We have an application on Facebook, and page, connected to it. There is also a web-site. Web-site have lots of photo-albums, that we'd like to transfer to Facebook app page. Plus we want to add functionality to the site, that when user uploads new photo album there, it's also created on Facebook app page. That's the only place photos will be uploaded to - no other FB pages or users, only our app page.
So far, from what I read in Facebook docs, it seems that we require two spesific permissions for this: manage_pages and publish_actions.
I tryed to request these permisssions in our FB app. Screencast was attached, showing, how user is creating an alum on our web-site, and I wrote a note, that we need these permissions to photos be also uploaded to FB.
Permissions query was rejected by FB with the following answer: Please show the completed post on the pages timeline. Possibly meaning, that they want to see on screen-cast, how album appears on FB app page timeline after it's created on the web-site.
I don't really understand, how this can be shown, if we do not have required permissions for this (otherwise we wouldn't request them). Maybe they mean that album should be created manualy, and then added to screencast, as if it was created programaticaly, just to make our intensions clear?
So, basicaly, here are two questions:
are manage_pages and publish_actions correct and only required permissions for creating albums/uploading photos to FB app page?
how can I show on the screen-cast, that photo album is uploaded to app page after certain actions on the web-site, if we do not have permissions to do that programmaticaly. Should album be added there maually?
Update for #CBroe, for our discussion in comments.
I perform the user login in the following way:
const loginOptions = {
scope: 'publish_pages,manage_pages',
return_scopes: true
};
$(document).on('click', '.facebook-login', function(e) {
FB.login(function(response) {
//...
}, loginOptions);
});
I'm not asked about permissions in login modal window. After this, if I check my permissions with me/permissions, I see, that required permissions are granted. But still, when I try to create an album with post query to pageId + '/albums', I receive the following message: (#10) Application does not have permission for this action.
By the way, I'm testing this not on production app, but on it's test version. But I suppose it should still work.
You misunderstood the process. Any user with a role in your app - admin, developer, tester - can be asked for any permission without review; explicitly so that you can build and test your app properly, before you submit it for review.
This is also an - intended - "loophole" around the review process, if your app is not intended for use by the general public. So if you only want this app to post to your page in the name of the page (the album and photos will appear as created/uploaded and owned by the page, not the Facebook user profile belonging to the user of your app) - then only you, or a page admin that you add to one of the roles in your app, needs to grant those permissions, and therefor you don't even have to get it reviewed. (Not at least regarding those two permissions, for the intended purpose. If your app requests other permissions from general users for a different purpose, those still need to be reviewed.)
This is explained in the App Development FAQ: My app is only used by a small number of people, who are all listed in the Role section of the App Dashboard - do I need to go through Login Review?
(If you want the albums created and the photos to be posted in the name of the FB user profile of your app users, then things are different - then you need to get the functionality reviewed of course. Not sure if users can even create albums on pages though, or whether they are only able to post to existing ones, you'd have to check.)
Related
(I'm aware of this question, but it's outdated to the point of no longer working, so asking again.)
With the Facebook API it used to be that all profile pictures were considered public, and you could get one for anyone without any access tokens like this:
https://graph.facebook.com/4/picture
Now in 2020 it seems that it only works for public images like Zuck there. I have a tool for Facebook page admins that shows a list of people who liked page posts, but when I try to show user pictures in the list they all now come up blank because "This object does not exist or does not support this action".
The docs now say "This document refers to a feature that was removed after Graph API v3.2". But I could not find any more information about this deprecation. Is it now just impossible to show the picture of a user without having a user access token, or has the way to call it just changed?
The feature has not been removed, but now for users that don't have their profiles set as public, you need to provide an access token.
For instance suppose you use the Page API to list all the people who commented on a post. Previously you could show the profile pics of commenters by just linking to https://graph.facebook.com/<UID>/picture. However now you need an access token for that Page, and to then access the pic as https://graph.facebook.com/<UID>/picture?access_token=<TOKEN HERE>.
I have not tested this with apps, but I would assume that also to get the profile pics of app users based on their app-scoped UID, you'd need to include an access token there as well.
I don't know if this is possible through reading the docs, we have an app that we want to post on other businesses pages that we work with but doesn't show up as posts by others, we effectively want to auto post to their pages.
My first idea would be to give our app editor permission for their page manually, but you can only add users to page roles.
My second idea would be to get "manage_pages" permission when they log in to OUR app, then save the access_token
for example https://developers.facebook.com/tools/explorer/?method=GET&path=me%2Faccounts&version=v2.1
will list the pages you manage, but can that access token be used by another app to post?
Or is there a service out there that will allow us to do this?
You cannot give permission to an app to post to pages. What you need to do is give permission for all your pages to a User and get that user to login to your application with the manage_pages permission. Your app should then find the access_tokens for all the pages and then post to each page.
The posts would appear as coming from the Page/App itself, but can be posted from a completely different application, providing you have a valid access_token for each page.
Have a look at this tutorial for how to post to a single page, then adapt it to work with multiple pages.
So, I want to build a web app that posts let say funny cat pics to a users Facebook wall. The user allows the web app to do this via the publish_actions command. Yeah, I know this sounds spammy but it isn't.
Now, on Facebook Developer documentation pages it's described as follows:
"Enables your app to post content, comments and likes to a user's
stream and requires extra permissions from a person using your app.
So, to me this sounds that it's possible for an web app to publish content without the need for the user to grant every single update?
But, reading about it in the "Login Best Practices" section I read the following sentence:
When displaying the Log in with Facebook button, emphasize that
your app will not post to Facebook without people's permission
Source:
https://developers.facebook.com/docs/facebook-login/checklist
So, my question is – is it or isn't it possible?
To my knowledge, the publish_actions permission allows your app to post to the user's wall without having facebook itself ask for permission again.
However, it is good ("best") practice to always make it explicitly clear inside your app that "by clicking here, I will post to your timeline".
Basically, this is Facebook saying that you should handle this asking inside your application, in a way that best fits your application's logic.
Do you know if is there any way to collect last user's post on personal wall/timeline?
I need to know how many and which youtube videos has been shared by an user, reading them from his open graph profile.
I've never wrote any facebook app, but using the Open Graph Explorer seems that this kind of information is available if the user has set to "public" the privacy options of a post that contains a Youtube video.
My question is: could a third party app ask for the permission to read that kind of information? Could it have access to these posts also if they are not set as "public" by their owners?
EDIT: Could an app have access to user's posts like another friend of that user?
You can read the user's wall by creating an app with the read_stream permission and after the user grant you access by hitting the me/feed connection. But creating a 'listening' tool app is not recommended, if your app has no value for its users then you may need to rethink your app mission.
I'm using FB Open Graph in my application. It's not fully working. When I post a object it appears in the user's recent activity; however, it doesn't appear on their timeline. The metadata has no errors and I'm using the FBGraph gem but it also doesn't work when I do it using curl. Any advise to fix this?
Have you tried to use 'fb:explicitly_shared=true' in your URL. Refer: https://developers.facebook.com/docs/technical-guides/opengraph/explicit-sharing/
When you are in development mode, and your actions have not yet been approved by Facebook, the posted actions are only visible to you and to others with developer, admin or tester privileges for your FB app.
See: Facebook action submission
Also, open graph actions will no longer appear in users' news feeds or even the Ticker: http://developers.facebook.com/bugs/398546930211799/. So you shouldn't expect activities performed in your app to appear in users' timelines, unless these activities are tagged as 'explicitly shared', and even then there's no guarantee they'll show up.
Only direct, active shares are more or less guaranteed to show up in the Timeline.
Did you submit your action to get approved by facebook? If you did not do this, it will only work on your facebook account.
Also, are you sure you request the correct permission when the user authenticates, such as 'publish_stream'?