If I request a PSID from the ASID enter code here via the ID Matching API, will it be guaranteed to exist?
I can't test it with a sandbox account, because obviously my account is linked to the page somehow.
But if a random user were to log in to my Page with Facebook and I try to grab a PSID with the ASID that I got from that login, will it be guaranteed to exist?
But if a random user were to log in to my Page with Facebook
They would be logging in to your website - not “page” as in Facebook page. PSIDs are only relevant in the latter context, for messaging between a user and a page.
You can only message users, who messaged your page first.
To encourage them to do that, there’s several plugins available: https://developers.facebook.com/docs/messenger-platform/discovery
Related
Our application runs multiple sites for multiple customers. One service we offer is to write and post social media for our customers. We also allow the customers to do posts themselves through the application admin.
In order to facilitate the non-automated posts for customers, one of our users has access to the pages of many customers through her Facebook login.
The problem comes if she uses our application to generate an auth token through the admin area of the customer's site.
The application sends its own appID and secret key to Facebook, and the user receives the Facebook login page.
However, she used to be able to choose which page/customer she wished to log in to. Now, once the login data is submitted, Facebook immediately sends a token back to the "return URL." There's no opportunity to choose which Facebook page the auth is for.
The token appears to be linked to the user's "main" page (which is a page of ours).
Obviously, we need to be able to say "I'm logging in to Facebook page X of the many pages I'm authorized for."
Just to be clear: this is not an issue regarding authorization for our application in general. It's the specific case when the Facebook login is attached to multiple pages.
Can anyone give me some advice, please, even if it's just a link to an appropriate spot in the API docs? I've had no luck searching them.
Thanks,
Tom
Edit: First, to the question about "multiple domains": perhaps I shouldn't have put that in the title, since it's not relevant to Facebook per sé,
We host many clients who obviously have many domains. They administer their site content through a CMS which can, among other things, work with Facebook. A client often has a Facebook page; so for us at least, there is often a one-to-one correspondence between a client's site/domain and her/his Facebook page.
When someone goes through the process in question, s/he is administering the site, but may be attempting to post to a Facebook page. And one of our in-house admins has access to many clients' Facebook pages.
So let me rephrase: the admin logs in to a client's site. She attempts to authorize our application to post to that client's page. Our application sends its id/key data to Facebook, and she is taken to the login page.
The question is, how do we let Facebook know that we are seeking authorization to post to one of the many accounts/pages she can access?
Thanks for the help.
As pointed out by CBroe in the comment, if you want to post as a page, you need to have a page access token of the page that you admin. Once you have granted manage_pages permission to the app, you can call the /me/accounts edge to get the list of all pages that you admin and their access tokens.
You can then use the page access token of the page to post on behalf of the page. Note: You will need publish_pages permission in addition to be able to post on behalf of the page. Permissions are documented here.
I have a website where users can log in with the Facebook oAuth API.
Once the user logs in or registers via Facebook it is stored in my database.
But what I'd like to achieve is, once the user goes to his Facebook application settings page and removes my website app permissions, the used should also be deleted from my database.
Is there any work around to this problem, if this is not possible via the Facebook oAuth API?
You can add Deauthorise Callback URL by Navigating to Settings > Advanced section of your application. Whenever a User Deauthorises your Facebook app, Facebook performs a HTTP POST of signed request to your URL. You may use the field user_id to determine which User has deauthorised your app.
Actually, I would do the following:
Add a date to his last log in to your site.
Have cron job check for old, unused accounts.
Send an email to the user's email address (or Facebook message mail) telling him his account is due to expire soon.
Delete account from database.
How can I get the Facebook user id when a user visits my website? I assume I need to read the Facebook cookie. How is that done?
The reason I want to grab the Facebook user id is I can then check my website's database to determine if the user has linked their Facebook account to my website and thus auto log them in.
I am assuming this is the key to how sites like Groupon are doing their auto log on.
You can't directly read the Facebook cookie, as that would violate various security features of cookies. What you're looking for instead is probably the Facebook login buttons. This should get you started: http://developers.facebook.com/docs/guides/web/#login
I am creating a website and I would like it to display the posts present on the wall of my own Facebook profile page. These posts must be visible to any user visiting my site.
Having read various articles online regarding the topic of the Facebook api, I had thought I had found the correct solution. The following steps are what I have done thus far:
Signed in as a developer on Facebook (I am only allowed a max of 2 URLs in the post hence I have ommitted the URL)
Set up a new app which gave me an App ID and an App Secret.
Generated my access token at the following URL:
https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&scope=offline_access&client_id=APP_ID&client_secret=APP_SECRET
Where APP_ID and APP_SECRET are the App ID and App Secret from step 2. I also added the 'scope' parameter and set it to 'offline_access' as I believe this is what would allow my website to access my Facebook wall information without needing me to be currently logged into Facebook.
When I access my test page at [http://pauldailly.javaprovider.net/danceclass][1] (I set this URL to be my 'site URL' when creating my app in step 2. Similarly, I set my 'Site Domain' to be the same as my site URL, without the '/danceclass'). I get the information message 'Paul Dailly has not shared any information' and it displays my Facebook profile image. I should point out that this test page is using the Facebook Wall jQuery plugin to make the call to facebook. I have supplied the plugin my facebook page's profile ID and the access token that I generated above.
My question is, do I need to take some extra step in order to allow my site to now access specific pieces of data from my Facebook account, such as my wall posts, now that I appear to have a valid access token?
First, a access token can expire in many ways,
1. Time.
2. When you log out.
3. When you change permission etc.
Second, yes you need different permissions from the user (even if the user is app admin) to retrieve different bit of information from his Facebook profile.
And also, make sure you construct meta tag currectly in your website, like putting og:admins, og:app_id etc. You have to supply the app_id when initiating the facebook (php/js)-sdk in your website too.
We have users that logged in to our website through Facebook Connect. Now we'd like to contact those users about changes as we indicated in the signup process, but we don't have their email addresses. Only their Facebook ids.
How can we contact them? I understand Facebook removed 3rd parties' ability to send notifications through Facebook's API. We can send them a message through the API either.
So I guess we're left with posting to their wall from a user account of ours. I assume there's a low limit to how often we're allowed to do that and is that even permitted? Or we can make an application request from this designated facebook user account which would show up in their notifications.
Finally, we could manually go to the user's profile page and then click the "send a message" button from our facebook user account... A lot of manual work and I assume this is frowned upon as well. Is there an easy way to find out the profile page URL from a Facebook id?
What's the best approach here where we don't break any rules?
If you are getting stream_publish extended permission in your profile then you can simply post on there wall see this http://developers.facebook.com/docs/reference/rest/stream.publish/
Alternatively this can be a better solution if the user do not granted any extended permission
http://developers.facebook.com/docs/reference/rest/livemessage.send/
you should get "offline_access" from the facebook user requests to post at anytime.