I'm trying to send messages through FB messenger API.
It returns:
Error validating access token: The session has been invalidated
because the user changed their password or Facebook has changed the
session for security reasons.
Does anyone know how to figure it out?
Thank you
You have to re-assign the Facebook Page again to get a new token.
Related
My perfectly working chat application all of a received these errors, without having altered any of the settings, when sending chat messages:
{"error":{"message":"(#100) No matching user found",
"type":"OAuthException",
"code":100,
"error_subcode":2018001,
"fbtrace_id":"xxxxx"}
}
I went my application settings -> Messenger -> Settings and created a new token for the page my chatbot is associated with. That fixed it. I used tokens before over many month without having to refresh the token.
I understand that tokens expire, but I was under the impression that page tokens for facebook messenger are stable until they are revoked. What's the automatic procedure for getting a new token, do I get a callback when my token is about to expire? I was looking in the documentation of the facebook messenger but couldn't find any solution or suggestion for my problem. What do I need to do?
I want my application to post to a single, pre-defined user's wall something like "We just posted a new blog at [URL]" with no client-side interaction.
But every answer I can find on this topic seems to hinge on getting an access token through
https://graph.facebook.com/oauth/access_token
Which gives you some redirect url through which a user has to log in manually.
I've got near zero experience with Facebook. Is it possible to automatically get an access token for a predefined user? Am I doing it wrong? ;)
You can't.
Facebook doesn't give you a way to automatically get an access token for a user. That user needs to log into Facebook and explicitly give your app permission. The best you can get is a long-lived access token that remains valid for up to 60 days.
Getting that token requires a two step process:
1) Logging into Facebook using either the JavaScript API or redirecting the user to a valid Facebook login URL.
2) Retrieving the short-lived access token you got in step 1 for a long-lived access token.
Once you've got that access token, should your post fail, you know you need to re-authenticate the user and get a new long-lived access token. Your user needs to be online and logged into Facebook for this to work, though it can happen without their interaction.
I have successfully installed the Facebook registration plugin on my website, but I'm left with some unanswered question.
After a user is authenticated through Facebook, should I just be storing the UID from Facebook in my database to correlate records in my application with the Facebook user?
If I understand correctly, Facebook should send back an "Access Token" what exactly should be done with this? Should each required page in an application be checking this access token some how to verify the user is authenticated instead of calling something like FB.getSession each time you want to validate the user is still logged in?
If a user registers through the Facebook registration without a Facebook Account, and returns is it completely up to me to handle the authentication and storage of the username and password or dose Facebook still interject here?
Where and What is the App Secret used for?
Facebook is said to return a "Signed Request". Is this separate from the data that is returned? Dose each request back from Facebook need to have the Signed request verified?
I have more questions coming, but I'll start with these for now.
Yes.
The oauth_token can be used to make a request to the API once they give permission to your app.
I haven't used this tool to save passwords but the registration flow can be found here
The signed_request parameter is signed using your application secret which is only known by you and Facebook to make sure that the data you're receiving is the actual data sent by Facebook.
The data Facebook returns is the signed_request and it is an encoded JSON string. You can't decode it without your app secret. You verify return data by decoding the signed_request.
Whenever my app shares things with facebook through the opengraph objects/actions, the outgoing link that appears on facebook has a code= parameter with a very long hash. What is this? What does it do? Is there any way to get rid of it?
If your app has Authenticated Referrals turned on, the code query parameter should be the Auth Token used during the OAuth authentication process.
Your server should be able to basically send this AuthToken back to Facebook and get the Access Token associated with it...
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&client_secret=YOUR_APP_SECRET
&code=THE_AUTH_TOKEN
You can read more about Facebook Server-Side Authentication. here
I am building a social gaming platform which will be played with mobiles. I am confused about the login part and access token. Let me briefly explain my problem.
Problem: User logs in with facebook login and I retrieve the accessToken of the user. Then immediately after login I store this accessToken in my database. The user continues with the game. Then in some point when I want to post something to the users wall the mobile side calls a WebService and my part (C#) uses the access token stored in the DB and posts something to the wall. Until here everything is OK. But what happens when the access Token expires or the user changes his password. Then I have to re-get the accessToken and update the DB.
BUT how do I get notified when the accessToken changes? I have to get notified or I will have a expired token and won't be able to post something.
Thanks
You won't get notified when a token expires, but Facebook give you the expiry time in your response, which you should store.
According to the OAuth spec, you will receive an HTTP 401 Unauthorized if you try to use an invalid/expired token, as well as the following:
Invalid Consumer Key
Invalid signature
Invalid / used nonce