We are connecting to the FB API to retrieve an access token to be able to publish a post on the user FB page.
We request this permissions:
email, read_insights, pages_show_list, pages_read_engagement, pages_manage_metadata, pages_read_user_content, pages_manage_ads, pages_manage_posts, pages_manage_engagement, public_profile
When user first connects to their Facebook page the connection is ok and we get all the permissions, all great. However, when the same user tries to connect to a second page the first page access token loses all the permissions and it's left with:
email, read_insights, pages_show_list, public_profile
It seems Facebook remove the first page permissions after the second page permissions are granted.
Any ideas why this happens?
Related
I have an app in facebook, I'm trying to find the user of a specific comment but I can't get the from field to populate.
I have an Page Access token with these scopes
pages_show_list, pages_messaging, instagram_basic, instagram_manage_comments, pages_read_engagement, pages_manage_metadata, pages_read_user_content, pages_manage_engagement, public_profile
What am I missing here? Any help appreciated!
My application authenticates users via Facebook. It requests user token for permissions public_profile and user_photos.
One day I found that all registered users have only public_profile, and application have no access to their photos, because I did not get approve from Facebook for user_photos permission.
After all I got this approve, and tokens of new users logged in via Facebook have user_photos permission.
But legacy users have no, their tokens did not updated automatically to obtain additional user_photos permission.
Is there a way to refresh a Facebook token, without logout and login again?
You can´t just refresh a Token without user interaction, that would make the whole point of permission authorization pointless. You can just check for the granted permissions and call FB.login (if using the JS SDK) again if some permission is missing: https://developers.facebook.com/docs/graph-api/reference/user/permissions/
This may be interesting for you too: https://developers.facebook.com/docs/facebook-login/handling-declined-permissions/
I'm using a Facebook app (in development mode) to generate a page access token so that my personal web app can schedule/edit/delete posts on a Facebook fan page.
I'm using the Graph Explorer to generate the token while logged in as the admin of the fan page.
When I use that token, I'm able to GET a list of the scheduled posts, but whenever I try to edit or delete a post, I get this error:
"User does not have sufficient administrative permission for this action on this page."
Here is the debug of the token:
Any ideas on how to fix this?
Here according to the documentation
DELETING YOUR POST
These are the permissions you need in the scope of your token.
To delete a user's post, a user access token with publish_actions permission is required.
To delete a Page's post a Page access token and publish_pages permission is required.
To delete a User's post on Page a Page access token is required.
To delete another User's post on a Page-owned event the user_managed_groups permission is required.
UPDATING YOUR POST
A user access token with publish_actions permission.
SO you need publish_actions permission within the scope of your token.
Update 1
Also check here if you have the valid page role
I need to send private replies to page comments from my website. I am admin of the page and app.
Facebook's graph's api doc states following: "A Page access token with the read_page_mailboxes permission is required to create a message" but does not say, how to get the token with such permission.
I have tried tokens from "me/accounts", "/{page_id}?fields=access_token" and even generated 60 day access token from graph api explorer, but I get "OAuthException" with message "Requires read_page_mailboxes permission to manage the object". Any ideas?
To get a permanent Page Access Token with the additional permission 'read_page_mailboxes' you have to:
Generate a User Access Token with the permission 'read_page_mailboxes' for your app (use the Graph API Explorer) -> this generates a 24h User Access Token
Extend this User Access Token to "expires never" (using the Access Token Debugger)
Get a permanent Page Access Token with this User Access Token (using the Graph API Explorer on your Page Id)
See also:
facebook: permanent Page Access Token?
Note: You don't need to request this permission through developers.facebook.com/apps - "App Review" - "Submission" - "Add Items"
You need to ask the user for that permission during login, of course – like with any other permission.
It is the user (page admin), that grants this permission. Only after that is done, the page access token will “include” that permission.
I went through this wonderfull tutorial on Using App Access token. According to this post it says that:
If the user has not provided the appropriate permissions to publish on the user’s behalf, you will receive an error message. For example, if the user has not provided the publish_stream permission, the following error will be returned:
{
"error": {
"message": "(#200) The user has not granted the application the permission to automatically publish feed stories",
"type": "OAuthException",
"code": 200
}
}
Now is there any other way to post to a users wall who has not authorized the app?
My query is this:
I have two logins for my app, one Login with Email and other FB Connection. So a user may login with email or facebook to my app. If he logs in with facebook there is no problem at all as i have his access token. If he login with email , then i don't have his user access token, so in this case i want to use the App Access token to fetch the users friends and then allow him to post to friends wall [friends who are not a member of our app / not authorized our app].
there is no way to post to a user wall who has not authorized the app.
one possible soln:
you have to link up the user login via the email and fbID
stored the access token when the user accesses your app via fbID
if the user login via the email, then get the access token from local storage and use it for the posting.