I use OAuth2 login through the Facebook social network for users on the website.
Is it still possible to get the certain user's Facebook profile URL after login(for example by accessToken) or Facebook hides this information right now(after incidents with data leaks) and it is impossible?
It is, if the user grants permission.
You need to ask for user_link permission on login, and then you can request the link field of the user object – that will return a URL that can be used in a browser, to redirect to the actual profile.
This URL contains some form of token, and likely has limited validity - so you should not store those for long-term use, but rather request a “fresh” one when it is needed.
https://developers.facebook.com/docs/facebook-login/permissions#reference-user_link
Related
I've been reading documentation and Stack Overflow link all morning, but I'm just not understanding the correct process to authorize a web server to post to a Facebook page wall.
What I'm not clear on is why I have to post to Facebook as a Facebook User, using an access_token, meaning that this user has to log into Facebook manually to authorize my app.
I'm not trying to authorize a User, nor any of my visitors to do anything with their accounts, so I don't need any permissions from them. Instead, I'm trying to authorize my Web Server to post updates to its wall as a specific Page.
Why do I have to use a user access_token to do this? I'm not attempting to impersonate the user, I'm trying to post to the page as the page...
Is it possible to authorize a user and get their access token without having to create a login page on the Web Server? I don't want to have to require the user to login to make this work, I thought that was the point of having an app ID and Secret?
I guess my question is this: Is it not possible to allow a web server to post to a Facebook page wall as that page, without having to present a login dialog to a specific user? If it is possible, what is the correct workflow to set this up?
In order to post to a Page as a Page, you have to use a Page Access Token. You get that with a User Access Token, and you can extend it so it will stay valid forever.
Steps:
Request a User Access Token with the manage_pages permission (valid for up to 2 hours)
Extend the User Access Token (valid for up to 60 days)
Get the Extended Page Access Token for your Page with the User Session
Store and User The Page Access Token in the publish call
It may sound a bit complicated, but there are many tutorials for this and you don´t actually need to program it, you can just use the Graph API Explorer.
Here are some Links about the Access Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/ (see "Extended Page Access Token" for a step by step tutorial)
I am looking for a solution to fetch the feeds of an alcohol-related/age-restricted Facebook Brand Page by a website or back-end service to show these infos in that website for any user.
i.e: https://graph.facebook.com/JimBeam
The standard call results with an error or false.
I know the reason is the age-restictrion because of the relation to alcohol.
If I am connected to Facebook and add an access_token (user-token or page-token) to the request, I get everything I need, but it doesn't work if I am not connected.
If I request the page-token with offline_access, it also does not work when I am not connected to Facebook.
I am a bit confused with all this token types, offline_access, permissions and so on.
Is possible to get the fb-graph-feed of an age-restricted page and load that into a website?
To get an age-restricted feed you need to have a user access token that meets the criteria for the page. So if a user is visiting your site, they will need to authenticate your app, and then you can use the resulting access token to pull information to your website from that restricted page.
You should not be using a user's access token to display content to another user who does not meet the restrictions on the Facebook page.
An added problem is that Facebook does not expose a page's restrictions via the API, so you can't tell if a user has permission to see the page until your API request returns no data.
I have created an App on facebook and I am using this app to authorize an user via dotnetopenauth.
Here I would pass APPID and APPSECRET and get the token which would be used to call Facebook Graph to get facebook user details.
If I'm doing this for the first time, user would be asked to enter username/passowrd on the Facebook website and then the session is created in the browser and it will redirect to my website as a Facebook user. This means that if I open a new tab in the current window and open facebook, user will see his/her page directly without asking for username/password. - this is obvious and understandable.
// code
request = WebRequest.Create("https://graph.facebook.com/me?access_token=" + Uri.EscapeDataString(strAccessToken));
response = request.GetResponse();
My query is:
After the scenario above, if user logs out from Facebook website OR I close the browser window, the facebook session is lost. However, I still have the access token (string in the above code) that I got while authenticating.
So, As of this moment I am not storing any user information from Facebook (not even cookies or anything else). I am just requesting user to authorize my application as a Facebook user. When user does that, I get the access token which I can use it to make calls to Graph and REST APIs. This access token usually remains same, so I really dont need to pass the applicaition id and secret to get the token next time onwards. Actually I can request the graph APIs and REST APIs with the stored token and request user details. I have tested this and works fine.
What I am looking for is, if user opens www.facebook.com, user should see his/her personal facebook page which obviosuly is possible only if I have a session in the current browser. Hence, my question was: how do I use my access token OR what call should I make with my access token so that I can set the browser session for the facebook user? Is it possible technically?
Regards,
AG
No. Your access token is used by your web server to call facebook. It's impossible (and undesirable) for this to impact the user's browser in a way that would set a facebook.com cookie so that the user would be implicitly logged into Facebook by your use of the access token.
Is it possible to somehow get an access token to use the facebook api like a user that clicked "use facebook as "?
What I'm trying to do is to allow my website to post messages to the facebook page's wall. I already have an app which I use to allow my users to login with their FB account. However, I'd prefer not to require a page admin to authorize full manage_pages to my app. I already added the app to my FB page, but there are no options to give that app some permissions for my page.
Of course it's possible.
In the official documentation page about Permissions it's written:
Page access_token
An access_token used to manage a page. This is used
when you want to perform an operation acting as a Page. This access
token is retrieved by issuing an HTTP GET to /USER_ID/accounts or to
/PAGE_ID?fields=access_token with the manage_pages permission. Getting
/USER_ID/accounts will return a list of Pages (including app profile
pages) to which the user has administrative access in addition to an
access_token for each Page. Alternatively, you can get a page access
token for a single, specific, page by issuing an HTTP GET to
/PAGE_ID?fields=access_token with the manage_pages permission (you
must ask for the access_token field specifically via the fields=
parameter). See the documentation for the Page object for more
information. NOTE: After November 1, 2011, manage_pages permission
will be required for all access to a user's pages via this connection,
i.e. for both reading the user's pages and also retrieving
access_tokens for those pages. See the documentation for the User
object for more information.
The authorization section of this page developers.facebook.com / docs / api contains a good description on how to perform authentication for a user agains my Facebook app. However, in my scenario I cannot get it to work the way I want. Here is how it is supposed to work:
User comes to my login page and clicks a "Sign in with Facebook" link.
User gets redirected to graph.facebook.com / oauth /authorize?[some params] and authorizes my Facebook app to access his/her data. Facebook redirects back to my site.
My site checks the Code parameter, calls Facebook to replace it for an access token, and then lets the user connect his/her account on my site with the account on Facebook. The access token is saved on the user account on my site.
The next time user arrives at my site and want to login, he/she should be able to click the same "Sign in with Facebook" link and directly get signed in with the site account (assuming he/she is still logged into Facebook)
Problem: Each time the code (from graph.facebook.com / oauth/authorize) is replaced for an access token, the token is changed. Since that token is used to look up the user in my site database, the matching failes.
My question is now: How do I solve this problem? Can the Code parameter from graph.facebook.com /oauth/authorize be saved and used over and over again to look up user? Or is there another way to do this? I really would prefer NOT using the Javascript API since it gives me lots of other troubles.
[Sorry about the links, I am a new user and not allowed to post more than one link]
Ah, I solved it: After I got the access_token I just call graph.facebook.com/me to get the id of the user. This is saved to my database. Next time I match against that id.