Since today when I try to get the share count the answer is :share field is deprecated for versions v2.9 and higher.
Ex with : https://graph.facebook.com/?id=https://stackoverflow.com&fields=share
Without &fields=share the json content is displayed but without the share value.
I need to get the share count Facebook from an url.
The API has changed indeed.
It should be like this.
https://graph.facebook.com/?id=https://stackoverflow.com&fields=engagement&access_token=user-access-token
You need an access token. If you have a Facebook, go to https://developers.facebook.com/ and make an app.
Graph API Explorer
Then click "Graph API Explorer".
Get Token
and "Get Token" (Get App Token). That's it.
If you use JavaScript for a count, it's will be something like this.
// split('#')[0] : Remove hash params from URL
const url = encodeURIComponent( window.location.href.split('#')[0] );
$.ajax( {
url : '//graph.facebook.com/?id=' + url + '&fields=engagement&access_token=user-access-token',
dataType : 'jsonp',
timeout: 5000,
success : function( obj ) {
let count = 0;
if ( typeof obj.engagement.reaction_count !== 'undefined' ) {
count = obj.engagement.reaction_count;
}
// do something with 'count'
},
error : function() {
// do something
}
} );
There are other count types such as comment_count and share_count.
See https://developers.facebook.com/docs/graph-api/reference/v3.2/url
Is there any way to receive a count without sending an access token?
I wanna know that myself lol
UPDATE:
Thanks to Anton Lukin.
Yeah. I shouldn't show an access token. It must be hidden. I feel very foolish.
So now quick's answer. This really works without the token!
My final (I hope will be final) answer is like this.
// split('#')[0] : Remove hash params from URL
const url = encodeURIComponent( window.location.href.split('#')[0] );
$.ajax( {
url: '//graph.facebook.com/?id=' + url + '&fields=og_object{engagement}',
dataType : 'jsonp',
timeout: 5000,
success : function( obj ) {
let count = 0;
try {
count = obj.og_object.engagement.count
} catch (e) {
console.log(e)
}
// do something with 'count'
},
error : function() {
// do something
}
} );
One point here is that when nobody has ever shared the targeted page, 'og_object.engagement' isn't even defined.
I thought I'd get 0 as a return valule. But that's not the case.
So let's use try-catch.
Now my only concern is API Limits. If your site gets a lot of pageviews, this updated version may not work..
If you do not want use access token or nginx proxy solution, see https://stackoverflow.com/a/45796935/2424880:
You can use the query
https://graph.facebook.com?id=<your-url>&fields=og_object{engagement}
The answer will be
{
"og_object": {
"engagement": {
"count": 197,
"social_sentence": "197 people like this."
},
"id": "895062470590407"
},
"id": "<your-url>"
}
UPDATE 2021: You need access token for this request. You can get temporary access token in Graph API Explorer or generate it with your custom app
Since you can't display your access token on front-end, I suggest you to proxy requests with nginx, hidding your access_token on your server.
You need an access token. Navigate to https://developers.facebook.com/ and make an app.
Go to Graph explorer and copy the token. To obtain permanent token follow this short guide
Add custom rule to your nginx config
http {
...
# Optional: set facebook cache zone
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=facebook:100m inactive=60m;
...
}
server {
server_name example.org;
...
location /facebook {
# Optional: don't log requests
access_log off;
log_not_found off;
# Allow get shares only for single domain (remove condition to allow all domains)
if ( $arg_id ~ "^https://example.org/" ) {
set $args"${args}&access_token=your_access_token_here";
}
# Set dns resolver address (you can change it with any dns server)
resolver 1.1.1.1;
proxy_pass https://graph.facebook.com?$args;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Optional: add cache for 30 minutes
proxy_ignore_headers Expires;
proxy_ignore_headers Cache-Control;
proxy_cache facebook;
proxy_cache_valid any 30m;
proxy_cache_key $host$uri$is_args$arg_id;
}
...
}
Now you can make response replacing graph.facebook.com with your custom domain.
Before:
https://graph.facebook.com/?fields=engagement&callback=FB.Share&id=https://example.org/&access_token=your_access_token
After:
https://example.org/facebook?fields=engagement&callback=FB.Share&id=https://example.org/
Pay attention to facebook api limits. If you have a large number of requests you can try to use page token. For each engagement user to your page you can make 4800 requests to graph api per day.
If you have app in facebook, its very simple without login, you can get it.
https://graph.facebook.com/?id={URL}&fields=engagement&access_token={your-app_id}|{your-app_secret}
Response will be like :
{
"engagement": {
"reaction_count": 36,
"comment_count": 2,
"share_count": 20,
"comment_plugin_count": 3
},
"id": "https://www.example.com"
}
Ref : https://developers.facebook.com/docs/facebook-login/access-tokens
Related
I'm using the Ambassador OAuth2 Filter to perform OAuth2 authorization against Keycloak.
For the logout I use the the RP-initiated logout as described in the Docs of Ambassador
The logout works fine. However I could not figure out how to provide the redirect url needed for Keycloak to redirect to the Login page after successfully logged out. As a result the user stays on the blank logout page of keycloak.
The RP-initiated logout looks as follows
const form = document.createElement('form');
form.method = 'post';
form.action = '/.ambassador/oauth2/logout?realm='+realm;
const xsrfInput = document.createElement('input');
xsrfInput.type = 'hidden';
xsrfInput.name = '_xsrf';
xsrfInput.value = getCookie("ambassador_xsrf."+realm);
form.appendChild(xsrfInput);
document.body.appendChild(form);
form.submit();
I expected that Ambassador provides a way to add the redirect url as a query param or something, but I couldn't find a solution.
Are there any suggestions or workarounds?
I found this in the Ambassador documentation that could be overlooked as I did several times:
Ambassador OAuth2 Settings
protectedOrigins: (You determine these, and must register them with your identity provider) Identifies hostnames that can appropriately set cookies for the application. Only the scheme (https://) and authority (example.com:1234) parts are used; the path part of the URL is ignored.
You will need to register each origin in protectedOrigins as an authorized callback endpoint with your identity provider. The URL will look like {{ORIGIN}}/.ambassador/oauth2/redirection-endpoint.
So it looks like ambassador hard codes the redirection-endpoint (redirect_uri) that you need add to your OAuth2 client in Keycloak.
I found a solution for that, is not the best solution but you will logout using a button.
async function logout() {
const data = new URLSearchParams("realm=keycloak-oauth2-filter.ambassador")
data.append('_xsrf', getCookie("ambassador_xsrf.keycloak-oauth2-filter.ambassador"));
fetch('/.ambassador/oauth2/logout', {
method: 'POST',
body: data
})
.then(function (response) {
if (response.ok) {
return response.text()
} else {
throw "err";
}
})
.then(function (text) {
console.log(text);
})
.catch(function (err) {
console.log(err);
});
}
I am building a flutter application that requires oauth 1 authorization for one of the third party services I am using. Because flutter oauth 1 package is restricted I decided to use the oauth 1 package that npm provides. This is the code that is used to access the user generated access token from the site.
I previously used request to make a call to the api endpoint first, to access the token and secondly to use the token recieved to make another call to a different resource endpoint
How can I use axios to make the same request, emphasis on the fact that each request needs a hmac-sha1 signed signature in the header.
Thank you.
consumer: {
key: CONSUMER KEY,
secret: CONSUMER SECRET,
},
signature_method: 'HMAC-SHA1',
hash_function(base_string, key) {
return crypto
.createHmac('sha1', key)
.update(base_string)
.digest('base64')
},
})
const request_data = {
url: 'https://www.instapaper.com/api/1/oauth/access_token/',
method: 'POST',
data: { x_auth_username : USERNAME , x_auth_password : PASSWORD , x_auth_mode : 'client_auth' },
}
request(
{
url: request_data.url,
form: request_data.data,
method: request_data.method,
headers: oauth.toHeader(oauth.authorize(request_data)),
},
function(error, response, body) {
// Process your data here
console.log(error);
console.log(response);
console.log(body);
}
)
Finally found the answer for this link to the issue created on github
https://github.com/axios/axios/issues/2771
I'm trying to crawl a web using React Native which has no API. It's written in PHP.
To log an user, a POST request must be sent. The response returns a cookie with a PHPSessid cookie which I must capture to use in subsequent requests.
I would like to capture the cookie value, buy the POST response is a 302 and the redirection is followed automatically, so I can't see the cookie. In node I was able to do it with redirect:manual, but it does not work in react native.
The cookie is sent automatically in subsequent requests, buy I'm trying to manage cookies by hand with react-native-cookie and I'd like to know if it's possible.
Do you know a way to stop the redirection?
I've been checking the code and what I did was the following:
Clear all cookies
Launch an empty login request
Capture the PHPSessID coookie
Launch a login request with that PHPSessID
After that, the subsequent fetch requests would have automatically a PHPSessID cookie with a valid logged in user, so we can use the site with simple fetchs
Here is some code, but the important thing is that you do a first empty login request, capture the PHPSessid and launch the real login request with that PHPSessid.
This would be the main function:
import Cookie from 'react-native-cookie';
// I think this is used only to clear the cookies
function login(user, pass){
// clear all cookies for all domains
// We need to start withouth authorization token
Cookie.clear();
const makeLoginRequest = (sessid) =>
makeLoginRequestForUserAndPass(user,pass,sessid);
return makeInitialRequest()
.then(getSessionIDFromResponse)
.then(makeLoginRequest)
.then(checkIfLoggedAndGetSessionID);
}
The initial request is a request to the login script. Note that I used GET because it worked with my site, perhaps an empty post would be necessary:
function makeInitialRequest() {
const INIT_PATH = '/index.php?r=site/login';
const INIT_URL = site + INIT_PATH;
const request = new Request(INIT_URL, options....);
return fetch(request);
}
We have the session ID in the response. I used a simple regex to extract it. Note that we are not logged in; PHP has created a session and that's what we have here:
function getSessionIDFromResponse(response) {
return getPHPSessIdFromCookie(response.headers.get('set-cookie'));
}
function getPHPSessIdFromCookie(header) {
const regex = /PHPSESSID=(\w*)/;
const match = regex.exec(header);
return match ? match[1] : '';
}
Now the login request. Note that I can't stop redirection here, but I't have to do it because we can have PHPSessid later. Redirection must be set to manual in POST request:
function makeLoginRequestForUserAndPass(user, pass, sessid) {
const request = buildLoginRequest(user, pass, sessid);
return fetch(request);
}
// This is where we build the real login request
function buildLoginRequest(user, pass, sessid) {
const LOGIN_PATH = '/index.php?r=site/login';
const LOGIN_URL = site + LOGIN_PATH;
const fields = [
{name: 'LoginForm[username]', value: user},
{name: 'LoginForm[password]', value: pass},
etc...
];
const data = translateFieldsToURLEncodedData(fields);
const headers = {
'Content-type': 'application/x-www-form-urlencoded',
Cookie: `PHPSESSID=${sessid}`, // HERE is where you put the data
};
const options = { method: 'POST',
headers: headers,
mode: 'cors',
cache: 'default',
agent: proxy,
body: data,
redirect: 'manual' // VERY IMPORTANT: if you don't do it, the cookie is lost
};
return new Request(LOGIN_URL, options);
}
// Simple utility function
function translateFieldsToURLEncodedData(fields){
let pairs = fields.map( (field) => {
return encodeURIComponent(field.name) + '=' + encodeURIComponent(field.value);
});
return pairs.join('&');
}
This is the last part. To see if I was logged in I checked if the response had text belonging to login error's page. I also got the PHPSessid (I think it changed after login, not sure, it was a year ago) but I don't know if I used it, I believe it was included automatically in subsequent requests. I think this part could be simplified an improved:
function checkIfLoggedAndGetSessionID(response) {
return (
checkIfLoggedOK(response)
.then(() => getSessionIDFromResponse(response))
);
}
function checkIfLoggedOK(response){
return getTextFromResponse(response)
.then(throwErrorIfNotLogedOk);
}
function getTextFromResponse(response) {
return response.text();
}
function throwErrorIfNotLogedOk(page) {
if(isErrorPage(page)) throw new Error("Login failed");
}
function isErrorPage(text) {
const ERROR_MESSAGE = 'Something that appears in login failed page of your site';
let n = text.search(ERROR_MESSAGE);
return n !== -1;
}
Hope this can be useful.
I'm trying to get this example to work: https://developers.google.com/analytics/devguides/config/mgmt/v3/quickstart/web-php#enable
The error I'm getting is "Error: redirect_uri_mismatch" .
In order to install the google api resources, I used composer with this command:
php composer.phar require google/apiclient:^2.0.0#RC
This installed the "vendor" folder in my root site folder. My index.php and oauth2callback.php files are located in the "public_html" folder.
Here's a screenshot of my error when going to my site:
The weird thing is that if I navigate to the link above that's included in the error message "Visit ...... to update the authorized..", I get this error message: " The OAuth Client Does Not Exist "
If I click on my only available Client ID, I can navigate to see the URI's which I'll screenshot below as well:
As you can see, under Authorized Javascript origins, I have http://localhost listed, and under authorized redirect URIs, I have my live site followed by the "oauthc2callback.php" file extension.
I don't understand how to get rid of the error I'm getting. I've tried replacing the URI's and putting in different JavaScript origins.
Also, for some reason on that last screenshot, it says that I don't have permission to edit this OAuth client, but I can make edits.
The code I have for index.php:
<?php
// Load the Google API PHP Client Library.
require_once '../vendor/autoload.php';
// Start a session to persist credentials.
session_start();
// Create the client object and set the authorization configuration
// from the client_secretes.json you downloaded from the developer console.
$client = new Google_Client();
$client->setAuthConfigFile('../config/client_secrets.json');
$client->addScope('https://www.googleapis.com/auth/analytics.readonly');
// If the user has already authorized this app then get an access token
// else redirect to ask the user to authorize access to Google Analytics.
if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
// Set the access token on the client.
$client->setAccessToken($_SESSION['access_token']);
// Create an authorized analytics service object.
$analytics = new Google_Service_Analytics($client);
// Get the first view (profile) id for the authorized user.
$profile = getFirstProfileId($analytics);
// Get the results from the Core Reporting API and print the results.
$results = getResults($analytics, $profile);
printResults($results);
} else {
$redirect_uri = 'http://' . $_SERVER['HTTP_HOST'] . '/oauth2callback.php';
header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
}
function getFirstprofileId(&$analytics) {
// Get the user's first view (profile) ID.
// Get the list of accounts for the authorized user.
$accounts = $analytics->management_accounts->listManagementAccounts();
if (count($accounts->getItems()) > 0) {
$items = $accounts->getItems();
$firstAccountId = $items[0]->getId();
// Get the list of properties for the authorized user.
$properties = $analytics->management_webproperties
->listManagementWebproperties($firstAccountId);
if (count($properties->getItems()) > 0) {
$items = $properties->getItems();
$firstPropertyId = $items[0]->getId();
// Get the list of views (profiles) for the authorized user.
$profiles = $analytics->management_profiles
->listManagementProfiles($firstAccountId, $firstPropertyId);
if (count($profiles->getItems()) > 0) {
$items = $profiles->getItems();
// Return the first view (profile) ID.
return $items[0]->getId();
} else {
throw new Exception('No views (profiles) found for this user.');
}
} else {
throw new Exception('No properties found for this user.');
}
} else {
throw new Exception('No accounts found for this user.');
}
}
function getResults(&$analytics, $profileId) {
// Calls the Core Reporting API and queries for the number of sessions
// for the last seven days.
return $analytics->data_ga->get(
'ga:' . $profileId,
'7daysAgo',
'today',
'ga:sessions');
}
function printResults(&$results) {
// Parses the response from the Core Reporting API and prints
// the profile name and total sessions.
if (count($results->getRows()) > 0) {
// Get the profile name.
$profileName = $results->getProfileInfo()->getProfileName();
// Get the entry for the first entry in the first row.
$rows = $results->getRows();
$sessions = $rows[0][0];
// Print the results.
print "<p>First view (profile) found: $profileName</p>";
print "<p>Total sessions: $sessions</p>";
} else {
print "<p>No results found.</p>";
}
}
The code I have for "oauth2callback.php":
<?php
require_once '../vendor/autoload.php';
// Start a session to persist credentials.
session_start();
// Create the client object and set the authorization configuration
// from the client_secrets.json you downloaded from the Developers Console.
$client = new Google_Client();
$client->setAuthConfigFile('../config/client_secrets.json');
$client->setRedirectUri('http://' . $_SERVER['HTTP_HOST'] . '/oauth2callback.php');
$client->addScope('https://www.googleapis.com/auth/analytics.readonly');
// Handle authorization flow from the server.
if (! isset($_GET['code'])) {
$auth_url = $client->createAuthUrl();
header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
} else {
$client->authenticate($_GET['code']);
$_SESSION['access_token'] = $client->getAccessToken();
$redirect_uri = 'http://' . $_SERVER['HTTP_HOST'] . '/';
header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
}
All of this code was taken from the first website example, except with a few minor additions to make it match my system.
Anyone know how I can get rid of this error? What am I doing wrong?
Remember, as far as Google is concerned, "your" server is hostile until you name it "friendly", you must explicitly whitelist every possible source of an OAuth call TO Google.
Google is a clubbouncer, a big, ugly, unmovable bouncer with a a guest list saying to your application: "I will only deal with your request if your exact name OR id is on the list"
Have you tried including, not only localhost, but all other possible origins?
You must list every possible variation of url "root", including explicit IPs.
http://www.example.com
http://example.com
https://example.com
https://www.example.com
http://222.111.0.111
...
dont forget to include
https://accounts.google.com:443
The redirect Uri in the request MUST be exactly the same as one Uri you stored.
I see a / at the end of the stored one you missed in your request.
just copy the request URI on which error is occurring from error screen and paste it to OAuth credentials "Authorised redirect URIs"
now run the app.
this works for me. Hope I answered your query.
I'm trying to remove permissions via an Ajax HTTP DELETE request, but the response I'm getting back is not what the graph api docs say i should be getting. It says I should be getting a boolean response ("True if the delete succeeded and error otherwise."). But instead I'm getting an entire object of the permissions list:
var revokePermission = function(permName) {
var revoke_perm_url = "https://graph.facebook.com/me/permissions" +
"?access_token=" + access_token + "&callback=?";
$.ajax({
type: "DELETE",
dataType: "jsonp",
url: revoke_perm_url,
data: {'permission': permName},
success: function(response){
console.log(response);
}
});
}
revokePermission(permission_name);
Here is what I get back:
data: Array[1]
0: Object
bookmarked: 1
create_note: 1
email: 1
installed: 1
photo_upload: 1
publish_actions: 1
publish_stream: 1
read_stream: 1
share_item: 1
status_update: 1
user_interests: 1
user_likes: 1
user_status: 1
video_upload: 1
Note that the api docs say:
You can de-authorize an application entirely, or just revoke a
specific permission on behalf of a user by issuing an HTTP DELETE to
PROFILE_ID/permissions or PROFILE_ID/permissions/PERMISSION_NAME
respectively. This request must be made with a value user access_token
for the current app.
I understand all this, so when I either issue a request to the specific permission url (ie "/permissions/user_likes/") or to the base permissions url with the permission sent via the ajax data param, they both just return an object of all my current permissions, and the permission I requested to be deleted remains untouched.
However when I set the permission in both the url and the data being sent, it returns an object with an error:
Object
error: Object
code: 2500
message: "Cannot specify permission in both the path and query parameter."
type: "OAuthException"
Anyone know what is going on? Note that the LEGACY REST method of auth.revokeExtendedPermission does indeed work per (http://developers.facebook.com/docs/reference/rest/auth.revokeExtendedPermission/). It returns a boolean response and the respective permission is deleted.
Solutions?
Full code, tested, returns 'true':
var revokePermission = function(permName) {
var revoke_perm_url = "https://graph.facebook.com/me/permissions";
$.ajax({
type: "POST",
dataType: "jsonp",
url: revoke_perm_url,
data: {
'access_token' : 'access_token_here',
'permission': permName,
'method' : 'delete'
},
success: function(response){
alert(JSON.stringify(response, null, 4));
}
});
}
revokePermission("email");
Does "type: DELETE" actually work to send a HTTP DELETE request?
The response you're getting back there is the response to a GET request to /<USER>/permissions
You can fake a delete request by adding another parameter, 'method' and set that to delete when making the GET request, i.e.
data: {
'permission': permName
'method' : 'delete'
},