I'm having an issue programmatically giving my business access to facebook pages of users on my app.
When a user logs into our application we request the following scopes: business_management, manage_pages, pages_show_list, publish_pages, pages_manage_posts, pages_manage_ads, pages_manage_metadata
After that we show an option to our users where they can give us permission to their facebook page so we can place ads, posts etc with our business systemuser.
The flow is a follows:
Retrieve facebook page token
Add our business as agency to the page with the ADVERTISE and ANALYSE tasks
Add our business system user to the page as assigned user with the ADVERTISE and ANALYSE tasks
For someone reason we are not allowed to add ourselves to the page in some situations. For some pages we get one of these errors:
type: OAuthException, code: 200, message: (#200) Permissions error, x-fb-trace-id: GoxbeoEWzwB [HTTP 403]
Type OAuthException, code 10, message: (#10) You do not have permission to perform this action. This action requires that you can MANAGE_PERMISSIONS on a managing business account. Or it requires that you can ADMINISTER on this object.
What am I missing here? The logged in user with the page token has PAGE_MANAGE rights. But for some reason we are unable to add our system user as user to the page
Related
I have a website which should list all the events from my facebook group. So I created a facebook dev account and created an app.
When I tried to get the data with the graph API explorer it worked, but the access token expired after a few hours. So I had to get a never-expiring access token.
I created a sytem user at the facebook business manager. With the system user I got a never-expiring access token but I couldn't get the event data anymore. Everytime I tried it I got this response.
"Unsupported get request. Object with ID 'xxxxxxxxxxxxx' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api"
I have the following permissions as system user:
read_insights, read_audience_network_insights, manage_pages, pages_manage_cta, pages_show_list, publish_pages, business_management
Why did it fail? Are the permissions correct?
Thanks for your help.
I'm trying to connect to a Facebook app that is requesting following permissions:
Access profile and posts from instagram business connected to your page
access insights for the instagram business connected to your page
** manage your pages**
show a list of pages you manage
access your page and app insights
The purpose of the app is to compile post and profile insight stats. If that is the case, why does it need "manage your pages" permission, which gives permission to manage/post/change my page settings?? Or is that legitimately needed just to analyze insights?
https://developers.facebook.com/docs/graph-api/reference/v2.12/insights#reading
Reading page insights requires a page access token, and the only way to get a page access token is to have a page admin grant manage_pages permission to the app first.
manage_pages is the baiscpermission to grant an app access to anything related to a page.
So yes, that an app that analyzes your page insight data asks for this permission, is legit. Of course you will have to trust it, that it won’t abuse it for anything else.
It won’t be able to post in your page’s name though, that would require publish_pages permission as well.
I am building my first facebook app and am facing a issue.
Task : Build a entirely server side application to be used by the admin of a facebook page to post videos/photos on the page. This should not involve having the admin to log in everytime to generate the user acess and page access token.
What I found : Based on the requirement, I found that app tokens can be used for this purpose. This line specifically hints at the usefulness.
App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application
I think that using this will be safe since mine is an entirely server side app.
Problem The docs say that:
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
will give the app token that can be used in place of user access token.
However, I have not been able to do so. Specifically the error encountered is
Error 200 .The user must have accepted the TOS. Since I have already tried publishing content with page access token, I know this is a permission issue.
The following line
a person who has granted an open graph publishing permission to your application.
does not clarify everything. I came across a related question, but the answers seem to be a bit vague.
It would be really great if someone could give me insights about how this can be achieved.
In order to post to a page, you need at least authorize with the manage_pages permission. If you want to post "as user", you need to add publish_actions and use a "User Access Token". If you want to post "as page", you need to add publish_pages and use a "Page Access Token".
Information about how to generate those Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
The error message with the TOS has been discussed a lot of times already, please go to those threads (or find a lot more with the search function):
(OAuthException) (#200) User must have accepted TOS on C# - Facebook
How come I get a "must have accepted TOS" error for test users with app installed?
facebook long term token "(#200) User must have accepted TOS"
Occassional (OAuthException - #200) (#200) User must have accepted TOS
You cannot post to a Page via an App Access Token. This is clearly stated in the docs at
https://developers.facebook.com/docs/graph-api/reference/v2.3/page/feed#publish
A user access token with publish_actions permission can be used to publish new posts on behalf of that person. Posts will appear in the voice of the user.
A page access token with publish_pages permission can be used to publish new posts on behalf of that page. Posts will appear in the voice of the page.
I'd recommend to use a eternal Page Acess Token, so there's no obligation to renew the User Access Token. Have a look at my answer here:
Post to a facebook page without "manage_pages" permission using php
See
https://developers.facebook.com/docs/facebook-login/access-tokens#pagetokens
I have a Facebook page (I'm the admin) and a Facebook app (I'm the developer) and through this app I want to post on this page.
Via https://www.facebook.com/dialog/oauth I'm trying to grant to my app the manage_pages permission of my page. But an error pops up:
"Some of the permissions below have not been approved for use by Facebook. Submit for review now or learn more."
If I click on "ok" I obtain the access token (and then the fb_exchange_token) but, as the pop up says, something goes wrong: the app isn't able to post on the page ("The user hasn't authorized the application to perform this action").
Why is this?
As mentioned in the comments, that error message states the user hasn't authorized to post (perform this action). You need to grant publish_actions and you need to use the page token to post to call as well.
I found the article very nice to introduction set extended permission required
(https://developers.facebook.com/docs/beta/authentication/#referrals)
but I go to Auth Dialog setting, the field required permission replaced users & friend permission. I can't see field required permission. please help me. thanks
You can set extended permissions required via your call to the show the login/authorize screen.
For Javascript SDK, it's the second parameter of FB.login(callback,scope).
For the Login social plugin it's the scope attribute.
For PHP SDK it will be
$params = array(
scope => 'read_stream, friends_likes',
redirect_uri => 'https://www.myapp.com/post_login_page'
);
$loginUrl = $facebook->getLoginUrl($params);
Per http://developers.facebook.com/docs/reference/api/permissions/ the extended permissions are:
read_friendlists Provides access to any friend lists the user created. All user's friends are provided as part of basic data, this extended permission grants access to the lists of friends a user has created, and should only be requested if your application utilizes lists of friends.
read_insights Provides read access to the Insights data for pages, applications, and domains the user owns.
read_mailbox Provides the ability to read from a user's Facebook Inbox.
read_requests Provides read access to the user's friend requests
read_stream Provides access to all the posts in the user's News Feed and enables your application to perform searches against the user's News Feed
xmpp_login Provides applications that integrate with Facebook Chat the ability to log in users.
ads_management Provides the ability to manage ads and call the Facebook Ads API on behalf of a user.
create_event Enables your application to create and modify events on the user's behalf
manage_friendlists Enables your app to create and edit the user's friend lists.
manage_notifications Enables your app to read notifications and mark them as read. This permission will be required to all access to notifications after October 22, 2011.
offline_access Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
publish_checkins Enables your app to perform checkins on behalf of the user.
publish_stream Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends. With this permission, you can publish content to a user's feed at any time, without requiring offline_access. However, please note that Facebook recommends a user-initiated sharing model.
rsvp_event Enables your application to RSVP to events on the user's behalf
sms Enables your application to send messages to the user and respond to messages from the user via text message
publish_actions Enables your application to publish user scores and achievements.
I don't think you can require extended permissions through that dialog, or by using the SDK as suggested above.
In previous versions of the PHP SDK the oauth dialog would return an error if the user did not approve all requested permissions -- this is no longer the case. As long as the user approves the basic permissions, any of the requested extended permissions can be unselected and the user is redirected without a warning or error. I hope that I'm wrong, but from reading the documentation and my own testing, I don't think I am.
From the same page of the documentation that you reference: https://developers.facebook.com/docs/beta/authentication/
"The updated Auth Dialog will display a set of user and friends permissions on the first dialog, and other extended permissions (if any) on a second dialog screen. User and friends permissions are non-revocable, while extended permissions can be revoked by clicking on the "X" next to each permission on the second dialog screen. Your app must be ready to handle each scenario (permissions granted, and revoked) properly."
IOW, if your app requires a specific permission your code must ensure that the user grants it.