I'm trying to use my generated App Access Token with requests to the Graph API, but for some unknown reason it simply will not work. I always get the dreaded Invalid OAuth access token signature error.
Now, let me clarify: I'm pretty sure I know what I'm doing. I did get it to work with a different FB app. I used the /oauth/access_token call to generate the App Access Token, and I can use that Token successfully in further graph calls for that FB app.
But when I try it for my new FB application, it fails. This is the Rails snippet:
app_access_token = URI.escape(ENV["FACEBOOK_APP_ACCESS_TOKEN"])
url = "https://graph.facebook.com/debug_token?input_token=#{user_access_token}&access_token=#{app_access_token}"
response = HTTParty.get(url)
I've also tried not-encoding the token; as expected, it doesn't work (and shouldn't).
I've double- and triple-checked my App ID and App Secret, and re-ran the generation (via curl), and I think it's all correct and copy/pasted without error. The only possibly-notable difference between the generated token of my old app and that of my new one is that the latter has a hyphen in it. Is that relevant?
I am currently working around this by using <App ID>|<App Secret> in place of the generated token, but I'd really like to get back to doing it the right way.
Argh! It turns out that I had a few extra characters that somehow got attached to the end of my generated token!
I don't know how those got there, but that was the problem. Just dumb old human error.
EDIT: Oh my god, every Facebook developer should know this page:
https://developers.facebook.com/tools/accesstoken/
Why isn't that linked from the docs about the access token? It would have saved me so much time and probably prevented my mistake!
Related
I am having issues using the Facebook send dialog. If I open this window in a new browser, everything works:
https://www.facebook.com/dialog/send
?app_id=[My_App_Id]
&redirect_uri=https%3A%2F%2Fwww.example.com%2Fcallback
&link=https%3A%2F%2Fexample.com%2Fimage.jpg
So by doing that, I am able to send a message just fine. However, I need this to be in an iframe, which according to the send dialog documentation, this should work. So I then do this:
https://www.facebook.com/dialog/send
?app_id=[My_App_Id]
&display=iframe
&redirect_uri=https%3A%2F%2Fwww.example.com%2Fcallback
&link=https%3A%2F%2Fexample.com%2Fimage.jpg
Doing so, I get the following error:
API Error Code: 102
API Error Description: Session key invalid or no longer valid
Error Message: Iframe dialogs must be called with a session key
I find it a little strange that I can do this with a popup, but they require a session key for iframe. But even so, that isn't a problem. Because I have already gotten an access_token. So, this should work then:
https://www.facebook.com/dialog/send
?app_id=[My_App_Id]
&display=iframe
&redirect_uri=https%3A%2F%2Fwww.example.com%2Fcallback
&link=https%3A%2F%2Fexample.com%2Fimage.jpg
&access_token=[MY_OAUTH_ACCESS_TOKEN]
The access token was obtained from calling /v12.0/dialog/oauth, and I have confirmed that the access_token is valid:
However, I now get this message:
This Content Isn't Available Right Now
When this happens, it's usually because the owner only shared it with a small group of people, changed who can see it or it's been deleted.
So now this really makes no sense. I can send this link just fine if I use a popup with NO access_token present. But to set the display to iframe, I must include the token, which is fine, but it doesn't like the token for some reason?
It is also worth noting that this behaves the same way regardless if the Facebook app is in development mode or live mode. In development mode, all of the permissions should work for my test users. So it seems very unlikely that this is a permissions issue?
Anybody have any insight on this at all?
I've been trying to get OAuth 2.0 to work correctly. I have managed to make the url that that will do the "deny/allow" for my app by opening a webpage with just
Application.OpenUrl(uri.ToString());
The problem is that I have no idea how to get the redirect and the auth token from the page if the user hits allow. When you hit allow, right now nothing happens it just sits on the page. Checking Networking in chrome debug does have the redirect and token there but it never actually sends it..
I was recommended to use RestSharp but I again have no idea how to use it with Unity as there are lot of resources for Android/iOS PC etc. but I can't get any of them to work for this Unity project...
var client = new RestClient("https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=*clientID*&redirect_uri=http%3A%2F%2FfitRPGcallback&scope=activity%20profile%20sleep%20social");
Debug.Log("client made");
var request = new RestRequest(Method.POST);
request.Resource = ("profile%20sleep%20social");
client.ExecuteAsync(request, response => { Debug.Log("response is : " + response.Content);});
Application.OpenURL(client.BaseUrl.ToString());
In the URL I do have the correct clientID in there as well just not sure what I can and can't show for security reasons etc.
Biggest problem is just having no idea how to get the return value from the webpage after the user hits allow/deny...
Any insights would be super super appreciated cause I just want to start making the actual game but there's not as much point if I can't get this data...
So, I'm posting on a few other applicable questions as well since I have finally figured out my answer.
Unfortunately I'm not using REST so that part is still up in the air BUT I did get it to work with just Fitbit, Unity and a Webview plugin (you will need a webview OR a way to get the initial code back from your first OAuth2 call)
You can find steps here.
http://technicalartistry.blogspot.nl/2015/07/oauth2-unity-and-month-of-cursing.html
EDIT:
So I had to change how I did it because Fitbit changed their ToS where we are no longer allowed to use Webview based Authenticators (which is what I was using in the above blogpost.)
Give this next post a look for how to make an Android Plugin that will grab the Accesstoken from Fitbit's OAuth. This is a FREE way to do it since you make it yourself and it's ezmode :)
http://technicalartistry.blogspot.ca/2016/01/fitbit-unity-oauth-2-and-native.html
I'm using the Javascript SDK inside a node.js (Express) App.
Connecting Users works fine, but the connection does not persist between page reloads.
Is this the default behaviour, or is the User supposed to stay connected in new requests?
Do I have to use OAuth token authentication and if so, how can this be done with the JS-SDK?
Inside the "Permission"-Popup, Users are already logged in with soundlcoud, though.
(just have to click the "connect" button each time)
Figured I'd share my answer for those who are unsatisfied with the current answers for automated oauth:
Retrieving access_token:
I had to define get and set cookie functions and then I use the functions to set and retrieve a function holding the access token. I'm not going to give these functions for conciseness but you can easily find them with a google search. I then use this line of code to get the SC access token (once the user has authenticated for the first time)
SC.accessToken()
Setting token:
So this is kind of just an elephant in the room in my opinion that for some reason no one has mentioned. How in the **** do you connect w/ SC using the access token? Do you set it as oauth param? On each call pass it? Well, after experimenting with putting the parameter in every single place I could think, I found out you have to do something like this:
SC.initialize({
client_id: '[removed for security reasons]',
client_secret: '[removed for security reasons]',
redirect_uri: '[removed for security reasons]',
access_token: getCookie("sc_lm2"),
scope: 'non-expiring'
});
//Where "sc_lm2" is the name of my cookie
Hope the helps! Took me a while to figure this out for such a simple thing
EDIT
Using PHP and Wordpress:
$json = wp_remote_get("http://api.soundcloud.com/users/[user_id]/tracks.json?client_id=[client_id]");
$soundcloudData = json_decode($json['body'],true);
(substitue cURL functionality if you're not using Wordpress). #krafty I assume you would just change the endpoint from "/tracks" to "/users" but I can't say I have ever really needed to grab anything but tracks using the Soundcloud API. Hope this helps, though I'm not sure I fully understand what it is that you are trying to accomplish (or rather, how exactly you're going about it) - are you trying to allow user logins? If you want to explain fully what you're trying to accomplish and the steps you're taking I'd be happy to take a crack at it.
Yep, this is the way to do it, officially. :)
For the Next SoundCloud site, we store the token in localStorage (until the user logs out, of course). In each AJAX request to the API from the front end, we put the oauth token in a request header:
jqXHR.setRequestHeader('Authorization', 'OAuth ' + the_oauth_token);
I am at this step in getting my app started in the documentation:
https://developers.facebook.com/docs/appsonfacebook/tutorial/#auth
In there is a code block that (supposedly) forwards the user to a request dialog asking permission to access certain bit of information about them. I've placed this code block into the PHP script that my canvas URL points to, and changed the $app_id and $canvas_page to my application ID and canvas URL respectively. Instead of getting the expected dialog, I receive this following error from facebook:
"An error occurred. Please try again later."
No other details about the error are present. I've tried some variations of the script, and have even tried loading up this URL directly just to see if that would work. Note that I've replaced YOUR_APP_ID and YOUR_CANVAS_PAGE with the appropriate values and made sure that spelling and/or punctuation are correct:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE&scope=email,read_stream
For the redirect URL, I've tried prepending it with http://, https://, and no prefix at all. All with the same result.
My question: is the example in the documentation broken, or is the oauth link provided in the documentation currently down? The vague nature of the error is somewhat frustrating since I can't tell if it's something I'm doing wrong or if it's facebook's oauth function that's at fault.
So, the problem was that instead of using the numeric application ID that facebook assigned for me when I originally created the app as the YOUR_APP_ID parameter in the OAuth URL, I was using the application namespace string. Facebook didn't understand this sort of request, and returned the generic error message.
Once I used the numeric app ID, the OAuth dialog popped up to ask permission to access my account, as expected.
Well there seems to be quite a bit of confusion on this topic and I am struggling to get a clear answer, so here is my question...
I am using the serverside flow to obtain access tokens for my web app, I previously used offline_access which is now being depreciated so I need a way to refresh the token in the following situations:
1) User changes FB password
2) Token expires naturally
My app posts results to users FB walls so the refresh needs to be done automatically by our server (no cookies or OAuth dialogs)
I thought I could try to use the new endpoint described here
http://developers.facebook.com/roadmap/offline-access-removal/
, with the following piece of code (Java):
public static String refreshFBAccessToken(String existingAccessToken)
throws Exception{
//Currently not working
String refreshUrl = "https://graph.facebook.com/oauth/access_token?
client_id="+FacebookApp.appId+"
&client_secret="+FacebookApp.appSecret+"
&grant_type=fb_exchange_token
&fb_exchange_token="+existingAccessToken;
URL url = new URL(refreshUrl);
URI uri = new URI(url.getProtocol(), url.getHost(), url.getPath(),
url.getQuery(), null);
String result = readURL(uri.toURL());
String[] resultSplited = result.split("&");
return resultSplited[0].split("=")[1];
}
But this doesnt seem to work (I get a response 400), and when I re-read the documentation it seems this endpoint is used for tokens obtained using the client-side flow only...
So what about the serverside flow....?
Can someone tell me if the approach above is correct or there is another way?
Many thanks
From what I understand there is no server side flow for refreshing tokens.
The refresh token call needs to include the response of the user authentication process which is a short lived token.
You will need to include the refresh token process as part of the user login flow or if this doesn't work for your setup you will need to email the user asking them to come back!
I dont know java but syntax is very much like C#, so I can say,you are doing everything right.
But I doubt what does this function readURL do ?
If it works like get_file_contents() of php (i.e. if it does an HTTP get) , I guess thats not a right way to do .
Based on my experience on google's refresh token method, I think you should do an HTTP POST instead of HTTP GET to given url.