My application authenticates users via Facebook. It requests user token for permissions public_profile and user_photos.
One day I found that all registered users have only public_profile, and application have no access to their photos, because I did not get approve from Facebook for user_photos permission.
After all I got this approve, and tokens of new users logged in via Facebook have user_photos permission.
But legacy users have no, their tokens did not updated automatically to obtain additional user_photos permission.
Is there a way to refresh a Facebook token, without logout and login again?
You can´t just refresh a Token without user interaction, that would make the whole point of permission authorization pointless. You can just check for the granted permissions and call FB.login (if using the JS SDK) again if some permission is missing: https://developers.facebook.com/docs/graph-api/reference/user/permissions/
This may be interesting for you too: https://developers.facebook.com/docs/facebook-login/handling-declined-permissions/
Related
I'm using a Facebook app (in development mode) to generate a page access token so that my personal web app can schedule/edit/delete posts on a Facebook fan page.
I'm using the Graph Explorer to generate the token while logged in as the admin of the fan page.
When I use that token, I'm able to GET a list of the scheduled posts, but whenever I try to edit or delete a post, I get this error:
"User does not have sufficient administrative permission for this action on this page."
Here is the debug of the token:
Any ideas on how to fix this?
Here according to the documentation
DELETING YOUR POST
These are the permissions you need in the scope of your token.
To delete a user's post, a user access token with publish_actions permission is required.
To delete a Page's post a Page access token and publish_pages permission is required.
To delete a User's post on Page a Page access token is required.
To delete another User's post on a Page-owned event the user_managed_groups permission is required.
UPDATING YOUR POST
A user access token with publish_actions permission.
SO you need publish_actions permission within the scope of your token.
Update 1
Also check here if you have the valid page role
I'm quite confused about Facebook's new publish_pages permission.
My Facebook app allows our CMS users to post to their Facebook pages via our CMS, posing as the page.
We have been granted (via the login review process) the manage_pages and publish_actions permissions.
The API change log states this:
publish_pages Permission - This new permission is required to publish as a Page. Previously publish_actions was required. People who granted manage_pages and publish_actions before v2.3 have automatically been granted publish_pages. If anyone logs in via v2.3, you'll need to request publish_pages explicitly in addition to manage_pages.
We have not been granted the publish_pages permission automatically.
The blog post here states:
For Page developers, we've added the ability to deliver more content on a Page via real-time updates (RTUs). A new Login permission, publish_pages , is now required for apps to publish on behalf of Pages; previously, this required publish_actions.
So it sounds to me like if we upgrade to use API 2.3, our service will no longer work, because we haven't been granted publish_pages.
The documentation states this:
A user access token with publish_actions permission can be used to publish new posts on behalf of that person. Posts will appear in the voice of the user.
A page access token with publish_pages permission can be used to publish new posts on behalf of that page. Posts will appear in the voice of the page.
We do want to post in the voice of the page, as we do currently.
Therefore I opened a new login review request and summarised all of the above, quoting their changelog. Facebook's response was this:
You don't need the publish_pages permission because you already have the publish_actions and manage_pages permissions granted. Publish_pages is a new feature that allows an app to publish to a managed Facebook fan page, but your previously granted permissions contain this functionality already.
Is it just me, or does that response conflict with everything else they've written?
So my question is simply, do we need this new permission going forward or not, and have they wrongly not automatically granted it to us?
Well apparently Facebook's supports response is in some manner wrong.
If you want to post on Page on behalf of the user manage_pages and publish_actions publish permissions are passable for post action.
If you want to post on behalf of the page you also need publish_pages permission, without this all v2.3 api calls will return OAuth Error. There might be other privileges for managing your pages under this permission i don't know
I want to get /{user-id}/feed from another user (user B) rather than "me" (user A), but the query returns an empty list.
I'm using the Graph API Explorer to make the queries, and I've got the Access Token with user_posts, user_status and read_stream permissions, but I can't get this information.
In this thread is said that:
Additionally the queried user needs to grant the app the read_stream permission.
In this other thread they said:
If the user is your app user authorized with read_stream permission, then you access the USER_ID/feed. It's because USER_ID/feed endpoint only available if user give permission read_stream to your app. App Access Token is not allow.
If the user is not your app user with read_stream, then you access the USER_ID/links instead. It's because no read_stream permission require to access this endpoint. App Access Token is not allow.
MY QUESTIONS:
Do I really need this other user (user B) to grant this permission to access his feed?
Where can I find official documentation saying so?
As /{user-id}/links seems to be accessible, are posts, statuses or tagged accessible too, or I just can access links without User B granting this permission?
Note:
Since the purpose is to use it in and iOS and Android App I can't use the read_stream permission, so I would use the user_posts which is supposed to be valid as they say in https://developers.facebook.com/docs/graph-api/reference/v2.3/user/feed
>
Of course, why would anyone want your App to access his newsfeed without his authorization? Keep in mind that not only the user would be able to access the feed of his friends, but the App too - which means, it would be easy for the App developer to get access.
Should be clear with number 1. Why would there even be a permission if you could just grab the feed from another user with it?
You can´t get ANY data from a user without his authorization, for privacy reasons. Friend permissions are gone.
Having an application token, a user who authorized the application with manage_pages permission, how can I access to the pages this particular user is admin of?
You can't, you need a user access token for that permission as outlined in the docs
https://developers.facebook.com/docs/reference/api/user/ (look for accounts)
You don t need an application token but a user access token to access those pages
I want the users of my website to be able to authorize Facebook access in their profiles, such that our servers can continuously use that authorization. I know how to do the authorization part, but what I get back is an access key that will eventually expire. This would require the user to log back in and re-authorize us periodically.
Is there a way that the user can grant authorization once, giving me an access key that won't expire?
Update
The offline_access is now disabled as pointed out in one of the comments. To understand the changes Facebook as a nice post. https://developers.facebook.com/roadmap/offline-access-removal/
Old Answer
If the application has not requested offline_access permission, the access token is time-bounded. Time-bounded access token also get invalidated when the user logs out of Facebook. If the application has obtained offline_access permission from the user, the access token does not have an expiry. However it gets invalidated whenever the user changes his/her password.
http://developers.facebook.com/docs/authentication/