I'd like to create an app that would require a Facebook login as well as access to the user's profile info.
Before getting to the whole technical stuff, I decided to test the Graph API explorer but it doesn't seem to work as expected (from the videos/tutorials I've seen). When I click on the Get Token (Get User Access Token) button and subsequently select the tokens of interest (email, photos, etc.), nothing happens afterward. I expected to be redirected to the Facebook authorization window but nothing happens. I simply get a blank input field. Here is a screen recording of it.
Clicking on the Get Page Access Token does work but gives me access to only the id and name. When I add other field and request for the tokens, nothing seems to work as seen in this screen recording.
What gives?
Adblockers can affect the way Facebook's Graph API Explorer works.
From your video, youre running an adblocker on this page. Suspend the adblocker and try again. This can create all sorts of unexpected behaviors, not least of which is aggressive popup blocking.
Related
I have a site that logs in using Facebook. The first time a user logs in, they get a pop up from Facebook explaining all the parts of the user FB profile my site will have access to. After accepting once, though, they don't get this pop-up on subsequent visits. Is there a way I can ensure that the user always sees this popup?
Update:
I'm trying to find a way to do this during development, so that I can see the list every time. I don't really need this in production.
they see it because it's the standard OAuth workflow to accept the terms of the application they are authorizing through facebook. Once the auth is complete, they are sent directly through, no reason to ask them for auth over and over.
EDIT:
Based on your update, the list is visible through your application settings in Facebook. you can use facebook's api to get these users.
You can build a "Fake Login" - there you can show your terms again. So your clients got a better feeling. ;-)
I have tried just about everything at this point, but I cannot get a like or a comment to show up as my user, if I am logged in as the admin of a page. My app allows people to manage their pages, but even if I pass my user's access token back instead of my page's access token, it still performs the action as though it were the page. This is also true of the Graph API explorer. I've logged into Facebook, flipped over to posting as user, then ran the graph API on the post in question, generating a fresh access token from there and the post STILL showed up as the page! Is this broken? Should I submit this bug to FB?
Yes I have all the required permissions, yes I'm verifying that I'm using the user access token and not the page access token... the Facebook API returns true every time, however, even through the Graph API explorer and not through my app.
http://developers.facebook.com/bugs/408406055876958
This is a known facebook bug, opened in July, with no timetable for fixing it.
A while ago I had written some code that searched Facebook events using the api. I've been trying to revive that code but have been unsuccessful. The main difficulty I see is that is that searching for public events now seems to require an access token. The documentation (https://developers.facebook.com/docs/reference/api/event/) says that shouldn't be the case until July 5th but, the sample event search for me (https://graph.facebook.com/search?fields=name&q=conference&type=event) returns nothing if you don't have an access_token.
So I got an access_token for my application using the facebook php sdk $facebook->getAccessToken(). The problem I am now suffering is this seems to be the wrong type of token. It doesn't work to return any events and the query when posted into the url bar doesn't get anything, but if I switch it an access token generated by a learn graph api link the query works in the url bar (but not from my site annoyingly enough). The type of access token I'm getting from the app is basically | and that is the type that is not working for the event search.
I am basically looking for any advice I can get. How to get an access token that the event search will accept would be helpful. I also find it weird that I can do an event search using the url bar but, the exact same query through my app returns an empty array. So basically anything that can shed some light on my problems would be great.
UPDATE:
I got everything working except that it still requires a user access token rather than an app access token (or none). My other problem was caused by an oddity in the php sdk and I was able to solve it by just doing the curl queries myself.
I have the same problem, at this moment I'm using the access token the graph API explorer (https://developers.facebook.com/tools/explorer) uses when my app is selected (I think it's the users's token so the app can beave as the user, and since it's my access token it's not a big deal).
But this raise another problem: I think the token gets invalidated by logging off from FB or anything similar.
Situation: I am developing a facebook canvas app. Facebook is sending my sever a POST request with the signed_request each time that a page is render. Inside my app I have all my links with target="_top" because if I don't, facebook send my server a common GET without the signed request. So I cann't check the user info.
Problem: It is too slow! even if I am testing it in local, each click that I press takes 1 sec to render and my canvas becomes completely white and then the info is shown, It will be a bad user experience.
My tests: If I remove the target=_top and I point all my links' href to my server without the app.facebook.com/whatever, it loads very quickly.
My doubts: Is there any security issue with this? If I point all the links to my server (no apps.facebook.com) I can not check the signed request, I will only check it in the main page..
Any advice? any tutorial? Do I have any misundestanding of this? (It is my first facebook app)
Have you read the Server-Side Authentication tutorial?
You're doing it wrong.
Once the users lands in your app you should keep all links in the same frame, loading the entire window along with facebook is completely redundant.
What you should do:
When you get the POST with the signed request, decode it and check if the user is authenticated, if he is persist the data (token and such) somewhere (session, db, cache).
If he is not authenticated send him to the auth dialog as noted in the tutorial, when he gets back exchange the code you get (in GET) for the token (also shown in the tutorial), then redirect him to http(s)://apps.facebook.com/YOUR_APP and you'll be posted with the authenticated signed request, save it, etc..
Since you persist the data, in every request that is not POST or don't include the signed_request check your persistency choice for the data, and use it.
There should be only two times where facebook sends you the request, once it is POST when your canvas is loaded, the 2nd is when the user returns from the authentication dialog, in which you either get the code parameter or error in case the user declined the authentication.
Other requests should be from your app (inside the iframe) into the app servers.
JDL,
I believe you are querying the graph API at each request (and that's why you always need the signed_request). Is this right?
The graph API is pretty slow (~ 1 second/query) and you should use only when necessary. For example, when you first receive the access_token you should save it in your session and query the graph API to retrieve the respective facebook user info. But then you should put the info you need about this user in your session and only refresh it (using the graph API) when the signed_request access token is different from the one you have saved in your session.
The behavior of adding _top to the target of your links is ok and a good practice within facebook canvas.
I am trying to get users' permission for 'offline_access' in an iFrame Facebook application coded with the Facebook Java API. I understand that I need to obtain an 'indefinite session key' after the users approves my application. Currently, I can accomplish what I want, but in a very awkward way that is probably not correct. There must be a better way to do this. Any thoughts/ideas would be appreciated!!
What I've done
In a servlet of my app, I check to see if the user currently has 'offline_access' permission. If they do, I get the url by Permission.authorizeUrl(Permission.OFFLINE_ACCESS). I then call response.redirect to get to the permissions page. Two problems I'm having are:
The redirected permissions page is displayed within the iFrame. Hence, the Facebook book home menu bar etc. are displayed twice. i.e. looking like an app is embedded in another app.
The user will be 'stuck' on the permission page once redirected there. I won't be able to obtain the 'indefinite session key' (by calling client.getCacheSessionKey) unless the user goes back to a page in my app manually.
Possible Work-arounds??
Is there a way to open/redirect to the permissions page in a new window? That way maybe I can have a thread in my servlet to keep checking whether the permission is set after the redirection. And then I can get the 'indefinite session key' once I have it and store it somewhere?
Is there a way to set an URL for Facebook to go to after permission is set? (much like the pre-auth and post-auth URL settings?) Or somehow take control after the permission page is hit?
Any other ways to setup my app maybe?? Being a newbie, I might've totally gotten the idea wrong...
Have you tried using the fb:promot-permission tag in XFBML? That would seem the simplest way of getting the permission granted, and XFBML is fairly easy to set up.