I try search the the pages and the events by two different calls (still using Graph Explorer):
search?fields=name&q=warsaw&type=page
search?fields=name &q=warsaw&type=event
The second (events object) works only with user token. When I generate app token there is invalid token error. Is it possibile to get results for second query with app token? It’s important for me, I need use it in my own code.
Can I generale user token within scripts (HTTPS request),
OR generale long time user token (I mean user token for my own profile)
OR (most desired solution) get results for secong call above (type=event), by app token?
UPDATE:
Ok, sory, so it’s clearly that app token doesn’t support search for event (but I still don’t understand why – events, such as page is public object and it doesn’t contain a private data).
I’m going to clarify another way. I’d like to download information about events and use it in my own site (database) as public. This operation’s objective is create database of FB events (something like Eventbrite). So I need make that set as public (belongs to app/site, not user profile).
I know that’s not a standard usage of Facebook API, but if it infringes the FB policy, please write me – I haven’t find clearly statement for that. I’ve ask about it here Terms of use data from Facebook API. I guess it’s legal.
Now. I can retrieve events by page node (get all events for each page), but it’s strongly uneffective – only few page of whole are the event’s organisators. I need explore directly events.
Is there any solution for that problem?
Why don't you just consult the Facebook docs? It clearly stated in
https://developers.facebook.com/docs/graph-api/using-graph-api/v2.2#search
that
Searches across Page and Place objects requires an app access token.
All other endpoints require a user access token.
So, no, you can't just use an app access token to search for events.
Regarding login, see
https://developers.facebook.com/docs/facebook-login/v2.2
Related
I have a CMS application which needs a little component that allows an editor to select a facebook page post to display.
I've been going around facebook API and I don't fully understand what is the proper way of doing it.
This would be a server call, I would prefer not to have an access token because I am not making the request on behalf of any user.
I've tried using access_token=app_id|app_secret, but apparently that request requires an user session. So I went to the graph explorer and copied my access token. That worked fine initially but then I learned that they expire. I could get a long live token, but apparently those also expire eventually.
So, what is the best way of doing this? I think that using someones facebook access token for this is risky. The token could be revoked at any point breaking the feature in production. Can I achieve this without an user access_token? if I cant, how is this token normally managed?
Update:
Well actually the app_id|app_secret works, just not in every case. I created several pages for testing purposes and it doesnt work in any of them. Then I tried accessing a post from some brand pages (unrelated to my project) and they work ok. So my problem is configuring the page.
When I tried to access the post using app_id|app_secret I get:
(#100) Requires user session
Posts are public in all cases
I already tried to assign a vanity url to the page, no change
I think it's not possible to use just an App Access Token to get the Page Posts. Unfortunately the docs are not very clear on this IMHO:
https://developers.facebook.com/docs/graph-api/reference/v2.2/page/feed/#readperms
An access token is required to view publicly shared posts.
A user access token is required to retrieve posts visible to that person.
A page access token is required to retrieve any other posts.
Using app access token had previously been asked in this question (How to use Facebook appAccessToken with Spring Social) and Craig Walls gave a good explanation why the spring-social API should be user-based for most cases.
I have a scenario, however where I would like our server-side application to make a couple of queries that should not require user-specific permissions. I picked a random public page for examples below
I would like to:
View details about a public page by alias/id
https://graph.facebook.com/v2.0/121727254549188
https://graph.facebook.com/v2.0/peterstevensmotorcycles
View posts for a public page by alias/id
https://graph.facebook.com/v2.0/121727254549188/posts
https://graph.facebook.com/v2.0/peterstevensmotorcycles/posts
Search for pages
https://graph.facebook.com/v2.0/search?q=Peter%20Stevens%20Motorcycles&type=page
When I test these in the Graph API explorer (https://developers.facebook.com/tools/explorer) using an App Access Token they work fine. App Access Token is obtained by hitting https://graph.facebook.com/v2.0/oauth/access_token?client_id={app-id}&client_secret={app-secret}&grant_type=client_credentials and replacing client_id and client_secret with my Facebook client credentials.
Our application would like to have the ability to make these for any given name so we can make queries about a company's presence.
We will have similar requirements for Twitter, LinkedIn and others so I just wanted to check if there are any means to do this in the current API or whether it will not suit our requirements.
You do not need to fetch an app access token - you can actually use the app id and secret separated by "|" as the access token. - You can see it at the bottom of the app access token section in the documentation: https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
Spring Social's Facebook API binding does not (yet) support v2.0, but that's something I'm working on right now...so hopefully soon. Once that's complete, there'll certainly be some operations that work only with user access tokens and some that only work with app access tokens, and some that will work with either (FWIW, Twitter's API has a similar set of circumstances).
Keep an eye on the project in GitHub or follow #SpringSocial on Twitter to know when the v2.0 stuff is available. (I'd appreciate any help I can get in testing it.)
Although it makes no sense at all to obtain your FacebookTemplate via the connection framework for app token requests (connections are, by nature, a user-oriented concept), you can always construct a FacebookTemplate wherever you need it, giving it an app access token obtained via OAuth2Template's authenticateClient(). You can certainly do that now with the v1.0 API binding, but I'm uncertain what ops an app token would work with.
FWIW, as I'm working on the v2.0 API binding, I'm starting to sense an opportunity for FacebookTemplate to carry two tokens: A user token and an app token. This way you can perform app-centric requests even from a FacebookTemplate obtained from the connection framework. Then the only time you'd ever want to construct a FacebookTemplate manually is if there are some operations for which either kind of token will work, but the results would be different depending on what type of token is used.
when I do a get request to
https://graph.facebook.com/[userid]
with the access_token i get all the basic info
but when I do
https://graph.facebook.com/me
with the same token i get an error message: An active access token must be used to query information about the current user
I have tried to under stand what can cause that.
I even tried to token that comes with the signed request
I'm on classic asp, with JSON library, I want the auto to be server side if possible. the FB.api("/me" is working but it is not what i really want to achive
I am pretty sure you don´t have a user access token. Did you login the user? Of course you get the public data of every user with your first link, even without any access token. You can even put it directly in the browser and will get results. But for "/me" you have to authorize the user to your app.
See here: https://developers.facebook.com/docs/howtos/login/server-side-login/
It is the same problem as in the other thread for sure, just a different Programming language.
Remember: If the user did not accept at least the basic permissions in a dialog or redirect, he is not logged in and you will never know anything about him in the app (except for some specifics in tab apps, like language, like-status and stuff).
My scenario is somewhat like this: A user logs into my website with his FB credentials. I capture his ID and the FB access token (say, a long-lived access token). He exits my website, and returns back later. However, this time, his browser has FB open with a different ID. Would I be able to load facebook details of this old id (with which he had registered on my site) using the stored access tokens? Is it possible, or would it result in a clash between the old and the existing FB id?
Correct me if I'm wrong, but he/she should stay logged into your website, regaurdless if his authID changes.
First of all, why would you want to do that? Since Facebook does not allow multiple user accounts for one and the same person, the only case where this would normally come into play is when another user is using my computer/browser – and why would I want you to read my info while that other person is using my device …?
Second of all, as long as the first user is still considered logged in to your site, it makes not much difference. But lets say some client-side method is called that updates the cookie information, then that’s where trouble might start. You might still be able to read the old user’s info, since you have his valid access token – but you’d have to use that token in your requests explicitly, and also address the account specifically, since the Graph API’s /me would point to the new user.
But as I said, I can hardly imagine a real, practical use case here …
I'm working on a site that is trying to handle realtime feed updates from its users' Facebook accounts. I have the basic stuff in place: the app is subscribed to "feed", and the user's login asks for read_stream and offline_access (just in case) permissions. My test users have logged into FB and granted those permissions, and, when one of those users adds (or removes) a status update, the callback specified in my site's subscription is pinged. So far, all's well.
Now -- as I understand it -- my callback has to call up to Facebook to get the user's feed, so that the callback can do whatever it's going to do with it. That's where I'm having problems -- finding the right access token to retrieve the feed:
I've tried doing this with the app's access token. This token is able to retrieve friend information (also included in the app's subscription and user permissions), but it won't get me the feed.
I've tried all sorts of ways to get the user's access token from inside the callback, but nothing is working. I'm guessing this is because it's not "logged into Facebook" the way that a user in a browser can be, but whatever. Bottom line is I haven't found a way to get this token.
(BTW, if I cheat -- get an access token for the user from Graph API Explorer and hard-code it into the callback, the callback works properly. This is no real solution, of course, but it at least establishes that the rest of my code is working.)
So how does this work? Can the app access token be made to work somehow? Is there in fact a way for the callback to get an access token for an arbitrary authorized user? There's gotta be a way to do this, or there would be no point for realtime feed notifications. Any clues out there? This is SERIOUSLY kicking my butt... Thanks!
You might want to look into this. Instead of taking permission for offline access, facebook now gives short-lived access tokens (2 hours) when the user logs in. These can be exchanged with long-lived access tokens (2 months). Check out this article on how to go about it.
https://developers.facebook.com/roadmap/offline-access-removal/
I've found a solution, perhaps: When the user logs in, I snag their offline_access-enabled access token and save it in the app with the rest of the user's data. Then when I get notified of an update to that user's feed, I can pull the token from the database and pass it over to FB as the token part of the /feed... call. And, it works. There is no doubt some error handling to be done, but I am currently bouncing back and forth between thinking that (a) this is exactly the right way to handle this and (b) it's a terrible hack that is just asking for trouble. I guess I'll see which of these is the case...
Ask for offline_access (as you do) and store the access token. This is exactly why offline_access and access tokens are there, to make requests to facebook in the name of that user. (a) is the right way to go. (a) is the way I do it.
Good luck
When the user is authenticated via OAuth Facebook returns an access-token, but it is valid for few hours. The validity of this token comes with it as token-expiry.
However, this token can be exchanged with a new extended token which is valid for around 60 days. User the following code to get new-token:
URL url=new URL("https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id="+appId+"&client_secret="+clientSecretId+"&fb_exchange_token="+fb_exchange_token;
InputStream Istream=url.openConnection().getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(Istream));
String new_token= br.readLine();
Hope it helps!!