Based on the doc on Facebook page access token following steps are need to be taken to obtain a long-lived Page Access Token.
Extend the User's Access Token which has the manage_pages permissions
Get the page access token thru the /userId/accounts end point using the extended user access token.
This process is working fine and I am able to obtain and use the page access token properly.
The issue arises when the user grants a new permission to the App - such as 'publish_actions' to allow the App to post on the Page's timeline, the page access token obtained using the above mentioned mechanism does not work properly.
Until about a 6 to 8 weeks ago the new publish_action permission would allow the previously saved page access token to post on the page's timeline without any issue. This feature seems to have broken where I am getting the following error :
{"error":{"message":"(#200) The user hasn't authorized the application to perform this action","type":"OAuthException","code":200
When the access token is debuged using the Facebook debugger tool - it shows that the saved page access token is indeed embellished with the new permission as follows :
App ID XXXXXXXXXXXX : App Name
Profile ID 999999999999 : Page Name
User ID 9999999999999999 : User Name
User last installed this app via API v2.x
Issued 1454463877 (40 minutes ago)
Expires Never
Valid True
Origin Web
Scopes email, manage_pages, publish_actions, public_profile
So although this page token has publish_actions permission it is not able to post on the page's timeline. This has stopped working recently and looking for any other folks who have faced a similar issue and have managed to resolve it.
Btw, I have already tried refreshing the page access token using the newly generated user access_token at the time when the user gives the publish_actions permission. Going the thru the above 2 steps using the new user access token, seem to return the same page access token and it continues to fail to post on timeline...
Any help is much appreciated.
The issue was related to using incorrect permission. Facebook has introduced a new 'Publish_pages' permission which should be used to make posts on business pages. We were using publish_action which was invalid (since v2.3 or somewhere around that - we are using v2.5 of the graph API so it caused a problem).
Facebook responded pretty quickly to our bug report and provided this guidance which helped resolve this issue (I should have posted this answer earlier).
Related
I am creating long lived access tokens for my users when they first sign up for my app, this has been working fine for the past 6-8 months. Recently, the manage_pages permission was revoked from my app (when Graph API v8.0 was released) due to lack of use. It is true that we did not use this permission, but the reason we asked for it is because it was required for some of the calls we were doing to gather Instagram insights for our users when we first started. I don't know if this has anything to do with the issue but just including it anyways.
Now it seems that newly created access tokens are automatically invalid, this was never the case before. I run these access tokens through the access token debugger and get the following error:
Error validating access token: The user has not authorized application [MY_APP_ID].
It seems this problem slowly began to onset, and now every single new user on our app is experiencing this issue, even after granting us the following permissions:
public_profile
email
instagram_basic
instagram_manage_insights
pages_show_list
The permissions recently revoked from my app were:
pages_manage_ads
pages_read_user_content
pages_manage_metadata
Users go through the complete OAUTH flow, and when they are redirected to my site I create a long-lived access token but it seems the token does not recognize that the user had authorized my app, hence the reason it is invalid.
Here is my OAUTH Url for new users:
https://www.facebook.com/v5.0/dialog/oauth?client_id={{ settings.FACEBOOK_CLIENT_ID }}&redirect_uri={{ settings.FACEBOOK_REDIRECT_URL }}&state={{MY_STATE}}&return_scopes=true&auth_type=rerequest&scope=public_profile,email,instagram_basic,instagram_manage_insights,pages_show_list
You have to remove the manage_pages scope from your Facebook button code and replace it with the pages_show_list scope :)
I am pulling my hair out trying to understand what Facebook wants me to do to post to a FaceBook Page as a System User that has Admin and Page Privileges to and Owned by our business (We have Facebook Business Manager).
In a nut shell all I want to do is make this call:
https://graph.facebook.com/v2.5/${MyPageID}/feed
What I don't get is the access_token part.
I can generate access tokes for Apps, for Pages but all result in 403 returned from FaceBook. I have gone as far and checking every box available on the generate access token popup on the graph api and still I get 403 "Forbidden" so I am detailing the little I understand of the insanity that is FaceBook Auth in the hope that someone can explain where I am going wrong.
1) To Post as a System User to a Page I have to Create a FB App (I Would prefer just to post direct to the pages and skip the App part, My System User has Admin Access on All pages)
2) To Access the App I need an App Token.
3) To Create an App token I need a User Token.
4) To Create a user token I need to log in to Facebook and have all sorts of permissions on the App. (I can't log in as the System User! FB asks me to login as myself. I am not sure if this breaks the Auth Token generated?)
5) Then there are all sorts of swapping tokens to get a Permanent App token, Another point of potential failure!
6) IF the stars and moon align and you stand on your head the permanent App key can be passed to the above call as the access_token
I don't understand how to link the Pages I want to post to with the App created. Do I have to have 1 App for Each Page?
I have got one page to work, We initially used that App to Auth against the Instant Article Graph API:
https://graph.facebook.com/v2.5/${MyPageID}/instant_articles
I could not use the above token for the /feed url, I had to generate a new token with extra publish permissions and the page published with no problems, however when I change the ${MyPageID} to another page using the same access_token I get the 403.
I tried Creating a new App, I have no clue how they link to a specific page So the App to me seems sort of redundant.
Any help with what I am doing wrong or how I can go about simply posting to various FB Pages with a System User using the /feed api ?
The calls are made form a Spring Boot Java APP using HTTP Posts.
How to get a System User Auth and Page Auth:
1) Generate a User Token for an App (Button above the System User):
https://business.facebook.com/settings/system-users/${System User ID}?business_id=${your_business_manager_id}
System user has Page Admin on each page you need to post to.
App is just an FB app, not sure what it does other that it is a grouping I generate a token against.
I chose: (manage_pages, publish_pages, publish_actions, pages_manage_instant_articles, pages_show_list)
2) Check your access token:
https://developers.facebook.com/tools/debug/accesstoken/?access_token=${The access token you got from the step above}&version=v2.12
This will provide you with the App ID the Token is for and how long it lasts (we need a Permanent token)
3) Using Graph API Explorer gets the Accounts this token has access to:
https://developers.facebook.com/tools/explorer/${Your FB APP ID}/?method=GET&path=me%2Faccounts&version=v2.12
4) Using the output above find Page Auth for each page you wan to publish to
5) Post to each page in turn:
https://graph.facebook.com/v2.5/${MyPageID}/feed
I am building my first facebook app and am facing a issue.
Task : Build a entirely server side application to be used by the admin of a facebook page to post videos/photos on the page. This should not involve having the admin to log in everytime to generate the user acess and page access token.
What I found : Based on the requirement, I found that app tokens can be used for this purpose. This line specifically hints at the usefulness.
App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application
I think that using this will be safe since mine is an entirely server side app.
Problem The docs say that:
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
will give the app token that can be used in place of user access token.
However, I have not been able to do so. Specifically the error encountered is
Error 200 .The user must have accepted the TOS. Since I have already tried publishing content with page access token, I know this is a permission issue.
The following line
a person who has granted an open graph publishing permission to your application.
does not clarify everything. I came across a related question, but the answers seem to be a bit vague.
It would be really great if someone could give me insights about how this can be achieved.
In order to post to a page, you need at least authorize with the manage_pages permission. If you want to post "as user", you need to add publish_actions and use a "User Access Token". If you want to post "as page", you need to add publish_pages and use a "Page Access Token".
Information about how to generate those Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
The error message with the TOS has been discussed a lot of times already, please go to those threads (or find a lot more with the search function):
(OAuthException) (#200) User must have accepted TOS on C# - Facebook
How come I get a "must have accepted TOS" error for test users with app installed?
facebook long term token "(#200) User must have accepted TOS"
Occassional (OAuthException - #200) (#200) User must have accepted TOS
You cannot post to a Page via an App Access Token. This is clearly stated in the docs at
https://developers.facebook.com/docs/graph-api/reference/v2.3/page/feed#publish
A user access token with publish_actions permission can be used to publish new posts on behalf of that person. Posts will appear in the voice of the user.
A page access token with publish_pages permission can be used to publish new posts on behalf of that page. Posts will appear in the voice of the page.
I'd recommend to use a eternal Page Acess Token, so there's no obligation to renew the User Access Token. Have a look at my answer here:
Post to a facebook page without "manage_pages" permission using php
See
https://developers.facebook.com/docs/facebook-login/access-tokens#pagetokens
I have a Node.js server running a social network site and I also have a facebook page for that site. For certain actions performed by users on my site, I want to post details on the facebook page of my app.
I referred to Thuzi facebook node sdk here on how to post to facebook wall. However, it requires app id, app secret and a temporary access token. App id and app secret are constant so I can put them somewhere in my config file and use from there. But how do I get the access token without any interaction from front-end ? All posts will be published by our app only and that too on our own page. I just want this to be triggered by the end user's actions. Any help ?
I am using Sails.js framework btw.
You would need to use an Extended Page Token for that, you only need to create it once and it will stay valid forever. And you will post "as Page" with a Page Token. How to get an Extended Page Token:
Create an App
Use the Graph API Explorer to generate a User Access Token (by authorizing the App with the manage_pages and publish_actions permission)
Extend the User Access Token (valid for 60 days)
Request an Extended Page Token by calling /me/accounts
Store that Extended Page Token on your server and use it for posting on the Page wall.
Here are some additional resources, explaining everything in detail:
https://developers.facebook.com/docs/facebook-login/access-tokens/
https://developers.facebook.com/docs/graph-api/reference/v2.1/page/feed
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
I am also digging more in to this nowdays As I am working on a node module for this.
Till now I got to know that we can create a temporary access_token and we can than extend that token upto max 60 days.
For this after getting temporary token you need to make a call to this url to get a access token with 60 days validity.
https://graph.facebook.com/oauth/access_token?client_id=&client_secret=&grant_type=fb_exchange_token&fb_exchange_token=
I created an APP on Facebook and using graph API explorer, I selected my app from app drop down box, requested access token with manage_pages, offline_access and publish_stream permissions.
Using this access token, I was successfully able to post message on page using restfb APIs but when I log out, it starts throwing The session is invalid error.
I read on few posts that offline_access is deprecated. Could someone tell me how to obtain permanent access token?
Thanks
Looking at the docs at: https://developers.facebook.com/roadmap/offline-access-removal/ this is no longer possible.
Desktop applications will not be able to extend the life of an
existing access_token and the user must login to facebook once the
token has expired.
Otherwise, it is possible to request an access token with a longer expiration. Here are the directions: https://developers.facebook.com/roadmap/offline-access-removal/#extend_token
What kind of Access Token do you need? There are three kinds, User AT, App AT and Page AT.
If you want User AT, it seems you are out of luck. I don't think it's possible anymore. You can only get to 60 days. However, if you need Page AT, you can get a permanent one. The difference is, Page Access Token only has access to a single facebook page.
Basically you need to get User Access Token first, with manage_pages permission. When you have one, you have to look at /{pageId}?fields=access_token for your page's id in Graph API.
For more info look at: facebook: permanent Page Access Token?
you will not get any permanent access token as Facebook developer blog explains. you will be given 60 days long lived access token. Before the expiration Facebook will notify you about the expiry and then you can renew it or you can build your own custom control to get the notification on token expiration which you can fetch from Facebook API.