I keep getting the error message:
{message: '(#200) Provide valid app ID', type: 'OAuthException', code: 200,...
I can get the HTTP Get response with curl and by entering the URL, but when trying to use the exact same url in the Javascript SDK, i am getting the error told before.
Following is my JS script.
var pageAccessToken = 'APP_ID|CLIENT_ID';
$(document).ready(function() {
$.ajaxSetup({ cache: true });
$.getScript('https://connect.facebook.net/en_US/sdk.js', function(){
FB.init({
appId : 'APP_ID',
xfbml : true,
version : 'v13.0'
});
FB.getLoginStatus(function(response){
FB.api(
'/instagram_oembed',
'GET',
{"url":"https://graph.facebook.com/v13.0/instagram_oembed?url=INSTAGRAMURL&access_token=" + pageAccessToken},
function(response) {
console.log(response);
InstagramPage.innerHTML = response.html;
}
);
console.log(response);
});
});
});
Any ideas?
My app is live (I can get the correct information from HTTP Get)
EDIT:
As CBroe said i changed my code to the following and it now works.
FB.getLoginStatus(function(response){
FB.api(
'/instagram_oembed',
'GET',
{
"url":"INSTAGRAMURL",
access_token: pageAccessToken
},
function(response) {
console.log(response);
InstagramPage.innerHTML = response.html;
}
);
console.log(response);
});
});
So having both the parameters inside the {} works. I originally tried with 2 {}, which didn't work.
However, CBroe, as can be seen in facebook docs: https://developers.facebook.com/docs/facebook-login/guides/access-tokens
I can use the Client_ID in javascript.
Addition - After i wrote it in PHP (with the PHP SDK for facebook), to resolve having the Client ID readable in JS:
<?php
require_once __DIR__ . '/assets/src/Facebook/autoload.php'; // change path as needed
$fb = new \Facebook\Facebook([
'app_id' => 'APP-ID',
'app_secret' => 'APP-Secret',
'default_graph_version' => 'v13.0'
//'default_access_token' => '{access-token}', // optional
]);
/* PHP SDK v5.0.0 */
/* make the API call */
try {
// Returns a `Facebook\FacebookResponse` object
$response = $fb->get(
'/instagram_oembed?url=INSTAGRAMURL',
'APP-ID|APP-ID_or_Client-ID'
);
} catch(Facebook\Exceptions\FacebookResponseException $e) {
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
$Node = $response->getDecodedBody();
echo <<< EOF
<div class=""InstagramResults">
EOF;
print_r($Node["html"]);
echo <<< EOF
</div>
EOF;
?>
´´´
You are trying to send a instagram_oembed endpoint URL, to the instagram_oembed endpoint. The url parameter should only be the INSTAGRAMURL.
And if you have to pass a different access token than what the SDK will use internally, then that needs to be passed as an additional parameter to the endpoint.
Note that you should not expose your client_id (actually, the app secret) in publicly available client-side code ever though. Everyone could steal it from there, and would have a valid app access token for your app.
Related
I have wordpress 4.1 with the following plugin installed:
iThemes Security
WordPress SEO
I plugged in a function the facebook sdk.
This is the code:
//Footer
add_action('wp_footer', 'my_footer');
function my_footer() {
$post_to_check = get_post(get_the_ID());
if ( is_singular() && has_shortcode( $post_to_check->post_content, 'myshortcode' ) ) {
?>
<script>
var DEBUG = true;
jQuery(document).ready(function($){
$.ajax({
type : "POST",
url : "index.php",
data : { action : "value" },
success : function(response){
// the server has finished executing PHP and has returned something, so display it!
if(DEBUG){ console.log('AJAX done...'); }
}
});
});
</script>
<?php
}
}
//ajax
add_action('init', 'my_request');
function my_request() {
if ( isset($_POST['action']) && $_POST['action'] == 'value' ) {
session_start();
require_once __DIR__ . "/sdk/autoload.php";
use Facebook\FacebookSession;
use Facebook\FacebookRequest;
use Facebook\GraphUser;
use Facebook\FacebookRedirectLoginHelper;
use Facebook\FacebookSDKException;
$app_id = getAppId();
$app_secret = getAppSecret();
$rdr_fb_url = curPageURL();
$required_scope = 'public_profile, email';
if(empty($app_id) || empty($app_secret))
exit('Error.');
FacebookSession::setDefaultApplication($app_id , $app_secret);
$helper = new FacebookRedirectLoginHelper($rdr_fb_url);
try {
$session = $helper->getSessionFromRedirect();
} catch(FacebookRequestException $ex) {
// When Facebook returns an error
die(" Error : " . $ex->getMessage());
} catch(\Exception $ex) {
// When validation fails or other local issues
die(" Error : " . $ex->getMessage());
}
var_dump($session);
if ($session){
$user_profile = (new FacebookRequest($session, 'GET', '/me'))->execute()->getGraphObject(GraphUser::className());
echo 'Hi'.$user_profile->getName();
}else{
//display login url
$login_url = $helper->getLoginUrl( array( 'scope' => $required_scope ) );
}
?>
<div class="login">
Login
</div>
<?php
exit();
}
}
Works fine if i use this outside of wordpress.
In wp var_dump($session); retrive always null. (no error given) Even after accepting the terms of the application. it is as if he could not get the code in the url.
I also tried to disable the plugin, but nothing.
I need php, please don't tell me to use javascript.
Sorry for my bad english :P
Edit:
I use the permalink:
http://www.myste.com/%year%/%monthnum%/%postname%/
I think the problem is the rewrite rule that hide a facebook get.
Solved: I entered the code outside of the ajax call, in function my_footer() {
I'm currently developing my first facebook application. I have a problem with the setExtendedAccessToken() function in combination with FB.Event.subscribe('auth.login').
My js-code looks like this:
window.fbAsyncInit = function() {
// init the FB JS SDK
FB.init({
appId : 'XXX', // App ID from the App Dashboard
channelUrl : 'http://domain.tld/app/channel.php', // Channel File for x-domain communication
frictionlessRequests: true,
cookie: true,
xfbml: true
});
FB.Event.subscribe('auth.login', function(response) {
$('#loginSpinner').show();
$('#loginFacebook').hide();
window.location = "http://domain.tld/app/?first_login";
});
};
The auth.login event should only trigger on the first login of the user.
This PHP Codes should also only trigger on the first login:
// triggers on first login
if (isset($_GET['first_login'])) {
if ($me) {
$facebook->setExtendedAccessToken();
$friends = $facebook->api('/me/friends');
$friends = $friends['data'];
if (!empty($friends)) {
//sql
}
$permissions = $facebook->api("/me/permissions");
if( array_key_exists('publish_actions', $permissions['data'][0]) ) {
$attachment = array(
'message' => 'XXX',
'name' => 'XXX - App',
'link' => 'http://domain.tld/app/',
'description' => 'XXX',
'picture'=> 'http://domain.tld/app/img.jpg',
'access_token' => $facebook->getAccessToken()
);
$facebook->api('/me/feed', 'POST', $attachment);
//sql
}
}
header('Location: http://domain.tld/app/');
exit;
}
The problem is an infinite loop which will always call the auth.login, because setExtendedAccessToken() will destroy the current session and facebook will login the user to my app automatically.
Is there a way to trigger auth.login only once? When I set setExtendedAccessToken() as a comment
// $facebook->setExtendedAccessToken();
my site only redirects the users once as it should be. But I need the extended login for my app.
My previous question: My WebApp (using facebook login) logs me out
Well then why don't you do this:
FB.Event.subscribe('auth.login', function(response) {
//it will only redirect if the token expires in less than 02h13m20s
if(response && response.authResponse.expiresIn < 8000){
$('#loginSpinner').show();
$('#loginFacebook').hide();
window.location = "http://domain.tld/app/?first_login";
}
});
I'm trying to get the Facebook user (current user) an U´m using the code:
$app_id = "xxx";
$app_secret = "yyy";
//** Get user information
//Create our application instance.
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
));
// Get User ID
$user = $facebook->getUser();
// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');....
// The $user_profile = $facebook->api('/me'); line throw an exception:
'message' => string 'An active access token must be used to query
'information about the current user.' (length=80)
'type' => string 'OAuthException' (length=14)
'code' => int 2500
Why?
It seems you did not go through the OAuth 2.0 authentication/authorization process as described at Authentication.
There are some examples there explaining how to do this. I am also using the PHP SDK but I chose to do the authentication through JavaScript on the client side which was easier for me. However, both approaches are explained in the documentation.
Updated: I use this code which is a combination of PHP and JavaScript, which works great for me. The only thing that isn't handled correctly here (AFAIK) is when a user reaches the application when he is not logged in to Facebook, that is, he reaches the application directly through the URL and not through Facebook. In that case a blank page is shown instead of a notification and a login button or something.
Anyway, this is my index.php in which I pass vars from my config.inc.php such as the success (application main page) and failure pages (user didn't grant perms) to JavaScript:
<?php
require 'include/config.inc.php';
//Check whether Facebook OAuth mechanism called back to this script with access_token or error
if (isset($_GET['expires_in']) && $_GET['expires_in']>0)
{
header('Location: '.$appname_canvasPage.$appname_successPage);
exit;
}
else if (isset($_GET['error']))
{
//echo 'querystr: '.$_SERVER['QUERY_STRING'];
header('Location: '.$appname_canvasPage.$appname_failurePage);
exit;
}
else
{
require 'include/header_metadata.inc.html';
?>
</head>
<body>
<div id="fb-root"></div>
<script>
var appname_canvasURI = '<?php echo $appname_canvasURI; ?>';
var appname_canvasPage = '<?php echo $appname_canvasPage; ?>';
var appname_successPage = '<?php echo $appname_successPage; ?>';
var appname_failurePage = '<?php echo $appname_failurePage; ?>';
var appname_fbPerms = '<?php echo $appname_fbPerms; ?>';
var appname_appid= '<?php echo $appname_appid; ?>';
window.fbAsyncInit = function()
{
FB.init({
appId : appname_appid, // App ID
channelUrl : appname_canvasPage+'/channel.html', // Channel File
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
oauth : true, // enable OAuth 2.0
xfbml : true // parse XFBML
});
// Additional initialization code here
FB.getLoginStatus(function(response)
{
//console.log('getLoginStatus response: ',response);
if (response.authResponse)
{
//user is already logged in and connected
facebookCheckPerms(); // ensure all requires perms are available and if not request them
}
else
{
//app is not authorized or user is logged out
facebookOAuthRedirect();
}
});
};
// Load the SDK Asynchronously
(function()
{
var e = document.createElement('script');
e.type = 'text/javascript';
e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
//e.src = "http://static.ak.fbcdn.net/connect/en_US/core.debug.js";
e.async = true;
document.getElementById('fb-root').appendChild(e);
}());
function facebookCheckPerms()
{
var hasReqPerms=true;
FB.api(
{
method: 'fql.query',
query: 'SELECT '+appname_fbPerms+' FROM permissions WHERE uid=me()'
},
function(response)
{
for(var key in response[0])
{
if(response[0][key]==0)
{
hasReqPerms=false;
}
}
if (hasReqPerms==false)
{
// user does not have required permissions, do OAuth 2.0 redirect to get permissions
facebookOAuthRedirect();
}
else
{
// user has required permissions, start the app.
//console.log('checkperms: user has required permissions, start the app');
top.location.href = appname_canvasPage+appname_successPage;
}
});
}
function facebookOAuthRedirect()
{
var redirectURL = 'https://www.facebook.com/dialog/oauth/?client_id='+appname_appid+'&scope='+appname_fbPerms+'&redirect_uri='+encodeURIComponent(appname_canvasURI)+'&response_type=token';
//console.log('redirectURL: '+redirectURL);
top.location.href = redirectURL;
}
</script>
<?php
}
?>
</body>
</html>
I am using FB.ui to authorize with application Facebook tab using simple:
FB.init({
appId : '<%= Facebook::APP_ID %>',
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true, // parse XFBML
channelUrl : 'http://<%= request.host_with_port %>/channel.html', // Custom Channel URL
oauth : true //enables OAuth 2.0
});
FB.ui({
method: 'oauth'
},
function(response) {
// do some redirect stuff here
});
Authorization goes fine, but even when user confirms the application, the relevant fbsr_xxxxx cookie is not set. Is there any way to force it? Response object contains user_id, but I would rather use the standard flow with signed_request.
I'm having the exact same issue. There seems to be no way to get the access token without refreshing the page other than using FB.login, which pops out a new window.
What you may want to do is make an ajax call to another page to return the access token after the FB.ui response:
FB.ui({
method: 'oauth'
},
function(response) {
if(response.session){
$.get('return_token.php', function(response){
var access_token = response;
alert(access_token);
})
}
});
return_token.php:
<?
$config = array(
'appId' => $app_id,
'secret' => $secret
);
$facebook = new Facebook($config);
try {$access_token = $facebook->getAccessToken();}catch(FacebookApiException $e) {
$result = $e->getResult();
echo json_encode($result);
}
echo $access_token;
?>
I have the following script which works, i.e. it goes to the facebook login page if the user is not already logged in, and asks them if they are ok with the app to post messages on their wall:
<?php
require 'facebook.php';
$facebook = new Facebook(array(
'appId' => 'removed for security reasons',
'secret' => 'removed for security reasons',
'cookie' => true,
));
$session = $facebook->getSession();
if ($session) {
if (isset($_GET[id])) {
$post = $facebook->api("/" . $_GET['id'] . "/feed", "POST", array('message' => 'Hello!'));
echo 'A message has been posted on your friends wall';
} else {
$friends = $facebook->api('/me/friends');
foreach ($friends as $key=>$value) {
echo 'You have ' . count($value) . ' friends<br />';
foreach ($value as $fkey=>$fvalue) {
echo 'friend id = ' . $fvalue[id] . ' - friend name = ' . $fvalue[name] . ' - post message<br />';
}
}
}
} else {
$loginUrl = $facebook->getLoginUrl(array(
'req_perms' => 'publish_stream',
'next' => 'http://'.$_SERVER['SERVER_NAME'].'/stage1.php',
'cancel_url' => 'http://'.$_SERVER['SERVER_NAME'].'/cancel.php',
));
header('Location: '.$loginUrl);
}
?>
How can this be improved so it does not ask for extended permissions in the start. It should only ask for basic permissions to display the friends list, and only ask for extended permissions if the user clicks on the friend to post a message.
Here's a rewrite of your code, with what I think are best practices:
<?php
require 'facebook.php';
$facebook = new Facebook(array(
'appId' => 'removed for security reasons',
'secret' => 'removed for security reasons',
'cookie' => true,
));
$session = $facebook->getSession();
// Prepare the login url with the right permission
$loginUrl = $facebook->getLoginUrl(array(
'req_perms' => 'publish_stream',
'next' => 'http://'.$_SERVER['SERVER_NAME'].'/stage1.php',
'cancel_url' => 'http://'.$_SERVER['SERVER_NAME'].'/cancel.php',
));
if ($session) {
try {
// Before processing the request
// check if we got the right permission
$perms = $facebook->api(array(
"method" => "fql.query",
"query" => "SELECT publish_stream FROM permissions WHERE uid=me()"
));
if($perms[0]['publish_stream']==='1') {
// We have the right permission
if (isset($_GET['id'])) {
// A small security measure
$id = (int) $_GET['id'];
$post = $facebook->api("/$id/feed", "POST", array('message' => 'Hello!'));
echo 'A message has been posted on your friends wall';
} else {
$friends = $facebook->api(array(
"method" => "fql.query",
"query" => "SELECT uid,name FROM user WHERE uid IN (SELECT uid2 FROM friend WHERE uid1=me())"
));
foreach($friends as $friend)
echo "friend id = {$friend['uid']} - friend name = {$friend['name']} - post message<br />";
}
} else {
// We don't have the right permission
header('Location: '.$loginUrl);
}
} catch (FacebookApiException $e) {
error_log($e);
}
} else {
header('Location: '.$loginUrl);
}
?>
How to check for a permission is explained here. Also I've added comments to save writing an explanation.
Quickly, there is something I want to point out regarding the following block of code:
foreach ($friends as $key=>$value) {
echo 'You have ' . count($value) . ' friends<br />';
foreach ($value as $fkey=>$fvalue) {
echo 'friend id = ' . $fvalue[id] . ' - friend name = ' . $fvalue[name] . ' - post message<br />';
}
}
Your 1st foreach loop is really misleading and not good practice at all. The Graph API isn't overly consistent in how it presents data, but the reason you are doing the foreach is to deal with the data key in the JSON object that is returned. This is generally a bad idea, because that data key is typically present along with other keys (like paging). Instead, I would check to see that $friends['data'] is not empty, and then re-assign the $friends array like so: $friends = $friends['data'];.
Example:
if (!empty($friends['data']))
{
$friends = $friends['data'];
}
else
{
$friends = array();
}
now, for your question.
You mentioned that you don't want to over-ask for permissions. That's a great thing to want, but the problem with it is that Facebook doesn't make it exceedingly easy to check for which permissions you do have or do not have. There is an FQL table that allows you check if your user has a certain set of permissions, but this table doesn't get updated with any kind of urgency. If you obtain extra permissions from a user (or if a user retracts permissions) and you then check this FQL table for the status of the permission, it can (and probably will) read the incorrect value and you will get a false positive.
You have three options to deal with this, that I can think of right off the top of my head.
Continue on your stage1.php code, as you are - there's nothing wrong with the way you're obtaining the installation and the session for the user there. You change page 2 to redirect your user through the OAuth endpoint requesting the publish-stream permission every time the user loads the page. The OAuth endpoint will not re-prompt the user to install, and will send them on their way.
The cons with this approach is, every request to post to a friends' wall turns into 3 requests.
The initial page load
The OAuth redirect / load
The redirect from OAuth back to your application
This approach also requires that you add a flag to your next key in your loginURL, which you can look for to make sure the user went through the OAuth endpoint, otherwise you're going to get an infinite redirect error.
Utilize the FB Javascript SDK to check for your users' current set of permissions. To do this, you'll utilize the FB.getLoginStatus method.
Example:
<div id="fb-root"></div>
<script src="http://code.jquery.com/jquery-1.5.2.min.js"
type="text/javascript" charset="utf-8">
</script>
<script src="http://connect.facebook.net/en_US/all.js"
type="text/javascript" charset="utf-8">
</script>
<script type="text/javascript">
(function($)
{
FB.init({
appId: '<?= FB_APP_ID; ?>',
cookie: true,
status: true,
xfbml: true
});
$('a').click(function(event)
{
var self = this;
event.preventDefault();
FB.getLoginStatus(function(session)
{
if (session.perms.match(/\"publish_stream\"/))
{
/* This user has publish stream, so we don't need
* to ask again
**/
window.location = $(self).attr('href');
}
else
{
/* This user does not have publish stream, so we need
* to ask.
**/
FB.login(function(response)
{
if (response && response.perms.match(/publish_stream/))
{
/* We now have publish stream access! */
window.location = $(self).attr('href');
}
}, {
perms: 'publish_stream'
});
}
})
return false;
})
})(jQuery);
Don't utilize any extended permissions, use the Javascript SDK (again) and give the user a publish-dialog for each user they would like to publish on the wall of. This is a relatively easy thing to do, also.
Example:
given your links for users:
Friend 1
Friend 2
Friend 3
You can do something like this:
<div id="fb-root"></div>
<script src="http://code.jquery.com/jquery-1.5.2.min.js"
type="text/javascript" charset="utf-8">
</script>
<script src="http://connect.facebook.net/en_US/all.js"
type="text/javascript" charset="utf-8">
</script>
<script type="text/javascript">
(function($)
{
$('a').click(function(event)
{
var user_id = $(this).data('id');
FB.ui({
method: 'feed',
message: 'Hello!',
to: user_id
}, function(response)
{
//this gets called whether it was successful, or not.
})
});
})(jQuery);