I want to get /{user-id}/feed from another user (user B) rather than "me" (user A), but the query returns an empty list.
I'm using the Graph API Explorer to make the queries, and I've got the Access Token with user_posts, user_status and read_stream permissions, but I can't get this information.
In this thread is said that:
Additionally the queried user needs to grant the app the read_stream permission.
In this other thread they said:
If the user is your app user authorized with read_stream permission, then you access the USER_ID/feed. It's because USER_ID/feed endpoint only available if user give permission read_stream to your app. App Access Token is not allow.
If the user is not your app user with read_stream, then you access the USER_ID/links instead. It's because no read_stream permission require to access this endpoint. App Access Token is not allow.
MY QUESTIONS:
Do I really need this other user (user B) to grant this permission to access his feed?
Where can I find official documentation saying so?
As /{user-id}/links seems to be accessible, are posts, statuses or tagged accessible too, or I just can access links without User B granting this permission?
Note:
Since the purpose is to use it in and iOS and Android App I can't use the read_stream permission, so I would use the user_posts which is supposed to be valid as they say in https://developers.facebook.com/docs/graph-api/reference/v2.3/user/feed
>
Of course, why would anyone want your App to access his newsfeed without his authorization? Keep in mind that not only the user would be able to access the feed of his friends, but the App too - which means, it would be easy for the App developer to get access.
Should be clear with number 1. Why would there even be a permission if you could just grab the feed from another user with it?
You canĀ“t get ANY data from a user without his authorization, for privacy reasons. Friend permissions are gone.
Related
We have user_status permissions for one of our apps. Graph API 2.2 is being used to get user statuses (https://graph.facebook.com/v2.2/me/feed?access_token=".$access_token). It returns empty data sets for SOME users (I get public profile info for these users but not status data). The app is live and the review team has granted permissions for user_status and user_likes. (user_status is passed to the scope). Is this a bug or User_status is dependent on some other permission? Why does it happen for some users and not all?
As #CBroe mentioned, you should inspect the Access Tokens with /me/permissions to see if they really contain the user_status permission.
I wonder why you're using /me/feed instead of /me/statuses. Maybe this has an effect as well.
See
https://developers.facebook.com/docs/facebook-login/permissions/v2.3#reference-user_status
https://developers.facebook.com/docs/graph-api/reference/user/statuses/
I have an app, and I can write to user's walls with it, having requested the publish_stream permission when they sign in.
I've also created a page and a group, and would like my app to be able to write to those. (Specifically, I want my back-end server to post some updates to those periodically, without a user being involved.) The ability to do this seems to be implied by the descriptions of the /feed parts of those here https://developers.facebook.com/docs/reference/api/page/ and here https://developers.facebook.com/docs/reference/api/group/ . However, I can't seem to find a way to authorize the app to write to these pages. Those docs say it can be done if you have publish_streams and manage_pages. OK, but how do I grant those to my app?
In the user case, you request those permissions when the user signs in via the OAuth flow. However, the page and the group never sign-in, so there's no way for them to grant the app permission. I looked around the settings pages for the group and the page, and couldn't find anything that will let me add the app. So how do I give the app the required permissions to post to the group and the page?
Found it!
http://developers.facebook.com/docs/reference/api/application/
http://developers.facebook.com/docs/howtos/login/login-as-page/
"Application Page Access Tokens
To perform the following operations as an Application Page, and not the current user, you must use the Application's Page access token, not the user access token commonly used for modifying Graph API objects nor the Application access token. This access token can be retrieved by issuing an HTTP GET to /USER_ID/accounts with the manage_pages permission. This will return a list of Pages (including Application profile pages) to which the user has administrative access, along with an access_token for each Page.
Note: Applications that are configured as Native/Desktop apps will not be able to make API calls that require an application access_token."
So:
I went to http://developers.facebook.com/tools/explorer/ and, as me, created an access token with "manage_pages" permission.
I then went to https://graph.facebook.com/$myname/accounts?access_token=$accesstoken
and it gave me a list pages and apps that I had given permission to. I copied the access_token from the relevant page, and pasted that into my code, so that the server-side create event code always used that access token.
And it worked!
How do we get this permission to be in our default permissions to gain an access token and not be a revokable, optional permission?
Been using Facebook Connect and am asking for basic permissions such as a user's ID, name, profile pic, interests, likes, education, etc. All of these permissions access a user's basic information. I've seen where apps ask for these along with the Access Data Anytime permission as a non-revokable permission. However, mine is coming up as a revokable permission that I'm afraid people won't allow.
offline_access is an extended permission (https://developers.facebook.com/docs/reference/api/permissions/#extended_perms). The present facebook auth dialog makes all extended permissions optional - so the user can pick and chose the extended permissions he/she wishes to grant to the app (https://developers.facebook.com/docs/opengraph/authentication/#perms).
That said, offline_access is being deprecated and hence you should move to the design where you extend the permissions by swapping normal tokens with long-live tokens. Please refer to https://developers.facebook.com/roadmap/offline-access-removal/ or other stackoverflow questions like Facebook offline access step-by-step to understand more about it.
I found the article very nice to introduction set extended permission required
(https://developers.facebook.com/docs/beta/authentication/#referrals)
but I go to Auth Dialog setting, the field required permission replaced users & friend permission. I can't see field required permission. please help me. thanks
You can set extended permissions required via your call to the show the login/authorize screen.
For Javascript SDK, it's the second parameter of FB.login(callback,scope).
For the Login social plugin it's the scope attribute.
For PHP SDK it will be
$params = array(
scope => 'read_stream, friends_likes',
redirect_uri => 'https://www.myapp.com/post_login_page'
);
$loginUrl = $facebook->getLoginUrl($params);
Per http://developers.facebook.com/docs/reference/api/permissions/ the extended permissions are:
read_friendlists Provides access to any friend lists the user created. All user's friends are provided as part of basic data, this extended permission grants access to the lists of friends a user has created, and should only be requested if your application utilizes lists of friends.
read_insights Provides read access to the Insights data for pages, applications, and domains the user owns.
read_mailbox Provides the ability to read from a user's Facebook Inbox.
read_requests Provides read access to the user's friend requests
read_stream Provides access to all the posts in the user's News Feed and enables your application to perform searches against the user's News Feed
xmpp_login Provides applications that integrate with Facebook Chat the ability to log in users.
ads_management Provides the ability to manage ads and call the Facebook Ads API on behalf of a user.
create_event Enables your application to create and modify events on the user's behalf
manage_friendlists Enables your app to create and edit the user's friend lists.
manage_notifications Enables your app to read notifications and mark them as read. This permission will be required to all access to notifications after October 22, 2011.
offline_access Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
publish_checkins Enables your app to perform checkins on behalf of the user.
publish_stream Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends. With this permission, you can publish content to a user's feed at any time, without requiring offline_access. However, please note that Facebook recommends a user-initiated sharing model.
rsvp_event Enables your application to RSVP to events on the user's behalf
sms Enables your application to send messages to the user and respond to messages from the user via text message
publish_actions Enables your application to publish user scores and achievements.
I don't think you can require extended permissions through that dialog, or by using the SDK as suggested above.
In previous versions of the PHP SDK the oauth dialog would return an error if the user did not approve all requested permissions -- this is no longer the case. As long as the user approves the basic permissions, any of the requested extended permissions can be unselected and the user is redirected without a warning or error. I hope that I'm wrong, but from reading the documentation and my own testing, I don't think I am.
From the same page of the documentation that you reference: https://developers.facebook.com/docs/beta/authentication/
"The updated Auth Dialog will display a set of user and friends permissions on the first dialog, and other extended permissions (if any) on a second dialog screen. User and friends permissions are non-revocable, while extended permissions can be revoked by clicking on the "X" next to each permission on the second dialog screen. Your app must be ready to handle each scenario (permissions granted, and revoked) properly."
IOW, if your app requires a specific permission your code must ensure that the user grants it.
After I add a permission, the user has to remove the app and add it again, in order to grant new permission. The weird thing is that when I request a permission that the user hasn't approved, I don't get an error, but rather only an empty result set.
How do I check if the user approved a permission?
It is quite simple as you can just use the openn graph API to get that information
https://graph.facebook.com/me/permissions?access_token=....