Facebook Oauth2 - invalid scope id? - facebook

I'm trying to implement facebook login/autoregister for a website. There is a problem with the requested scopes.
First I have tried to use the "default" scope. According to the official documentation, it provides access to a subset of the UserData structure. It is documented here:
https://developers.facebook.com/docs/facebook-login/permissions/#reference-default
However, if I try to do this, then I get an error:
Invalid scope: default
I have also tried to use something basic first. For example, scope="id". Then I get this error:
Invalid scope: id
If I try scope="email first_name last_name middle_name name picture" then:
Invalid scope: first_name
The only that worked so far is scope="email", but that is not enough for auto registration.
Moreover, the documentations cleary says that "All permissions, except the Default Public Profile fields, require Facebook Login and Client OAuth Login enabled for your app to allow Users or Pages to grant your app these permissions." (you can read this on the top of https://developers.facebook.com/docs/facebook-login/permissions/ ). So it seems that the scopes are not invalid because I don't have Facebook Login enabled for my app. They are invalid for some other reason - maybe because the don't exist?
I wonder why are these scopes documented if they are invalid? And where can I find the valid ones?
Side note: it seems that Facebook does not follow RFC 6749. When there is an error, the Oauth2 server (https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2 more specifically 4.1.2.1 error response ). But Facebook does not do this. It displays a popup window on facebook.com instead, and if I press "OK" on that window, it enters an infinite loop and keeps displaying the same message again and again: "You are no logged in". (Why would I?)
UPDATE: Even though I used scope=email only, the /me api returned all fields, including first_name, last_name, email, and profile picture. So maybe those things are not scopes, but field names. But it is still unclear what scopes are available? The documentation still seems bad. It should clearly tell which terms are scopes, which are field names from data structures. And a complete list of scopes is still missing from the docs (or maybe there is a list, just I couldn't find it?)

The docs are indeed a bit misleading, but "default" is not a permission/scope, it just tells you want data you can get WITHOUT an additional permission. You can find the available permissions in the link of your question, if you just scroll to the top. Only that list is important, for the default fields there is a link "Default Public Profile Fields", but - again - no scope/permission is needed.
And yes, there is a big difference between scope and fields. For example, the email field can be used after authorizing with the email scope, but the birthday field requires authorization with the user_birthday permission. Fields can be found here, for example: https://developers.facebook.com/docs/graph-api/reference/v3.1/user

Related

Facebook Send Dialog in iframe doesn't seem to work

I am having issues using the Facebook send dialog. If I open this window in a new browser, everything works:
https://www.facebook.com/dialog/send
?app_id=[My_App_Id]
&redirect_uri=https%3A%2F%2Fwww.example.com%2Fcallback
&link=https%3A%2F%2Fexample.com%2Fimage.jpg
So by doing that, I am able to send a message just fine. However, I need this to be in an iframe, which according to the send dialog documentation, this should work. So I then do this:
https://www.facebook.com/dialog/send
?app_id=[My_App_Id]
&display=iframe
&redirect_uri=https%3A%2F%2Fwww.example.com%2Fcallback
&link=https%3A%2F%2Fexample.com%2Fimage.jpg
Doing so, I get the following error:
API Error Code: 102
API Error Description: Session key invalid or no longer valid
Error Message: Iframe dialogs must be called with a session key
I find it a little strange that I can do this with a popup, but they require a session key for iframe. But even so, that isn't a problem. Because I have already gotten an access_token. So, this should work then:
https://www.facebook.com/dialog/send
?app_id=[My_App_Id]
&display=iframe
&redirect_uri=https%3A%2F%2Fwww.example.com%2Fcallback
&link=https%3A%2F%2Fexample.com%2Fimage.jpg
&access_token=[MY_OAUTH_ACCESS_TOKEN]
The access token was obtained from calling /v12.0/dialog/oauth, and I have confirmed that the access_token is valid:
However, I now get this message:
This Content Isn't Available Right Now
When this happens, it's usually because the owner only shared it with a small group of people, changed who can see it or it's been deleted.
So now this really makes no sense. I can send this link just fine if I use a popup with NO access_token present. But to set the display to iframe, I must include the token, which is fine, but it doesn't like the token for some reason?
It is also worth noting that this behaves the same way regardless if the Facebook app is in development mode or live mode. In development mode, all of the permissions should work for my test users. So it seems very unlikely that this is a permissions issue?
Anybody have any insight on this at all?

Xero API Reports endpoints unauthorised

I'm trying to make some GET calls through Postman to the following endpoint:
https://api.xero.com/api.xro/2.0/Reports/BalanceSheet
getting this error:
{"title":"Unauthorized","status":401,"detail":"AuthorizationUnsuccessful","instance":"674c99d2-0ae3-4940-b23b-aec74cef79ea"}
The docs say this is a user roles issue, and suggests "view reports" access is off, but I'm pretty sure that's all set up correctly:
screenshot of user role options
It works fine through the API previewer, so I can't see what I'm missing.
Any help?
If it makes a difference, I'm using Oauth2.0 route.
You'll likely be missing the accounting.reports.read scope.
During the authorisation process, when you direct your user to the https://login.xero.com/identity/connect/authorize... url, try including accounting.reports.read in scope query parameter (along with your existing scopes, of course).

Facebook marketing api access non existing field

I am trying to access campaigns of the facebook account. Using python lib: https://github.com/facebook/facebook-python-ads-sdk
Receive error: (#100) Tried accessing nonexisting field (campaigns) on node type (AdAccount)
Url: https://graph.facebook.com/v2.11/{account_id}/campaigns
Everything worked fine for months. Now, even facebook page for this url is empty: https://developers.facebook.com/docs/marketing-api/reference/ad-account/campaigns/
Any thoughts, what's the problem?
Seems to be a bug.
Reported here: https://developers.facebook.com/bugs/707332642990208/
Works perfectly without time_range param.
So, could be temporary solution.
I don't know if this is a bug or not: facebook does this from time to time and is implementing check routines for parameters - in fact "adaccounts don't have any parameters:facebook api reference adaccount reading)
The error you are getting (#100) says "invalid parameter" (facebook reference adaccount validation rules), this is, because you may have defined the time_range and you are asking api for campaigns in an adaccount. But: for adaccount edge time_rage parameter is invalid.
The solution is to FIRST asking api for https://graph.facebook.com/v2.11/{account_id}/campaigns and after this defining the (time_range) parameter(s) for the insights of your campaign.

Salesforce API CALL issue

I'm testing the REST API,
I successfully called to https://naxx.salesforce.com/services/data/v29.0/sobjects/
It returns the expected result.
When I call to https://naxx.salesforce.com/services/data/v29.0/sobjects/Account/
It returns a (404) Not Found response.
I have replaced the "Account" placeholder with the logged user's email, nickname, email , also I have tried with access_token.id value but nothing works. The answer is always 404.
What should I use as "Account" value, and where can I get that information?
I'm following this documentation:
http://www.salesforce.com/us/developer/docs/api_rest/index_Left.htm#CSHID=quickstart_oauth.htm|StartTopic=Content%2Fquickstart_oauth.htm|SkinName=webhelp
Specifically the subtitle called "Get Basic Object Information".
I have the same problem with:
https://naxx.salesforce.com/services/data/v29.0/sobjects/Account/describe/
https://naxx.salesforce.com/services/data/v29.0/query?q=SELECT+name+from+Account
I have not the problem with:
https://naxx.salesforce.com/services/data/
https://naxx.salesforce.com/services/data/v29.0/
https://naxx.salesforce.com/services/data/v29.0/sobjects/
Thank you in advance.
Account is not placeholder text it is the actual name of an SObject type. That it returns a 404 response means your user account does not have access to Account records. You should check your users profile & license settings. The services/data/v29.0/sobjects/ request will return details of all the SObject types your user has access to. (so you'll find that Account is not in this list in your case)
I had a similar issue. I was able to access the object Account in the list of objects but was not able to retrieve the metadata. Seems that the documentation misses the parameter "sobjects" in the path. The correct URL is:
https://na1.salesforce.com/services/data/v20.0/sobjects/Account/describe/ -H "Authorization: Bearer token"
This can be confirmed through by trying the url:
https://na1.salesforce.com/services/data/v20.0/sobjects/Account
which lists the uses such as records, describe, listviews, etc. It may vary based on organization and if the user has permission, it is ideal that the developer hit the second URL and then obtain the correct base url to retrieve the metadata.

Trying to get OAuth dialog to work

I am at this step in getting my app started in the documentation:
https://developers.facebook.com/docs/appsonfacebook/tutorial/#auth
In there is a code block that (supposedly) forwards the user to a request dialog asking permission to access certain bit of information about them. I've placed this code block into the PHP script that my canvas URL points to, and changed the $app_id and $canvas_page to my application ID and canvas URL respectively. Instead of getting the expected dialog, I receive this following error from facebook:
"An error occurred. Please try again later."
No other details about the error are present. I've tried some variations of the script, and have even tried loading up this URL directly just to see if that would work. Note that I've replaced YOUR_APP_ID and YOUR_CANVAS_PAGE with the appropriate values and made sure that spelling and/or punctuation are correct:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE&scope=email,read_stream
For the redirect URL, I've tried prepending it with http://, https://, and no prefix at all. All with the same result.
My question: is the example in the documentation broken, or is the oauth link provided in the documentation currently down? The vague nature of the error is somewhat frustrating since I can't tell if it's something I'm doing wrong or if it's facebook's oauth function that's at fault.
So, the problem was that instead of using the numeric application ID that facebook assigned for me when I originally created the app as the YOUR_APP_ID parameter in the OAuth URL, I was using the application namespace string. Facebook didn't understand this sort of request, and returned the generic error message.
Once I used the numeric app ID, the OAuth dialog popped up to ask permission to access my account, as expected.