I'm trying to integrate the Facebook Login for my app connected a Facebook Business. Under the Facebook Business settings, there are Users, and those users have different access under the Facebook Business. When logging into the app, can those users login with their own credentials and will their "access" in the business be able to be revealed in the API response? I'm trying to set up different access levels within the app based on who logs into from the Facebook Business Users. Is this possible?
Related
I have a web app in which users can sign up via many auth providers among which Facebook Login (using facebook SDK).
Everything works fine but I was wondering if there's a way banned users (ToS violators) can get to access the web app?
For example, can they do that using the remove app functionality from their FB account settings or some other way where they could seamingly change their identity making them look like new users from the FB API (new IDs because of some change they made to their account,...) thus being able to sign up again on my app with the same technically banned facebook account?
When using facebook apps like chatfuel and manychat (which are bot creation platforms), these apps request permissions that allow them to manage my pages and send messages.
I want to create a similar app that allows users to send messages from their pages through my app, but I can't find how to request such permissions in Facebook's documentation.
You need to be given the administrator role for each Page, then connect your app to the Page and generate a page-scoped token for each one.
I have a facebook messenger bot that sends a webhook to my web app. People can login to my app via facebook login.
The first user contact is normally with my facebook bot on which they can create a profile. When they make contact I take their facebook id, name, profile pic, etc.
Users can then login with facebook to my web app to enhance their profile.
My problem is facebook uses different scoped ids for messenger and their login.
How can I recognise if a user has already been on my facebook bot if they use my web app, and vice verca.
I think it has something to do with the business mapping api: https://developers.facebook.com/docs/apps/for-business but I'm struggling to understand how it works.
I am sending a get request using:
GET /me?fields=token_for_business
But the docs do not specify the full url to use. I'm also unsure if you can use this in developer mode.
facebook provides an id-matching api
for the app and pages owned by the same business manager. More informations:
https://developers.facebook.com/docs/messenger-platform/identity/id-matching
I'm working on a application that post messages on facebook pages using the manage_pages, publish_pages roles.
Now we need to boost some of those post using ads. For that reason, we also ask for the ads_management, read_ads roles.
With these roles and the marketing api, we thought that we will be available to create an ad for the page post (with the access token of the page) and using an ad account linked to the app, not to the page (the ad is a reward for posting, so it will be payed by the app).
In our first POC, we get authorization errors when using the access token of the page and the ad account of the app. And this is logic for me: an app cannot allow a page token to use the money on an ad account that does not belong to him/them!
Ok. We changed of approach. Now we use a user token from someone of our organization that have access to the the ad account. Now the marketing api is allowing us to manipulate the account, but this user cannot create ads for the posts of the managed pages because it does not have the Advertiser role on each of those pages!
I think that the problem is that the marketing api does not use application level roles but user roles only ... I'm right?
I'm saying this because our application has all the roles that we need, but of course, our staff don't (facebook users authorize apps, not people from the app's organization).
So, there is a way to use the facebook marketing api using an app that can post and manage ads for that page but that use an ad account that is not related to the page?
The page, for which you want to run ads, will have to add the Ad Account (or respective User account that has access to the Ad Account) as an advertiser to the page. That way, you app will be able to create ads for those pages. Can you confirm that works?
I'm implementing the FB login/logout in my web apps. Each of my web apps serves a different purpose thus having different domains. But they share the same user database.
User's Facebook sign-up comes from one web app. I pass the access token returned by the client side JS-SDK login function to the server. At server side I used the Facebook email and ID (retrieved with graph API /me) as the user's username and password, respectively.
At first, I created a unique Facebook App for each of my web sites. In this case, in my other web apps, when logging in with Facebook, the graph API /me returns a different ID for the same user, so the user cannot login.
It turns out that the response.authResponse.accessToken returned by Facebook login is also different. Then I tried to add all the domains under Settings->Advanced->Valid OAuth redirect URIs in one Website App, but the access token and ID are still different for each domain.
I wonder what is the problem here. Why Facebook returns different IDs for the same user. And why the access token is different even if the web domains are all in one App (same app ID and secret). Thanks.
As #WizKid suggested here, you need to map users between different apps. Usually you will need to create a Business Manager and add your apps to that manager. Then you'll have access to all the apps' info, including their scoped user IDs, by calling API /me/ids_for_business