I want to write a process which downloads data about my ads.
Basically this is the code:
https://github.com/airflow-plugins/facebook_ads_plugin/blob/master/hooks/facebook_ads_hook.py
It construct a URI as:
https://graph.facebook.com/v{api_version}/act_{account_id}/insights?{payload}
Where payload contains the access_token, breakdowns, fields etc..
Now, I passed over the facebook dev guide https://developers.facebook.com/docs/graph-api/using-graph-api/ and it doesn't explain how do I get the account_id and the token.
It always leads to a user account that needs to log-in to facebook and then process the request.
I want to build a process that doesn't involve user action. Just download logs about my ads.
How can I do that? Where can I get the account_id and the token.
In other systems like google and other they create a json file with credentials that is used for the outh. there doesn't seem to be equivalent with facebook.
For this type of use case, I would create a System User that is permissioned on all your ad accounts, following this guide. That will allow you to generate a token that can used without user login. (You can do the same for your personal facebook account, but that requires you to pass app verification. This can be done without that.)
Then to get the account ids of all the accounts the system user is permissioned on, query the "me/adaccounts" endpoint, using the access token generated for the system user. The docs for that are here. You can use that to get a list of all the account ids.
Alternatively, if you only need one account id, you can get that straight from the facebook ads manager.
Related
I thought it would be simple to use Graph API to read my own user profile or another signed-in user profile but no luck so far.
I created an Azure app with only the following:
a) Client Secret
b) Delegated API permission of User.Read only
I then used the following simple code to try to read my own profile but it returned (400) Bad Request even though I can see that a token was returned successfully.
I was wondering if I could use the same Azure app to read another user's profile provided that a sign-in prompt could be created to switch account.
Any thoughts?
The me endpoint requires a user context. You're using the client credentials grant type, which is for client apps to use in an app-only context. The app has no awareness of who "me" is, or what "your" profile is because you haven't provided a user.
For the app to read the profiles of other users in the client credentials flow, you need to add one of the MS Graph application-type permissions, and send a request to the https://graph.microsoft.com/v1.0/users enpoint
Get user API endpoint
my code is based on this example
https://codelabs.developers.google.com/codelabs/smarthome-washer
The OAuth process is working. But now I want to know who is the user.
Here
https://developers.google.com/assistant/identity/google-sign-in-oauth?oauth=code
is described that:
After the user gives your Action consent to access their Google profile, Google sends a request that contains a signed assertion of the Google user's identity.
But if I test the authentication I never will be ask to give access to my Google profile.
I think that I have to configure which information my app wants to have from the user. But I didn't know where to do that.
I searched a lot but I couldn't find an example which really explains how to get the user information.
Thank you for your help.
Regards Simon
The OAuth process is working. But now I want to know who is the user.
Just a note here that the samples and codelabs use a fake OAuth implementation does not implement a user sign-in flow and returns a hard-coded fake access token during account linking.
Here
https://developers.google.com/assistant/identity/google-sign-in-oauth?oauth=code
is described that:
After the user gives your Action consent to access their Google profile, Google sends a request that contains a signed assertion of the Google user's identity.
Smart home actions do not support the Google Sign-In account linking flows. You need to implement the OAuth authorization code flow in your account linking integration.
I think that I have to configure which information my app wants to have from the user. But I didn't know where to do that.
I searched a lot but I couldn't find an example which really explains how to get the user information.
This is essentially the opposite of what account linking accomplishes. The goal is not to provide user information from Google to your Action. Instead, account linking is used to authorize Google to access your user's devices by providing Google with an access token that your service considers valid for a particular user within your cloud service.
So in this case, you are the one that owns the user data. You are simply providing Google scoped access to that data for sending queries and commands to devices.
I'm trying to implement facebook connect to my website, and i have couple questions.
1: Is it possible to register user in my website using his current facebook email/password.
Let's say user clicks on link Register via facebook and then he have to give me permisions to access his password, email, etc... and after that is done i put that info in my own database and he will be able to login with that account any time he wants without needing to give me permisions any time in the future.
2: If that kind of registration is not possible, what's other solution would be the best for me? Because i need to somehow keep track of that user who logged in with facebook, because he can upload photos, send messages etc.
Anyways, i'm quite new with facebook and similar things, so i'm really lost here, hope some one can help me :)
EDIT Thank you all for wonderful answers it helped me a lot, now all that's left is to read documentation :)
Yes it is, it is possible to get the information of the user. But it is rather complicated, when you have never dealt with it.
First you need to send the user to the following link:
https://m.facebook.com/dialog/oauth?client_id=your-client-id&redirect_uri=xxx&scope=listof-information-you-want
Facebook will then return your client to the uri specified, if the user rejected it will give a reason. If it is not you will get an code in urlencoded format.
This code is needed for the following step, the request of the access token:
https://graph.facebook.com/oauth/access_token?redirect_uri=xxx&client_id=xxx&client_secret=xxx&code=xxxx
This will give back an access token, if the authorization didn't fail.
After that you can ask for the information you want:
https://graph.facebook.com/me?method=GET&metadata=true&format=json&access_token=access_token
This will include a facebook uid, which is unique for all users. Store it and you can discern between a register and login.
This is roughly the process for any oauth2 application.
Facebook will not ask repeatedly for permissions after the user granted them to you. So you can store the access token and reuse it for backend stuff and also use the same procedure you use for register for login.
You can never access the user's password from Facebook even with his/her permission, so the user will always have to authenticate via Facebook and have Facebook pass you the user id of the logged in user once authentication succeeds. You can store all kinds of other data locally, but not enough to authenticate the user yourself.
Once the user is authenticated, you'll have access to the user's Facebook user id via the API, which should be enough to connect all kinds of information to that specific user.
Facebook does not provide access to accounts when passwords are taken from your controls. It provides it own canvas for login information. Therefore you cannot use your first approach to store passwords in your databases. Check this out.
You can however store email addresses once user logins into his account using the facebook sdks. Check this out link for the example of C# SDK sample code.
You can use the Facebook APIs to fetch user email-id, photos, friendslist and other information and then play around accordingly.
You don't get access to the users password - only email if you ask for it.
Best way would be to have a table of users and their Facebook account id's.
If you want to allow users to sign up without Facebook then have a nullable field for their password and facebook id, and also have a field for username - which you could populate from Facebook if they register via that route.
When using the Javascript API login, it returns to the page with a number of parameters, like the access token, the user ID, and other details. If I wanted to associate a user in my database with this Facebook user, which would be the piece of data I want to store to be able to look it up later for authentication?
In other words, which token should I store, so that next time the user logs in, I can look in the database for this token and authenticate the user?
I would use the UID, but it seems easy to spoof another UID and impersonate someone else.
Thanks!
Client side spoofing is not your concern. If you are displaying FB content based upon FB authentication, then FB is responsible for the integrity of that process.
If you are using this info server side, then you need to follow the OAuth 2.0 flow which is not spoofable (to my knowledge) because you are going directly to FB for authentication.
You can't mix the two flows because you leave yourself vulnerable to attacks.
And to answer your other question, yes, you should link your DB to the UID because the access_token will change.
You can validate the fb access token with the fb js sdk. So you can take the fb-uid as save. The tokens you get from fb are only valid for a limited time, so you shouldn't save them.
UPDATE:
Regarding the saveness of the fb-uid: Your PHP script gets a signed request from facebook. That request is signed with your app's secret so that no one else can read that data. The request contains a fb-session for the current user (including the uid) and an access token.
I have a mysql membership database run by a Perl script. Account creation or login requires an email address and password. The Perl script then sets cookies (password cookie has encrypted value) which allow users to create, own and modify records. A members table contains user information. I've gone through the FacebookConnect information as well as the forum. Maybe I cannot see the forest for the trees, or maybe this is not possible. In order to use FacebookConnect for logins/account creation, I need to be able to send the user email and password to the the Perl script so that the proper cookies are set. If it were an http it would look like this:
http://domain.com/cgi-bin/perlscript.pl?_cgifunction=login&email=ddd#somedomain.com&password=somepassword.
Any hints or advice would be greatly appreciated.
What you are trying to do isn't really possible in the way that you're describing it.
Facebook Connect basically provides you with a single piece of information: whether your visitor is logged in to their Facebook account or not. If they are, you can get their Facebook ID, if not, you can show them a button (or whatever) and ask them to log into Facebook.
Generally a good approach when using Facebook Connect as an authentication method for your site is to have an internal id for the user's member account, and store a user's Facebook ID alongside that. When a user comes to your site, and they are already logged in to Facebook, you just use their Facebook ID to retrieve the local account. Otherwise you show them your login form to log in locally, and/or a Facebook login button.
The problem you're running into here is that you cannot get someone's email address from Facebook, as it is purposely hidden to protect privacy. If your membership scripts provide only the email/password log-in method, then what you need to do is modify these scripts to create the authentication cookie when given a properly authenticated Facebook ID.
Essentially you'll have two login functions... one for a Facebook login, and one for a regular login. Either function should properly created the local authentication cookie.