I have a monday.com App in place. The current flow is as below.
App in installed in the account
Add any recipe to board
User will be redirected to sign-in page
Login to our product
Redirected back to Monday to authorize the app. Here will monday.com will list out required permissions and all.
Once authorized, monday.com will provide us with an access token, token type, etc…
The problem, with this access_token, not able to make API calls to monday.com.
API Endpoint: https://api.monday.com/v2
Method: POST
Authentication type: Bearer token
Request Body:
{
"query" : "{ boards (limit:1) {id name} }"
}
Received response from monday
{
"errors": [
"Not Authenticated"
]
}
As I understand monday OAuth does not have refresh token logic and access token will stay as long as app in installed in the account.
Posted the same question in monday.com as well
For javascript users, they can make use of the npm package [monday-sdk-js][https://www.npmjs.com/package/monday-sdk-js].
Here is an example for calling the endpoint for displaying the data. Provide your access token and run the script.
const mondaySdk = require("monday-sdk-js");
const monday = mondaySdk();
const your_token ="<--your_access_token-->";
monday.setToken(your_token);
// query to display
monday.api(`query { boards (limit:1) {id name} }`).then(res => {
console.log(res);
});
[1]: https://www.npmjs.com/package/monday-sdk-js
I am developing a site for a ONG that news section is a Facebook timeline post of your OWM profile.
The social_page plug-in is not good and not responsive, maximum width of 500px and does not have a adaptive design.
So I think I can use the Facebook's API to get information about fields ("message", "picture") from Facebook profile.
I do this in client with javascript, and I will read data and make simple HTML (photo and message) for the news.
the code for that is:
FB.api(
'/user_id/posts',
'GET',
{ "fields": "message,picture", "access_token": "access_token" },
function (response) {
console.log(response);
}
);
But how i can do a Facebook token that grant access for this information with no expiration data?
The problem here is: Facebook will expire the access token, and I don't find a way to grant permission only to read posts with no expiration in client code.
Someone has a solution or knowledge if its possible?
Thanks.
I am stuck with access rights in trying to post on facebook company page.
I have created an application and gotten appId and secret.
I have linked the application to the existing facebook page.
I have retrieved an accessToken for the appId.
But get the response: "(#200) The user hasn't authorized the application to perform this action."
Which user does the error statement refer to? the AppId user? The administrators of the page (me)? And where can I grant these missing rights?
I am trying to achieve that the post functionality is not facebook-user-dependent, but is company (or appID) dependent.
I am really confused about this...
Off course we could create a bogus user (kept in the company files) and post as this user - but that goes against the Facebook policy, and that is not the road we want to go down...
function FB_doPost(link, message, accessToken) {
console.info('doPost');
FB.api('/pageid/feed', 'post', {
access_token: accessToken,
message: message,
link: link
}, function (response) { if (!response || response.error) { console.info('error occured: ' + response.error.message) } else { console.info(' post id: ' + response.id) }; }
);}
In order to post to a Page "as Page", you need to do the following:
Authorize a Page Admin with publish_pages and manage_pages
Use the /me/accounts endpoint to get a Page Token for that Page
Use that Page Token with the /pageid/feed endpoint to post as Page
Make sure you know about the difference between Access Tokens, here are some links about that:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
I am using Ember CLI + ember simple auth torii link
to get authentication code from facebook for my ember app.
This is my environment.js file
ENV['torii'] = {
providers: {
'facebook-oauth2': {
apiKey: '865549306850377',
scope: 'email',
//redirectUri: window.document.location.href
redirectUri: 'http://localhost:4200/'
}
}
};
And my login controller looks like this -
facebook: function() {
var _this = this;
this.get('session').authenticate('simple-auth-authenticator:torii', 'facebook-oauth2').then(function(data){
console.log("status - ", _this.get('session'));
});
}
And login.hbs -
<li><button {{action "facebook" "facebook-oauth2"}}>Facebook OAuth2</button></li>
After the user clicks on the link, a facebook popup opens and ember app gets a token.
How do I get the user's email id along with this token ?
Has anybody faced a similar issue ?
So you're using oauth2, so all you're ever going to get is an authorization token. With this token, you can then go off and request other information. The token is basically just there to speed up the validation of users against your application.
If you want to get user information, you would need to create another method (probably on your server-side), which swaps the authorization code for an access token: like so (or alternatively you can request an access token directly, which would remove the need for a server-side solution.
Using the access Token you can then request the Facebook User ID, using the debug token endpoint, and after that you will be able get to any endpoint to get the information you need.
I'm developing iPhone application, that is based on communication with server, and I want to use Facebook authentication mechanisms.
Basically, I think it should work like this:
In my iPhone app, user logs in to Facebook, using his email and password.
User allows access to his data for related Facebook application.
My iPhone app receives access token, after successful log in.
In further communication with my server, my iPhone application should use the received Facebook access token (for example: in queries).
When my server receives some query from iPhone app, with access token, it should ask Facebook that this token is valid (and for who), and if yes, server should assume that user is authenticated with Facebook.
My question is: how the server should ask Facebook if given access token is valid? I think I should somehow check if the token is valid for my Facebook app.
I've tried many Facebook queries to graph API, that I've found, but nothing worked as I expected. Can you provide me some example?
Here's a two step process you can use to validate that a user access token belongs to your App:
1) Generate an App Access token
(https://developers.facebook.com/docs/howtos/login/login-as-app/)
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&client_secret=YOUR_APP_SECRET
&grant_type=client_credentials
2) Debug the User Access token
(https://developers.facebook.com/docs/howtos/login/debugging-access-tokens/)
https://graph.facebook.com/debug_token?
input_token=INPUT_TOKEN
&access_token=ACCESS_TOKEN
Where INPUT_TOKEN is the user access token you want to verify, and ACCESS_TOKEN is your app's token that you got from step 1.
The debug endpoint basically dumps all information about a token, so it'll respond with something like this:
{
data: {
app_id: YOUR_APP_ID,
is_valid: true,
metadata: {
sso: "iphone-safari"
},
application: YOUR_APP_NAMESPACE,
user_id: USER_ID,
issued_at: 1366236791,
expires_at: 1371420791,
scopes: [ ]
}
}
If that token isn't from "your app" then it will return an error response.
Update: this answer seems insecure since it doesn't validate the token
first as belonging to your app, see the comments, original answer as
follows:
I assume that you already have the access token in hand. In such a case the simplest way to validate an access token is to issue the following request
https://graph.facebook.com/me?fields=id&access_token=#accesstoken
Here replace #accesstoken with the access token you have. I will breakdown the url and will explain each.
We are issuing a graph api request here which will return the Facebook User Id of the owner of the access token as a JSON string. The keyword 'me' represents the currently logged in user or the owner of the access token. For this request access token is a mandatory parameter.
If the provided access token is not valid or expired Facebook will just return an error message of some sort.
For a valid access token the result will somehow look like this
{
"id": "ID_VALUE"
}
Another solution would be to use https://graph.facebook.com/app/?access_token=[user_access_token] as described by Get application id from user access token (or verify the source application for a token).
This appears to be an undocumented feature, but returns JSON containing the id of the app the token was generated for. If the token wasn't for your app, it returns a 400.
In the latest version of facebook (2.2) you can do it this way:
https://developers.facebook.com/docs/graph-api/reference/v2.2/debug_token
Sample output:
{
"data": {
"app_id": "THE APP ID",
"application": "APP NAME",
"expires_at": 1427245200,
"is_valid": true,
"scopes": [
"public_profile",
"basic_info",
"read_stream",
"email",
"publish_actions",
"read_friendlists",
"user_birthday",
"user_hometown",
"user_location",
"user_likes",
"user_photos",
"user_videos",
"user_friends",
"user_posts"
],
"user_id": "THE USER ID"
}
}
private function facebookRequestMe($access_token)
{
include_once "facebook.php";
$facebook = new Facebook(array(
"appId" => "your_application_id",
"secret" => "your_application_secret"
));
$facebook->setAccessToken($access_token);
return $facebook->api("/me", "GET");
}
You can download the Facebook SDK for PHP from GitHub.
If a user has passed you a Facebook UID that they claim is theirs and you want to check if it's legit, this is a Python function that will verify it against their access token (an implementation of Robin Jome's answer):
def verify_facebook_id(id, access_token):
import requests
import simplejson
params = {'fields': 'id', 'access_token': access_token}
text = requests.get("https://graph.facebook.com/me", params=params).text
json = simplejson.loads(text)
response_id = json["id"]
return response_id == id
This is the only secure method to verify user token using just one request:
https://graph.facebook.com/debug_token?input_token={token-to-inspect}&access_token={app_id}|{app_secret}
Note that a sign "|" in the above URL isn't used as OR but as separator and must be there after fill the other fields.
The response will be JSON looking like that:
{
data: {
app_id: {app_id},
application: {app_name},
expires_at: {some_number},
is_valid: {true|false}
scopes: {array_of_permissions},
user_id: {user_id}
}
}
Reference: https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
(above method is mentioned at the bottom of this section)
Along with an access token Facebook also sends an "expires_in" parameter, which is an offset value. Use that to compute for when the access token will expire as an NSDate. Then when you need to do a request compare the current date with the expiration date.
Also try to inspect the status codes and response strings Facebook sends back.