Facebook device/login returning access token but without the requested permissions - facebook

I am sending a request to the Facebook device/login API via curl using a shell script as documented in the Facebook Login for Devices page:
curl -i -X POST https://graph.facebook.com/v14.0/device/login -F 'access_token=${app_id}|${client_token}' -F 'scope=ads_management,business_management,instagram_basic,instagram_content_publish,pages_read_engagement,pages_show_list,public_profile'
(The app_id and client_token are properly filled in.)
I get back the response such as
{
"code": "f4ee7axxxxxxxxxxxxxxxxec4b8e28eb",
"user_code": "PXXXXXXQ",
"verification_uri": "https://www.facebook.com/device",
"expires_in": 420,
"interval": 5
}
In my browser, I open a fresh private page and go to https://www.facebook.com/device, log in, and enter the user_code (e.g. PXXXXXXQ), and it completes successfully.
I then "poll" device/login_status via this curl command:
curl -i -X POST https://graph.facebook.com/v14.0/device/login_status -F 'access_token=${app_id}|${client_token}' -F 'code=f4ee7axxxxxxxxxxxxxxxxec4b8e28eb'
and get back a response with an access token:
{
"access_token": "EAAKxxxxxxxxxxxxxxxxxxxxxuuu",
"data_access_expiration_time": 1663078272,
"expires_in": 5183984
}
I then put the access token into the Access Token Debugger and find that it only has the two basic permissions of pages_show_list and public_profile. The other permissions are not granted.
I'm assuming I do not have my app configured properly. So far, the Facebook support has punted on the question so I'm turning here for help. I have "Enable Login for Devices" as the API page says in Step 1. I have "Facebook Login", "App Events", and "Instagram Basic Display" in my "Products" list. I don't see any warnings or flags on any of the app's pages. My "Test User" is a real Facebook user listed as in a Tester roll in the app.
Ultimately I want to use the Instagram media API. As a simpler test of the access token, I was trying to use the {page_id}?fields=instagram_business_account as a test and it wasn't working. Some pages suggest disconnecting and reconnecting the Instagram user and other things but I think the problem originates with the access token not having sufficient permissions.
I have also tried just requesting the permissions needed for the {page_id} and got the same results.
What changes do I need to make to get an access token via the device/login API that has more than just pages_show_list and public_profile permissions?

Related

Facebook Marketing API issue: (#10) Application does not have permission for this action

I am trying to access Instagram Ad comments using Facebook Marketing API. But When I try the following command:
curl -G \
-d "access_token=<ACCESS_TOKEN>"\
-d "fields=id,message,instagram_user"\
"https://graph.facebook.com/<API_VERSION>/<EFFECTIVE_INSTAGRAM_STORY_ID>/comments"
I receive this error:
{'error': {'message': '(#10) Application does not have permission for this action', 'fbtrace_id': '', 'code': 10, 'type': 'OAuthException'}}
I am able to get the ads, their creatives but not the comments.
I used to be able to do the same a few months back. I am not sure what has changed. I do the same with Python but it is same as curl so in case someone do need to see it I can share it.
Here are the permissions that my app requests(it has development access and I am admin of both the ad account and the app):
Permissions
email
ads_read
ads_management
business_management
instagram_manage_comments

Uber API returns 404 no_partner_for_user with valid token

I have a valid oauth token retrieved from the Uber API for a driver account. When I hit this endpoint:
curl -i -H "Authorization: Bearer XXXXX" https://api.uber.com/v1/partners/me
I'm returned with:
{"meta":{},"errors":[{"status":404,"code":"no_partner_for_user","title":"The user does not have a partner account."}]}
My colleague can hit the same endpoint with another valid token for the same driver and successfully receives account data.
edit
Just confirming that the account we've authed is absolutely definitely definitively a driver account.
The user does not have a partner account, so it looks like a rider authed and that is the token you are using.

Privileged scopes not accessible

We are integrating the Uber API into an app that is still in the development phase and not quite ready to go through the privileged scope request process. The API documentation states that "During development, your account (and any developer accounts you list on the dashboard) will be able to authorize these [privileged] scopes without whitelisting."
However, it seems that we are unable to access these privileged scopes at the moment, even just for development purposes. Can someone help us understand why this might be the case? We have put together a document with screenshots and commands to help illustrate the issue, which we can share via email if someone from the Uber API team is kindly able to help. Thanks!
Further information:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
REQUEST:
https://sandbox-api.uber.com/v1.2/requests
-H ‘Accept-Language: en_US’
-H ‘Content-Type: application/json’
-H ‘Authorization: Bearer ’
Payload
{
"fare_id": "d30e732b8bba22c9cdc10513ee86380087cb4a6f89e37ad21ba2a39f3a1ba960",
"product_id": "a1111c8c-c720-46c3-8534-2fcdd730040d",
"start_latitude": 37.761492,
"start_longitude": -122.423941,
"end_latitude": 37.775393,
"end_longitude": -122.417546
}
RESPONSE:
Status: 401: Unauthorized
{
"message": "This endpoint requires at least one of the following scopes: request.delegate.tos_accept, request, request.delegate",
"code": "unauthorized"
}
As shown above the request API call is returning unauthorized status and appears to require Privileged Scope for accessing it.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The issue is that you need to authorize the privilege scopes by enabling them for your app in the dev dashboard and then passing them during the oauth authorize stage.

Uber GET requests 403

I am trying
curl -X GET -H "Authorization: Bearer <TOKEN>" "https://api.uber.com/v1.2/requests/<REQUEST_ID>"
and response is 403
{"message":"Forbidden","code":"forbidden"}
But the https://developer.uber.com/docs/riders/guides/scopes says that
The good news is you currently have access to these scopes when authorizing your own account or those of the developer accounts you list in your application dashboard (Limited Access). This allows you to start building an app immediately.
I've got token via OAuth using my own account
I've set param "scope=request" to https://login.uber.com/oauth/v2/authorize
And I've set "scope=request" when did https://login.uber.com/oauth/v2/token
Also I've trying to do request to https://sandbox-api.uber.com, it responds
{ "message": "cannot find trip", "code": "not_found" }
But I think it's ok, because sandbox doesn't contain my own account data, right?
Where is my fault could be?

How to programmatically publish to a facebook feed for a liked webpage?

I'm trying to get this to work: https://developers.facebook.com/blog/post/465/
Step 1: I'm getting an access token:
https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=myAppIdclient_secret=myAppSecret
Step 2: I'm posting via curl
curl -F 'access_token=myAccessToken' -F 'message=Hello World!' -F 'id=http://example.com' https://graph.facebook.com/feed
Where myUrl is say http://example.com
I am getting this error, does not resolve to a valid user ID:
{"error":{"message":"(#100) http:\/\/example does not resolve to a valid user ID","type":"OAuthException","code":100}}
Step 3: If I first post my url to the linter, and get its ID:
https://developers.facebook.com/tools/debug/og/object?q=http%3A%2F%2Fexample.com
https://graph.facebook.com/10150096126766188
curl -F 'access_token=myAccessToken' -F 'message=Hello World!' -F 'id=10150096126766188' https://graph.facebook.com/feed
Then I get 'The user hasn't authorized the application to perform this action' error:
{"error":{"message":"(#200) The user hasn't authorized the application to perform this action","type":"OAuthException","code":200}}
From the Facebook Graph API docs:
Most write operations require extended permissions[1] for the active user.
See the authentication guide[2] for details on how you can request extended
permissions from the user during the authentication step.
1 https://developers.facebook.com/docs/authentication/permissions
2 https://developers.facebook.com/docs/authentication/
Going by the blog post this is done via an app, for this to work the app needs the extended permissions 'publish_actions' and 'publish_stream' in order to make posts/comments/likes/links