I would like to develop a mobile application that uses the Facebook Graph API.
For testing, I used an "access token" that I found on the Internet and it works ok for me. In the future, I would like to create my own access token and release this app. Is there any problem if the same "access token" is used for 1000, 10000 or more at the same time?
Related
I referred this Facebook page Manually Build a Login Flow to build a login script for my website.
Here is the summary of steps from the page above:
Get authorization code
Exchanging Code for an Access Token
Inspecting Access Tokens
Query Graph Api
On the third step Facebook requires the below parameters
(I used the access token from step 2 here)
input_token {token-to-inspect}
// An app access token or an access token for a developer of the app.
(Should i use my FB app id ?)
access_token {app-token-or-admin-token}
What should the access_token contain? I inserted my FB app id but got the below response
HTTP/1.1 400 Bad Request
WWW-Authenticate: OAuth "Facebook Platform" "invalid_token" "Invalid OAuth access token."
Not sure if the error is due to expired user access token or because of wrong input parameter.
I read further and found this page about app access token
You can either generate an app access token
curl -X GET "https://graph.facebook.com/oauth/access_token
?client_id=your-app-id
&client_secret=your-app-secret
&redirect_uri=your-redirect-url
&grant_type=client_credentials"
or set access_token parameter as below
access_token=your-app_id|your-app_secret
I tried the latter your-app_id|your-app_secret and it worked.
For my website I use the Facebook API to get the events from a few Facebook pages. For this purpose I have created a Facebook app.
However, even though this used to work before, the API now returns an error:
"message": "Invalid OAuth access token signature.",
"type":"OAuthException",
"code": 190,
Here are the steps to reproduce the error:
Go to app's dashboard on https://developers.facebook.com/apps
Get the app id (APP_ID) and the app secret (APP_SECRET)
Use the app id and the app secret to get an access token by using this url:
https://graph.facebook.com/oauth/access_token?client_id=APP_ID
&client_secret=APP_SECRET&grant_type=client_credentials
This returns something like
{"access_token":"123412342134|f34f34f32fc3rc4rc324r-X","token_type":"bearer"}
I then use this access token to access the events
https://graph.facebook.com/v2.12/{11239244970}/events/?fields={id,name}&access_token={123412342134|f34f34f32fc3rc4rc324r-X}
However, this returns the error mentioned above, "Invalid OAuth access token signature.".
I'm stuck here. None of the posts on here seem to solve my problem.
I've already tried resetting the app secret, but that didn't help. Any hints are greatly appreciated!
It would appear that the reason for this error is that Facebook currently only returns events for pages using the Pages API if you use a user access token and that user is attending, is interested in or has been invited to the events of the page (as answered by #unknown_b to a related question over here).
To get the Client Access Token for an app, do the following:
Sign into your developer account.
On the Apps page, select an app to open the dashboard for that app.
On the Dashboard, navigate to Settings > Advanced > Security > Client token.
https://developers.facebook.com/docs/facebook-login/guides/access-tokens#errors
I am pulling my hair out trying to understand what Facebook wants me to do to post to a FaceBook Page as a System User that has Admin and Page Privileges to and Owned by our business (We have Facebook Business Manager).
In a nut shell all I want to do is make this call:
https://graph.facebook.com/v2.5/${MyPageID}/feed
What I don't get is the access_token part.
I can generate access tokes for Apps, for Pages but all result in 403 returned from FaceBook. I have gone as far and checking every box available on the generate access token popup on the graph api and still I get 403 "Forbidden" so I am detailing the little I understand of the insanity that is FaceBook Auth in the hope that someone can explain where I am going wrong.
1) To Post as a System User to a Page I have to Create a FB App (I Would prefer just to post direct to the pages and skip the App part, My System User has Admin Access on All pages)
2) To Access the App I need an App Token.
3) To Create an App token I need a User Token.
4) To Create a user token I need to log in to Facebook and have all sorts of permissions on the App. (I can't log in as the System User! FB asks me to login as myself. I am not sure if this breaks the Auth Token generated?)
5) Then there are all sorts of swapping tokens to get a Permanent App token, Another point of potential failure!
6) IF the stars and moon align and you stand on your head the permanent App key can be passed to the above call as the access_token
I don't understand how to link the Pages I want to post to with the App created. Do I have to have 1 App for Each Page?
I have got one page to work, We initially used that App to Auth against the Instant Article Graph API:
https://graph.facebook.com/v2.5/${MyPageID}/instant_articles
I could not use the above token for the /feed url, I had to generate a new token with extra publish permissions and the page published with no problems, however when I change the ${MyPageID} to another page using the same access_token I get the 403.
I tried Creating a new App, I have no clue how they link to a specific page So the App to me seems sort of redundant.
Any help with what I am doing wrong or how I can go about simply posting to various FB Pages with a System User using the /feed api ?
The calls are made form a Spring Boot Java APP using HTTP Posts.
How to get a System User Auth and Page Auth:
1) Generate a User Token for an App (Button above the System User):
https://business.facebook.com/settings/system-users/${System User ID}?business_id=${your_business_manager_id}
System user has Page Admin on each page you need to post to.
App is just an FB app, not sure what it does other that it is a grouping I generate a token against.
I chose: (manage_pages, publish_pages, publish_actions, pages_manage_instant_articles, pages_show_list)
2) Check your access token:
https://developers.facebook.com/tools/debug/accesstoken/?access_token=${The access token you got from the step above}&version=v2.12
This will provide you with the App ID the Token is for and how long it lasts (we need a Permanent token)
3) Using Graph API Explorer gets the Accounts this token has access to:
https://developers.facebook.com/tools/explorer/${Your FB APP ID}/?method=GET&path=me%2Faccounts&version=v2.12
4) Using the output above find Page Auth for each page you wan to publish to
5) Post to each page in turn:
https://graph.facebook.com/v2.5/${MyPageID}/feed
I am trying to programatically grab a few insights metrics from facebook for various pages (about 50 clients). Therefore I want to automate this.
I created a facebook app and have my app_id and app_secret. I also created a app_access_token which doesn't expire?
My question is this: How do I get the page access token for each of the pages I want to get insights from? Currently I...
STEP 1) ...went to the Query Explorer and seleted my app and grabbed a user_access token with the manage_pages and read_insights permissions.
STEP 2) I then used that user_access_token to go to https://graph.facebook.com/v2.5/{pagename}?fields=access_token&access_token={user_access_token} to get what I presume is the page_access_token.
STEP 3) I then use this token to do my queries for things like https://graph.facebook.com/v2.5/{pagename}/insights/page_impressions?access_token={page_access_token}.
Now since the app is already OKAYed, shouldn't be there a way to grab that user_access_token in step 1 programatically? They all expire except the app_access_token I described above. Can I use that token somehow in step 1?
I am not using and SDKs just pure https calls.
Actually it is possible. I managed to get an extended page access token by doing this:
https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=[app-id]&client_secret=[app-secret]&fb_exchange_token=[short-lived-token]
from here. Basically you get a short lived user token and then use that to get a page access token and then use that with your app id/secret to get an extended page token that never expires (perfect for embedding in an automated reporting app).
It is convoluted but it works. And as a bonus if you register the APP on Facebook business manager, that page token will work on all sites you have access to under that business manager account.
there is a problem with my access token. I have made my own application, and I took the permission from the facebook user, who is me. And also I have given the same permissions to the facebook graph api. However when I can easily get the results using FQL with graph api access token, but I cannot get the result with my own application access token. What is the problem with my access token.
It is not user access token. Maybe this can be problem however also graph api is not also user access token.
Per the error message you need to use a user access token retrieved via the Authentication flow - you cannot use an app access token for this.
You mentioned in the comments you're successfully using an access token from the Graph API Explorer tool - this is also a user access token which the tool retrieves using the client-side oauth flow. This is not the same as using an app access token for your own app.