:10

kongo09

If the access token is in the encrypted format, there's no programmatic way to determine the User ID and App ID.

I struggle to think of a legitimate way you could have come across an access token without already having those two pieces of information since presumably you know your own App ID and the User ID you stored the access token against.

Nevertheless, assuming there's a legitimate use-case for this: a call to /me?fields=id will return the user ID and/or you can use the debug tool at https://developers.facebook.com/tools/debug to debug the other properties of the access token

like image 27
Igy Avatar answered Oct 21 '22 02:10

Igy
Sign in to Comment

Related questions

FBConnect: Why is it showing on some pages and not others?
Change thumbnail on Facebook link
Facebook Open Graph API: weird behavior of parameter limit while getting a paginated user's news feed
How to autoplay embedded Facebook videos?
How to get user location and user hometown in facebook api?
Facebook - Error parsing input URL, no data was cached, or no data was scraped
XMPP with Java Asmack library supporting X-FACEBOOK-PLATFORM
facebook meta tag description not updating
Google Chrome Extension + Login with Facebook + Parse
Facebook graph api returns no email
DotNetOpenAuth CTP - Facebook bad request
how to post URL with Image on facebook by ShareKit
Lots of XFBML Facebook Like buttons are slow?
How do I get the Facebook user Id from the Facebook object in the iOS SDK?
Using Non-ARC Code in an ARC-Enabled Project - Adding Facebook
Passport-facebook access req object from within callback function
facebook social plug-in not showing up when added dynamically
How to disable Facebook single sign on for android - Facebook-android-sdk
Facebook PHP throwing exception "(#803) Some of the aliases you requested do not exist"
Where to download FaceBook JavaScript SDK and xd_receiver.htm

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!