I've made an application that use this scope (v. 2.4):
publish_actions,email,user_posts
when I try to autenticate my user (using the one that create the app) it shows me the three permissions to accept, correctly.
But when I use another user, it only asks to accept publish actions and email. user_posts is ignored. So I can't get the post of that user. This is the endpoint for autenticate users:
https://www.facebook.com/v2.4/dialog/oauth?response_type=token&client_id=MyID&redirect_uri=MyRedirectURL&scope=user_posts%2Cemail%2Cpublish_actions
What should I enable to make the application work (i.e. all auth) for all users?
To be able to request permissions from all users instead of only the app's admins/developers/testers, your app has to pass Facebook Login Review.
It's all in the docs:
https://developers.facebook.com/docs/facebook-login/review
Related
How do you remove access to a Facebook app based on the client_id it used?
E.g. assuming someone clicks on a link that looks like this:
https://www.facebook.com/dialog/oauth?client_id=client_id_string&redirect_uri=
https://www.facebook.com/connect/login_success.html&scope=basic_info,email,public_profile,
user_about_me,user_activities,user_birthday,user_education_history,user_friends,
user_interests,user_likes,user_location,user_photos,user_relationship_details&
response_type=token
and all they have is the client_id_string how do they then revoke access via Facebook?
https://developers.facebook.com/docs/graph-api/reference/user/permissions
See "Revoking Permissions" in the docs. You canĀ“t remove the App itself, but you can remove permissions.
You can revoke a specific permission by making a call to a Graph API
endpoint:
DELETE /{user-id}/permissions/{permission-name}
This request must be made with a user access token or an app access
token for the current app. If the request is successful, you will
receive a response of true.
I created a test app on Facebook.
I chose to request access to user events for API calls.
I then connected my user properly through api, I can get user details by oauth key for this particular user, but I can't access user events.
From the tools that FB provides, I seem to be able to access the user events, but the oauth key used in the call is different from the one FB gave me back for this user.
What did I miss?
Realized that specifying scopes only within the app setting panel wasn't enough.
For each new oauth call for users, need to specify the list of scopes you want to authorize the key for.
All working good now.
I have an app, and I can write to user's walls with it, having requested the publish_stream permission when they sign in.
I've also created a page and a group, and would like my app to be able to write to those. (Specifically, I want my back-end server to post some updates to those periodically, without a user being involved.) The ability to do this seems to be implied by the descriptions of the /feed parts of those here https://developers.facebook.com/docs/reference/api/page/ and here https://developers.facebook.com/docs/reference/api/group/ . However, I can't seem to find a way to authorize the app to write to these pages. Those docs say it can be done if you have publish_streams and manage_pages. OK, but how do I grant those to my app?
In the user case, you request those permissions when the user signs in via the OAuth flow. However, the page and the group never sign-in, so there's no way for them to grant the app permission. I looked around the settings pages for the group and the page, and couldn't find anything that will let me add the app. So how do I give the app the required permissions to post to the group and the page?
Found it!
http://developers.facebook.com/docs/reference/api/application/
http://developers.facebook.com/docs/howtos/login/login-as-page/
"Application Page Access Tokens
To perform the following operations as an Application Page, and not the current user, you must use the Application's Page access token, not the user access token commonly used for modifying Graph API objects nor the Application access token. This access token can be retrieved by issuing an HTTP GET to /USER_ID/accounts with the manage_pages permission. This will return a list of Pages (including Application profile pages) to which the user has administrative access, along with an access_token for each Page.
Note: Applications that are configured as Native/Desktop apps will not be able to make API calls that require an application access_token."
So:
I went to http://developers.facebook.com/tools/explorer/ and, as me, created an access token with "manage_pages" permission.
I then went to https://graph.facebook.com/$myname/accounts?access_token=$accesstoken
and it gave me a list pages and apps that I had given permission to. I copied the access_token from the relevant page, and pasted that into my code, so that the server-side create event code always used that access token.
And it worked!
So there's an app, let's say it's an app that is capable of delivering relevant news based on the user's choice done the first time he runs the app. Is there a way to post the news to the user's wall without having the user to be online and ideally as the app?
So on his/hers timeline it would look like this (edited image, not a real post from some app, it's just so you get what I mean):
When I use $facebook->api('/me', 'post'), it just creates a post as the user, which is not what I want and does not allow me to post when the user is not logged in.
You can use the server side authentication to get a long lived access token (60 days) which you can then use until the token times out. Then you'll need to have the user reengage with your app to get a new token.
You can get the same thing by using the client side authentication and then extending the token on the server side.
Another options which should work for you is to get an app access token (which does not expire) and ask the user for the publish_stream permission, then:
App access tokens can also be used to publish content to Facebook on
behalf of a user who has granted a publishing permission to your
application.
I'm building a Facebook app with Facebook login via Oauth 2.0. Will it be possible to request more permissions (scope) from the user in the future as we add features or do we need to request them all up front?
Anyone implemented this with Facebook Connect?
From my experience, you can add permissions later and it'll prompt the user to accept those permissions. For my app, I started with just basic/email permissions and then added photo... and it would prompt for the photo.
You can call Facebook's permissions api (https://graph.facebook.com/me/permissions?access_token=...) to see if the user has authorized the permission you will need (perhaps they later when in and revoked part of your apps permission but not all of it). If they did, or you just later need different permissions, just show the authorization link like you did the first time with the additional permissions listed in the url (&scope=email,read_stream...) and it will prompt them for those.