Our application runs multiple sites for multiple customers. One service we offer is to write and post social media for our customers. We also allow the customers to do posts themselves through the application admin.
In order to facilitate the non-automated posts for customers, one of our users has access to the pages of many customers through her Facebook login.
The problem comes if she uses our application to generate an auth token through the admin area of the customer's site.
The application sends its own appID and secret key to Facebook, and the user receives the Facebook login page.
However, she used to be able to choose which page/customer she wished to log in to. Now, once the login data is submitted, Facebook immediately sends a token back to the "return URL." There's no opportunity to choose which Facebook page the auth is for.
The token appears to be linked to the user's "main" page (which is a page of ours).
Obviously, we need to be able to say "I'm logging in to Facebook page X of the many pages I'm authorized for."
Just to be clear: this is not an issue regarding authorization for our application in general. It's the specific case when the Facebook login is attached to multiple pages.
Can anyone give me some advice, please, even if it's just a link to an appropriate spot in the API docs? I've had no luck searching them.
Thanks,
Tom
Edit: First, to the question about "multiple domains": perhaps I shouldn't have put that in the title, since it's not relevant to Facebook per sé,
We host many clients who obviously have many domains. They administer their site content through a CMS which can, among other things, work with Facebook. A client often has a Facebook page; so for us at least, there is often a one-to-one correspondence between a client's site/domain and her/his Facebook page.
When someone goes through the process in question, s/he is administering the site, but may be attempting to post to a Facebook page. And one of our in-house admins has access to many clients' Facebook pages.
So let me rephrase: the admin logs in to a client's site. She attempts to authorize our application to post to that client's page. Our application sends its id/key data to Facebook, and she is taken to the login page.
The question is, how do we let Facebook know that we are seeking authorization to post to one of the many accounts/pages she can access?
Thanks for the help.
As pointed out by CBroe in the comment, if you want to post as a page, you need to have a page access token of the page that you admin. Once you have granted manage_pages permission to the app, you can call the /me/accounts edge to get the list of all pages that you admin and their access tokens.
You can then use the page access token of the page to post on behalf of the page. Note: You will need publish_pages permission in addition to be able to post on behalf of the page. Permissions are documented here.
Related
I want to integrate a Facebook page to ServiceNow.
I created a page with my personal account and an app on developers.facebook.com to extend my access token for 60 days. I made the REST connection successfully and was able to pull the posts and comments on that page into the database of the ServiceNow table.
Subsequently, my profile was blocked for a couple of days and I was informed the app that I made was violating certain Facebook policies. But after submitting the ID, it got reactivated. Then I made some test users so that I could comment on any post of that page to check if that comes into the ITSM database.
However, when I login through a test user, I cannot see the Facebook page associated with my personal Facebook profile.
I need to know how can I see posts of my page through a test user and comment on them. Do I need to provide any specific role to the test user for the same?
I've been reading documentation and Stack Overflow link all morning, but I'm just not understanding the correct process to authorize a web server to post to a Facebook page wall.
What I'm not clear on is why I have to post to Facebook as a Facebook User, using an access_token, meaning that this user has to log into Facebook manually to authorize my app.
I'm not trying to authorize a User, nor any of my visitors to do anything with their accounts, so I don't need any permissions from them. Instead, I'm trying to authorize my Web Server to post updates to its wall as a specific Page.
Why do I have to use a user access_token to do this? I'm not attempting to impersonate the user, I'm trying to post to the page as the page...
Is it possible to authorize a user and get their access token without having to create a login page on the Web Server? I don't want to have to require the user to login to make this work, I thought that was the point of having an app ID and Secret?
I guess my question is this: Is it not possible to allow a web server to post to a Facebook page wall as that page, without having to present a login dialog to a specific user? If it is possible, what is the correct workflow to set this up?
In order to post to a Page as a Page, you have to use a Page Access Token. You get that with a User Access Token, and you can extend it so it will stay valid forever.
Steps:
Request a User Access Token with the manage_pages permission (valid for up to 2 hours)
Extend the User Access Token (valid for up to 60 days)
Get the Extended Page Access Token for your Page with the User Session
Store and User The Page Access Token in the publish call
It may sound a bit complicated, but there are many tutorials for this and you don´t actually need to program it, you can just use the Graph API Explorer.
Here are some Links about the Access Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/ (see "Extended Page Access Token" for a step by step tutorial)
I am looking for a solution to fetch the feeds of an alcohol-related/age-restricted Facebook Brand Page by a website or back-end service to show these infos in that website for any user.
i.e: https://graph.facebook.com/JimBeam
The standard call results with an error or false.
I know the reason is the age-restictrion because of the relation to alcohol.
If I am connected to Facebook and add an access_token (user-token or page-token) to the request, I get everything I need, but it doesn't work if I am not connected.
If I request the page-token with offline_access, it also does not work when I am not connected to Facebook.
I am a bit confused with all this token types, offline_access, permissions and so on.
Is possible to get the fb-graph-feed of an age-restricted page and load that into a website?
To get an age-restricted feed you need to have a user access token that meets the criteria for the page. So if a user is visiting your site, they will need to authenticate your app, and then you can use the resulting access token to pull information to your website from that restricted page.
You should not be using a user's access token to display content to another user who does not meet the restrictions on the Facebook page.
An added problem is that Facebook does not expose a page's restrictions via the API, so you can't tell if a user has permission to see the page until your API request returns no data.
I'd like to show my facebook wall posts on my website.
So i don't want to authenticate users with a dialog, to grant them some rights, i just want to show him my wall with comments (no ability to add comment just read only access).
As i know there isn't unexpired tokens now so is it possible to access just my data without requesting token every time it expires?
I'm using asp.net mvc but i think this sultion doesn't depend at platform at all.
You should:
Make your Facebook Posts public
Call the API endpoint: https://graph.facebook.com/{your_id}/feed?access_token={app_access_token} with your user_id and valid application access_token
Show the results on your website.
The App Access Token doesn't expire so you won't have a problem. As long as the posts are public, the API will be able to pick them up. In theory, your posts should be public anyway so anonymous users can see this.
This also gives you the ability to share stuff privately and not have it show up on your website.
I want to connect my web application with the facebook business page. Each time I add a new product to the page I want to post it on facebook wall. I have a facebook application and the page owner username and password. Can I automatically authenticate with the user, pass to facebook and send the post request from server side only? Usually I am logged in with another facebook account when I add products. Also I would like to post when another page user add a product.
You can post to Facebook as a facebook page using the manage_pages permission. You'd need to obtain this permission from a user who is an administrator of the page. There are a few steps to the process, here is a basic summary:
Get an access token from a user who is an administrator of the page
and has granted "manage_pages" to your app. read about authentication
here: http://developers.facebook.com/docs/authentication/
using that access token, make a graph request to
https://graph.facebook.com/me/accounts?access_token=USER_AUTH_TOKEN
You'll get a json response containing all the pages the user administrates, containing their name, category, facebook id, and an auth token - this is what you'll need to post to that page
you can then use this access token to post to the specific page using
https://graph.facebook.com/PAGE_ID/feed?message=POST_MESSAGE&access_token=AUTH_TOKEN&method=post
I just found this blog post which gives you a pretty good explanation
http://developers.facebook.com/blog/post/465/
It sounds like you need the 'offline_access' extended permission.
It is scheduled to be deprecated. Take a look at the following link for more details:
Deprecation of Offline Access Permission
I'm not going to pretend to be an expert on this, but I do NOT recommend trying to login through Facebook's user interface and perform POST requests/HTML scraping on behalf of the user. That procedure would grant you far more functionality than is possible through the Graph API; I don't think Facebook would approve of this.