Facebook and Parse: Code 251, Error: Parse::InvalidSessionError - facebook

I'm trying to set up a chrome extension that uses a Facebook Access token to login to Parse using the JS api. As a proof of concept I tried following the example here with curl, but when I put in my access_token and expiration_date, the POST call returns {"code":251,"error":"Parse::InvalidSessionError"}
Specifically, I'm calling this from the OSX shell.
curl -X POST
-H "X-Parse-Application-Id: [my app id]" \
-H "X-Parse-REST-API-Key: [my rest api key]" \
-H "X-Parse-Revocable-Session: 1" \
-H "Content-Type: application/json" \
-d '{
"authData": {
"facebook": {
"id": "[my id as a string]",
"access_token": "[my token as a string]",
"expiration_date": "2015-10-26T07:45:16.579Z"
}
}
}' \
https://api.parse.com/1/users
I've googled around a bit, including reading the following posts, but after changing my settings on my Facebook app multiple times and re-authenticating, it is still throwing the same error.
Using FB user to login on parse. Error code: 251, Invalid Sesion Error
Parse Facebook login fails with error code 251
For the record, I've tried changing my "App Secret embedded in the client" Facebook setting to false, as well as my "Native or desktop app?" to both yes and no (I'm fairly sure it should be set to yes, as I'm using the desktop app FB login flow.) I've also added my facebook app to my parse app, and enabled Facebook integration on parse, as well as double checking my parse app and rest api keys.
Please let me know what else I should try, or what other information you need to assess this.

Two things were wrong with the way I was approaching this.
I was creating the "Expires_at" field by adding the "Expires_in" field (returned using this FB login flow) to the current time as calculated by my browser. In retrospect this was silly, as the expiration time is supposed to be exact, and network latency will change the calculated time by a bit.
I was using the wrong facebook ID for my request - there are two types of IDs now, and you need to use the correct one. See this link..

Related

How to add 'Get Started' button in facebook messenger chat bot?

I tried using this
curl -X POST -H "Content-Type: application/json" -d '{ "get_started": {"payload": "qr"} }' "https://graph.facebook.com/v2.6/me/messenger_profile?access_token=myPageAccessToken"
In response I also got { "result": "success" }
But the bot does not show any button.
First, make sure that your account facebook who try to use your bot since only admins/developers/testers of the app can see it when the app is in development.
Second, if you use Android, you need to clear the Messenger data/cache under Android Settings -> Apps, this will also clear your login and you need to login again.
For further information, you could check this out:
https://stackoverflow.com/a/42662751/6874563
It was working fine, All I had to do was, deleting the existing conversion.
In my case, get started button only appears, when there's no message exists in past.

LinkedIn: Creating a company share for a photo

I'm suffering to create a company photo share on Linkedin.
I've seen several threads, where people say, they could create a photo share on LinkedIn by creating a link share, passing the image URL for the "submitted-url".
E.G. Consider the following payload:
```
{
"visibility": { "code": "anyone" },
"content": {
"submitted-url": "localhost/image.jpg"
}
}
```
In my case, at least, the share appears as a link share on LinkedIn. I've also tried the combinations of providing the "title" etc. fields, but no luck.
Next, I've found the following documentation: https://developer.linkedin.com/docs/guide/v2/shares/rich-media-shares#upload
That does not seem to be linked from the https://developer.linkedin.com/docs, so I have no clue if this documentation still applies.
I've tried the following endpoint: "https://api.linkedin.com/media/upload" with the "Content-Type: application/x-www-form-urlencoded" and "Authorization: Bearer ..." -headers, with file payload but the response is:
```
{
"serviceErrorCode": 100,
"message": "Not enough permissions to access media resource",
"status": 403
}
``
It does not matter, what permissions I have set for my app.
I happen to know from some applications, there is a way to share photo shares on LinkedIn via the API, but I don't manage to find the correct documentation where this is described.
If you know a way that worked for you but isn't already listed here, please inform me and all the others suffering from this problem :)
And if someone from LinkedIn could add the proper documentation, that would be superb!
Thanks!
Meanwhile, our application got accepted to LinkedIn "marketing partner" program which gives you access to LinkedIn API V2, the documentation is publicly available, but you need to manually apply for it. They may or may not accept your application.
Just couple gotchas for the next person who may struggle with this or some other issues we encountered.
Once our application got accepted to the "marketing partner"-program, we started to receive strange errors for our LinkedIn v1 API calls, namely "410 Gone" - "This resource is no longer available under v1 APIs".
All the calls using the application that got the permissions to API v2 were failing to this error. There was no way to use the old API with that application any longer.
The email confirming our application's acceptance to the program was sent to us in one day delay from when these problems started. Strange way to deal API switch, but luckily we have access to API v2 now.
LinkedIn API v2 gives you the possibility to upload and publish photo shares (one or many photos), which isn't possible with API v1.
The error we received for every call to API v1 after the acceptance:
{
"status": 410,
"message": "This resource is no longer available under v1 APIs",
"errorCode": 0,
"requestId": "removed",
"timestamp": 1522333590761
}
LinkedIn provides rich media API to do an image share.
Lets assume you already have an access token (access_token), your organization id is org_id and the image file name is "flower.png"
1) Below call helps you to upload the image to LinkedIn using upload media API
curl -X POST \
https://api.linkedin.com/media/upload \
-H 'authorization: Bearer <access_token>’ \
-H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' \
-F fileupload=#flower.png
The above call returns the below response format:
{
"location": “<image_urn>“
}
2) Now using the above image_urn in response, you will be able to create an image share using the below call
Please replace access_token, org_id and image_urn with the original values before making the below call
curl -X POST \
https://api.linkedin.com/v2/shares \
-H 'authorization: Bearer <access_token>’ \
-H 'content-type: application/json' \
-d '{ "owner": "urn:li:company:<org_id>“,
"text": {
"text": "test image attachemnt 0614"
},
"subject": "test image attachemnt 0614",
"distribution": {
"linkedInDistributionTarget": {}
},
"content":{
"contentEntities": [
{
"entity": “<image_urn>”
}
],
"description": "content description1",
"title": "Test Share with Image"
}
}'

Facebook PHP SDK: getting "long-lived" access token now that "offline_access" is deprecated

BASIC PROBLEM: I want my app to be able to make calls to the Facebook graph api about authorized users even while the user is away.
For example, I want the user (A) to authorize the app, then later I want user (B) to be able to use the app to view info about user (A)'s friends. Specifically: the "work" field. Yes, I am requesting those extended permissions (user_work_history, friends_work_history, etc). Currently my app has access to the logged-in user's friends work history, but not to any of the friends' work history of other users of the app.
Here's what I know already:
Adding offline_access to the scope parameter is the old way and it
no longer works.
The new way is with "long-lived" access tokens,
described here. These last for 60 days.
I need to exchange a normal access token to get the new extended token. The FB documentation says:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
Here's what I don't know (and I'm hoping you can tell me):
How do I get the extended (aka "long-lived") access token using the Facebook PHP SDK? Currently, my code looks like this:
$facebook->getAccessToken();
Is there such a thing as this?:
$facebook->getExtendedAccessToken();
If not, is this what I should be doing?
$accessToken = $facebook->getAccessToken();
$extendedAccessToken = file_get_contents("https://graph.facebook.com/oauth/access_token?
client_id={$appId}&
client_secret={$secret}&
grant_type=fb_exchange_token&
fb_exchange_token={$accessToken}"
);
I've tried it and it doesn't work. I get this error:
Warning: file_get_contents(https://graph.facebook.com/oauth/access_token? client_id=#######& client_secret=#########& grant_type=fb_exchange_token& fb_exchange_token=##########) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request in /...
Does it work any differently if I switch to FQL instead of the graph api? I've read through the Facebook documentation many times, but the PHP sdk is not thoroughly documented and I can't find any examples of how this should work.
I finally figured this out on my own. The answer is pretty anti-climactic. It appears that newly created apps get 60 day access tokens automatically. I'm not sure if this is dependent on enabling the "depricate offline_access" setting in the Migrations section of the app settings. Leave it on to be safe.
So at the time of writing this, you can use the PHP SDK as follows: $facebook->getAccessToken();
(The reason my app wasn't working as expected was unrelated to the expiration of the access token.)
Just one more thing, to get long-lived access token using PHP SDK you should call $facebook->setExtendedAccessToken(); before $facebook->getAccessToken();
In the last Facebook PHP SDK 3.2.0 you have a new function setExtendedAccessToken()
that you have to call before getAccessToken();
Like this:
$user = $facebook->getUser();
$facebook->setExtendedAccessToken(); //long-live access_token 60 days
$access_token = $facebook->getAccessToken();
Actually newly created apps only get a 60 day access token automatically if you are using a server side call. If you are using the client-side endpoint as shown above in the question, even new apps will still receive a short-term token initially. see: https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal/
I had the same HTTP/1.1 400 Bad Request error that you had when using the New Endpoint and the problem was if you copy the code Facebook gives you exactly and paste it into your app, there are actually spaces in between the params, meaning there's unnecessary spaces in the url and it won't get called correctly when passed into file_get_contents() even though it works okay when pasted in the browser. This took me way too long to figure out. Hope this helps somebody! Here is my complete working code to get the extended access token out of the new endpoint (replace x's with your values):
$extend_url = "https://graph.facebook.com/oauth/access_token?client_id=xxxxxxxxxxxx&client_secret=xxxxxxxxxxxxxxxxxxxxxx&grant_type=fb_exchange_token&fb_exchange_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$resp = file_get_contents($extend_url);
parse_str($resp,$output);
$extended_token = $output['access_token'];
echo $extended_token;
The selected answer is now outdated. Here are Facebook's instructions to swap a short-term token (provided in front-end) for a long-term token (server only):
https://developers.facebook.com/docs/facebook-login/access-tokens/refreshing/
Generate a Long-lived User or Page Access Token
You will need the following:
A valid User or Page Access Token
Your App ID
Your App Secret
Query the GET oath/access_token endpoint.
curl -i -X GET "https://graph.facebook.com/{graph-api-version}/oauth/access_token?
grant_type=fb_exchange_token
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={your-access-token}"
Sample Response
{
"access_token":"{long-lived-access-token}",
"token_type": "bearer",
"expires_in": 5183944 //The number of seconds until the token expires
}

How to make a post to a Facebook page?

I have a Facebook page at https://www.facebook.com/xxxx and a web site at http://xxxx.com. How do I make a status update to the facebook page to correspond with every new posting on the actual web site? That update should be authored by the page, and not by my personal Facebook account.
I know it might seem like this is a duplicate question, but hear me out. I have been working on this for hours. I've found a lot of help on this topic, but all of it is incomplete or out of date. Most answers tell me what I need to do, but not how to do it.
The closest thing I could find to what I'm looking for is this note in the official docs.
https://developers.facebook.com/docs/opengraph/#publishing
Here's what I've been able to do so far. I created the facebook page. I created a facebook application. I added the app to the page. I added the app to my personal account and granted it the manage_pages permission. I tried to grant it manage_pages permission from the perspective of the page user, but that doesn't seem to be possible.
I can use this to get an access key for the application:
curl -s -F grant_type=client_credentials -F client_id=APPID -F client_secret=APPSECRET https://graph.facebook.com/oauth/access_token
Then I try to do this to actually make a status update.
curl -s -F access_token=ACCESS_TOKEN -F message='test' https://graph.facebook.com/xxxx/feed
This returns a message that the user hasn't authorized the application to perform this action. I assume that's because I'm trying to post as the page user and not as my personal user.
How can I get the correct access key to make a post on the page as the page user? Also, how can I be sure that access key won't expire? Once I have the access key, how do I actually make the post so that it shows up in the right place?
Here's how the manage_pages permission works.
Bob has a page called Awesemo.
Bob wants UltraPageManager5000 to
manage his page.
Bob goes to a page that UltraPageManager5000 has setup that grants UltraPageManager5000 the manage_pages, publish_stream, and offline_access permissions (just like a normal connect app). You must make sure you ask for offline_access, otherwise the access token will expire.
UltraPageManager5000 now has an access token for Bob, but not for his pages.
Now, when UltraPageManager5000 wants to do anything with one of his pages, they go to https://graph.facebook.com/uid/accounts/?access_token=bobs_access_token and look for the "Awesome-O" page to get the proper access token.
I've made a method that simplifies this a little bit for you.
function get_page_access_token($page_id, $access_token, $user_id) {
$data = file_get_contents('https://graph.beta.facebook.com/'.$user_id.'/accounts?access_token='.$access_token);
$pages = json_decode($data,true);
foreach($pages['data'] as $page) {
if($page['id'] == $page_id) {
return $page['access_token'];
}
}
}
Once you have the actual access token, the following HTTP POST will actually create the status update.
curl -F access_token="the token you got for the page from the command above" \
-F message="the status update you want to post" \
https://graph.facebook.com/PAGE_ID/feed

facebook auth code becomes invalidate after hours?

I've a simple application in facebook. To change user's facebook status, I need to get code via
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
Then I use that code to generate a auth token. With the token I can update user's stauts. It works for one or two days. After that, when trying to generate auth token with code, I got an error like:
{
"error":{
"type":"OAuthException",
"message":"Code was invalid or expired."
}
}
So how long can a code be validate?
There is a way to get an infinite token from facebook. Use the offline_access parameter in requesting permissions, and you will never lose the token.
You just need to grant the publish_stream the first time and get the user id, after that no need to go through this process again and you can just use:
curl -F 'message=Hello World.' \
https://graph.facebook.com/USERID/feed
or in PHP-SDK:
$facebook->api("/USER_ID/feed", "post", array("message"=>"Hello World!"));