I recently received task to extend existing web application functionality. I need to get users permission "pages_manage_posts" and use it to publish some posts(builded by users) at their feed by cron.
I've created test application(I am Admin) and trying to login using JS SDK function:
FB.login(function(loginResponse)
{
// ...
}, {
scope: 'pages_manage_posts'
});
But getting following error:
Invalid Scopes: pages_manage_posts. This message is only shown to developers. Users of your app will ignore these permissions if present. Please read the documentation for valid permissions at: https://developers.facebook.com/docs/facebook-login/permissions
Graph API v8.0
Am I missing something? I thought I can get any permission for test application without problems. Should I request this permission some other way?
Any help with that please.
Check your App Type. For exameple, if yours is Consumer type you can't request pages_* permissions. If you have a typed app, no need to re-create it. You may remove your App Type by going to App Dashboard > App Review > Permission and Features > Looking for additional permissions and features? and clicking the Remove App Type button. You can also check if the list includes the permission you want. If not, you can't request that with "scopes".
When you first create the app you are presented with a few choices, and for testing you could just choose the "Something Else".
Related
I have a Facebook page listed in Facebook NPI. I am an editor of that page. When I am trying to check the subscription/news messaging permission status programmatically using this api:
https://developers.facebook.com/docs/messenger-platform/reference/messaging-feature-review-api/?hc_location=ufi
I am getting the following permission error:
(#200) User does not have sufficient administrative permission for this action on this page. If the page business requires Two Factor Authentication, the user also needs to enable Two Factor Authentication.
But when Facebook page owner calls this API, it returns the status successfully.
Can anyone tell me why page editor is getting the permission error?
Guess that is simply considered a page management action you do not have access to using that “role”.
Roles have been replaced by Tasks by now, see https://developers.facebook.com/docs/pages/overview-1#tasks
The only difference in the tasks they can perform, between old Admin and Editor roles, was MANAGE - so I guess you will need to have a page admin approve your user account for that task on the page now first, if you want to be able to use this particular API.
I tried 2 way, one in the Facebook Developer site find permission request with this name, I couldn't find it.
add as a 4th parameter to the Facebook Login Button, it did not help
<FacebookLogin
appId={fbAppId}
autoLoad={true}
fields="name,email,picture,pages_show_list"
onClick={this.componentClicked}
callback={this.responseFacebook}
/>
Do you have any other idea?
The Facebook API works like this,
Development Mode: For development mode you can try to access pages which were associated with the account in which app created. So, that pages associated with that user can be accessible. You can retrieve the pages using following link,
https://developers.facebook.com/docs/graph-api/reference/user/accounts/
Live mode: In case of live mode you need to create a video of snapshot using your development mode functionality and get "pages_show_list" permission approved. Then you can access the pages details associated with authenticated users.
For login button you can try like this,
fb:login-button size="large" scope="public_profile,email,pages_show_list,read_insights,manage_pages" onlogin="checkLoginState();"
which gives you token and use that token to get pages associated with user account.
If you are using the js SDK of Facebook then there is an option to ask permission through SDK functions.
FB.login(function(response) {
// handle the response
}, {scope: 'public_profile,email,..other persmissionlist'});
Note:-
Use this concept only when your app is in the testing phase and
wants to create a request for permission in App Review or there are
some permissions enabled but you want only a few.
Use this approach with Test users only.
Reference link:-
https://developers.facebook.com/docs/facebook-login/web#re-asking-declined-permissions
Earlier today, the Facebook login flow of our web application stopped working for some users. When we try to fetch the current profile, an error is returned. It claims that the access token we just generated by redirecting the user to the OAuth login flow has been rejected.
The reason given is:
The access token is invalid since the user hasn't engaged the app in longer than 90 days
To me, this makes no sense since we do not store the access token anywhere except for the current session and recreate it every time the user logs in with Facebook.
The stacktrace from Spring Social for the GET /me call looks like this:
ERR c.s.f.v.resource.AuthenticationResource Exception when connecting with Facebook
org.springframework.social.RevokedAuthorizationException: The authorization has been revoked. Reason: The access token is invalid since the user hasn't engaged the app in longer than 90 days.
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleFacebookError(FacebookErrorHandler.java:85)
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleError(FacebookErrorHandler.java:59)
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:775)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:728)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:702)
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:350)
at org.springframework.social.facebook.api.impl.FacebookTemplate.fetchObject(FacebookTemplate.java:220)
at org.springframework.social.facebook.api.impl.FacebookTemplate.fetchObject(FacebookTemplate.java:215)
The issue is probably related to changes in the Facebook API, but I do not see how this affects the short lived access tokens we create on every login.
I ran into this issue when our integration tests logged in with a test user - the following JSON came back from the Graph API:
{
"error": {
"message": "The access token is invalid since the user hasn't engaged the app in longer than 90 days.",
"type": "OAuthException",
"code": 190,
"error_subcode": 493,
"fbtrace_id": "F/1z2AsTRx8"
},
"timestamp_microsecond": "2018-05-30 11:22:01.353949"
}
That was a bigger problem as our test users don't "engage" with the app as such. To fix this I had to:
Log into the FB developer site
Find the app in question
Look under Roles -> Test Users to find the right user
Click on the Edit button for the user and then click "Login as this test user"
Once I'd logged in, go to Settings -> Apps & Websites
Find the App in the "Expired" tab for apps the user had not interacted with for longer than 90 days
Click the "View & Edit" button on the expired app
Click "Renew Access" in the popup
Once I'd done all those steps my test user (and integration tests) worked again.
facebook responses:
Thanks for getting in touch. This is actually a known issue that we
are already tracking in another bug report.
I'm going to merge your report with the existing one, so we can deal
with the issue in one place. Please refer to this thread for updates:
http://developers.facebook.com/bugs/194772814474841/
My temporal solution was to use JS SDK, it is working correctly in my case...
Update:
The issue seems to have just been fixed by Facebook.
I filed a bug with Facebook and they are currently (5/3/18) working on a resolution.
There are several workarounds suggested here and in the bug comments. To summarize:
Add a new permission that you previously didn't ask for to force re-authorization
Catch the error and re-authorize the user manually via auth_type=reauthorize
Switch to JS SDK and use client-side login
I'm going for solution #2 as it seems to be the most straight-forward way.
I have found this link in FB docs:
Refreshing User Access Tokens
Which mentions that after 90 days users must re-establish their token, so in case of such error we should just redirect the user to register again.
They even mention that they remove tokens of non-active users in the top of this doc. Maybe they did a mistake and removed all users tokens.
Anyhow the solution is to redirect users to resubscribe.
The bug persist according to discussion
According to a user's comment of mentioned discussion, we revoked permissions of every user of our app and it worked. For this we used next graph api endpoint. We had to persist the users' facebookIDs.
Regards
TEMPORARY SOLUTION
For iOS you need to change SDKs code to support "reauthorize". In order to change source code you will need to download it using CocoaPods. Then copy the following functions over pods:
https://github.com/mavris/FacebookFix
Add Permission Code in your App
Likes
Android :
fbLoginButton.setReadPermissions(Arrays.asList(EMAIL));
IOS:
loginButton.readPermissions = #[#"public_profile", #"email"];
I'm trying to call
/v2.9/{comment-id}/private_replies
(https://developers.facebook.com/docs/graph-api/reference/v2.9/object/private_replies) but always get the following error:
(#200) Requires read_page_mailboxes permission to manage the object
I'm using a test version of the app. The user submitting the comment is an administrator of the app. From my understanding, if the user is an administrator, the permissions wouldn't need to go through the review process just for testing/developing? read_page_mailboxes is not yet a confirmed permission for the app.
Any ideas what the problem could be?
Answering my own question: The problem in the end was that the access token didn't include the read_page_mailboxes permission. I had to manually create a page access token that includes it.
I initially created the token here: https://developers.facebook.com/apps/{APP-ID}/messenger/ but that doesn't seem to add the necessary permission.
See here on how to create a permanent page access token: https://stackoverflow.com/a/43570120/769726
The permission doesn't need to be approved by Facebook while you're still in development.
I was creating a facebook application and a security prompt came up which asked me to verify my mobile number and email. Unfortunately the mobile number was an old one and the email was my old university one (bad foresight..) which has expired.
Facebook are suspicious of new accounts developing facebook applications because they believe people are making the accounts for the sole purpose, so my only opportunity is to use my friends account to re-register my app.
I have registered the app and taken the new app id and secret and put them into my application config.php file. However the below error is appearing:
"Fatal error: Uncaught OAuthException: An active access token must be used to query information about the current user. thrown in C:\xampp\htdocs\MY FOLDER NAME\fb\base_facebook.php on line 1028"
I have replaced every instance of where my app id and secret were used to I don't understand what could be difference between the two...
Any thoughts?
The access token error will be shown when you are trying to access certain information which is not readily accessible without getting access to that user's access token. Thus this does not look like a appid config issue. Try the graph api explorer tool to see if the request goes through
https://developers.facebook.com/tools/explorer
Also you seem to be using Facebooks test code , you can also test it with some basic Facebook javascript sdk code from here
https://developers.facebook.com/docs/reference/javascript/
Also there is getting started code here for php
https://developers.facebook.com/docs/appsonfacebook/tutorial/#auth
Try and see if these work for you that will confirm whether the appid is issue or not.