I have integrated firebase on website and able to get the information.
Now need to validate the accessToken on server which is fetched from web.
1st Step
Generating access_token by using below api
https://graph.facebook.com/oauth/access_token?client_id=1234&client_secret=some_secret&grant_type=client_credentials
which gives below json
{
"access_token": "1234|some_secret_here",
"token_type": "bearer"
}
2nd Step
Now using the access_token fetched from 1st step. Need to fetch user details from facebook and also validate the accessToken fetched from website.
Using below api to do it.
https://graph.facebook.com/debug_token?input_token=accessToken_fetched_web&access_token=1234|some_secret_here
which results in
{
"data": {
"error": {
"code": 190,
"message": "Bad signature"
},
"is_valid": false,
"scopes": []
}
}
Not sure whats the issue. Can someone help me out to validate the accessToken & fetch the user details from Facebook
Related
I'm trying to perform a request in Microsoft Graph like this one with Postman
https://graph.windows.net/<Tenant>/users?api-version=1.6
For the Authorization, I'm using Bearer. I'm retrieving the token manually and decoding it here https://jwt.io/ That way I know that it's well formed and that it's not expired yet.
However, I'm getting the following error on the response:
{
"odata.error": {
"code": "Authentication_ExpiredToken",
"message": {
"lang": "en",
"value": "Your access token has expired. Please renew it before submitting the request."
}
}
}
What am I doing wrong?
You an try Get App-Only Access Token with the Microsoft Graph POST API:
https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
I am wondering how to verify the access token that facebook generates on login in my server? Also what information it contains
I followed this page and did this
https://graph.accountkit.com/v2.7/me/?access_token=
but when I put my token in it says it is invalid oauth token
when I use this one I found
https://graph.facebook.com/app?access_token=
it brings back
{
"category": "Lifestyle",
"link": "http://localhost:3333/",
"name": "testapp",
"id": "2"
}
I am not sure if that is valid enough. I was hoping it would bring back user data as well.
Edit
I am using this react plugin to do the facebook login it comes back with
accessToken: ""
email:""
expiresIn:4863
id: "" // think this is userId as it is the same numbr as UserId Field?
signedRequest:""
userID:""
There is wonderful tutorial how to use OAuth2 api to be authenticated by github. But if I want to use same api for facebook. I tried following and end up with error. So how can use OAuth2 api for facebook?
fb.client.id=79756xxxxxxxx
fb.client.secret=205adxxxxx
fb.redirect.url= "https://graph.facebook.com/oauth/access_token?client_id=%s&redirect_uri=%s&client_secret=%s&code=%s"
// eventually url is filled as
https://graph.facebook.com/oauth/access_token?toeken&client_id=797565xxxx&redirect_uri=http://localhost:9000/_oauth-callback&client_secret=email&code=e3887ea3-3319-4462-a3b1-xxxxx
// get this error
{
"error": {
"message": "Invalid verification code format.",
"type": "OAuthException",
"code": 100
}
}
Update after updating the request url as
fb.redirect.url="https://graph.facebook.com/oauth/authorize?client_id=%s&redirect_uri=%s"
I managed to get facebook's login prompt. After submitting fb credential my redirect url is called as
http://localhost:9000/_oauth-callback/?code=AQD72MtTesmEIoQty3c0ZTC3a211egWR0pvVcLGhb6lB2T6TslG7r99IouP6KbE4oDYCl7n0_imyI0zxe-8Nb2CUDsRN5pEyQ_Pk6JRwy0JRy3T27kbDJ9DRcr11NrDdlZtNK3tOe6kfTdVQm52YXMTF7L9Kq3N6z0ZIBbVxsizvWZ00kVUL2YkSdnh5mpx4ofKaTgd0pHNhE9X33mBdzS7Evu_R0yW8XqgZFfvEPFE3f1e9qdrbrhwHaj1kfZyk6NigDBpnyZ5CgtzFTDpLHZVKQXCWDNzfqMwlxYuV2amTJUEgq77_HzxnDD3njvU4dJK0lrpVrkimqMeldCFEHzbV#_=_
I don't know how to use this code = XXX. Don't even know what does this code mean? How can ask user public profile info after my redirect url is called? Please let me
In Graph API, if i make a request using a token generated by Graph API Explorer for the following query:
https://graph.facebook.com/v2.2/993673107328394
I get some results:
{
"id": "993673107328394",
"first_name": "Johann",
"last_name": "Gomes",
"link": "https://www.facebook.com/app_scoped_user_id/993673107328394/",
"name": "Johann Gomes",
"updated_time": "2015-01-19T16:00:34+0000"
}
But, when i use an App Access token, an exception is returned to me :
{
"error": {
"message": "Unsupported get request. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api",
"type": "GraphMethodException",
"code": 100
}
}
This is very strange because the only difference between user and app access tokens seems to be its valid time of use. Any ideas?
Thanks in advance!
It's all in the docs:
https://developers.facebook.com/docs/graph-api/reference/v2.2/user#readperms
There are a number of fields called the public profile which are with public_profile permission.
Fields that aren't part of the public profile must be be requested with an access token with the relevant 'Extended Profile' permissions.
The first bullet point indicates that you have to use a user access token.
https://developers.facebook.com/docs/facebook-login/using-login-with-games/
they claim the json object is
{
"oauth_token": "{user-access-token}",
"algorithm": "HMAC-SHA256",
"expires": 1291840400,
"issued_at": 1291836800,
"user_id": "218471"
}
but i got this
{
"algorithm": "HMAC-SHA256",
"code": "xxxxxx",
"issued_at": 1291836800,
"user_id": "218471"
}
Remark:
my app is in sand box mode
Permission: email; user_about_me; user_birthday; user_interests; user_location; user_games_activity
Does anybody know how to fix it?
Whenever someone has already logged into your game with Facebook
Login, the signed request will contain an oauth_token property that
gives you a token to use to make API calls.
you should be handling the login using JavaScript SDK not by the POST date that is sent on launching the canvas app.
IF you are disparate to get some info before he logs in you should exchanging code for an access token
To get an access token, make an HTTP GET request to the following OAuth endpoint:
GET https://graph.facebook.com/oauth/access_token?
client_id={app-id}
&redirect_uri={redirect-uri}
&client_secret={app-secret}
&code={code-parameter}
you use ajax with that to prevent page from refreshing .