I'm using the following Javascript for my users to send requests to "invitable friends" from my Facebook app:
FB.ui({
method: 'apprequests',
message: 'Come play with me etc.',
to: str_ids
},
requestCallback
);
function requestCallback(response){
if(response){
console.log(response);
}
else{
//show error to user
}
}
Where str_ids is a string containing the IDs returned by the invitable friends API. This all works fine.
When I invite a single user, let's say his Facebook ID is 1593894704165626, I get the following response:
request
"1399842883640198"
to
["1593894704165626"]
So here I have a unique request ID and the invited person's Facebook ID. I can now store this data in my database along with the inviter's ID, so I have all the necessary info.
However, now I want to reward the inviter after the invitee accepts the invitation and I'm running into a problem.
If user A and user B both invited user C, then when user C joins the game, how do I know whether to reward A or B?
I see from this question that it's possible to pass another parameter along with the invitation, which should help identify the inviter:
Facebook tracking who Invited whom
The first answer here suggests that you can pass such a custom parameter, but doesn't say how. Facebook's convoluted documentation is driving me insane.
Another thing - even if I send that additional parameter, I think there's a problem - for new users the app redirects to the Facebook page that checks whether they want to allow access to the app, and by the time they're redirected back to the app, the additional parameter will be lost.
Is there any solution to this?
Related
The functionality that I need is to show a list of Facebook friends to the user on the website page with custom design, where the user can select some of them and send invites.
In API v2.0 it's possible to get a list of friends this way:
FB.api('/me/taggable_friends', function (response) {
...
});
But it doesn't return real users' ID that I need for invites with the next function call:
FB.ui({
method: 'apprequests',
message: invite_text,
to: 'user_id_1, user_id_2'
}, function (response) {
...
}
);
How can I get these real IDs?
Or how to resolve this functionality in another way? Because all the answers that I found were connected with games that don't fit me.
I need a full list of friends. Not just that already use my website (analog of the invitable_friends in-game section).
You are not allowed to use taggable_friends for inviting them, obviously it is for TAGGING friends and you only get a tagging token.
There is invitable_friends, but:
The invitable_friends API is only available for games that have a Facebook Canvas app implementation using version 2.0 of the Graph API.
(https://developers.facebook.com/docs/games/invitable-friends/v2.1)
I am afraid what you want to achieve is not possible. The proper way to invite friends to your website is to use the Send Dialog: https://developers.facebook.com/docs/sharing/reference/send-dialog
You can include one User ID in the "to" parameter. Of course it must be a User who authorized your App too, you can get those with /me/friends. Or better: Just open the Dialog and let the User select on his own.
I'm using the Facebook requestdialog to show my friend list and invite,this in a Facebook Web APP, using this:
function sendRequestViaMultiFriendSelector() {
FB.ui(
{
method: 'apprequests',
message: 'Selección de amigos a los que invitar a KugaBar'
}, requestCallback);
}
function requestCallback(data) {
console.log(data);
}
It works (ok).
But I need to identify the user when enter in my APP, you see the requestCallback data and see a "request", but when the users click on the notification and enter in the APP
I don't know how identify the request to detect if the user is accessing by the notification.
EDIT: OK I found it.
The param in the GET vars are "request_ids", but one problem appear, this param only come if the user previously have accepted the permissions, if the user clicks on the notification, and accept the permissions, hitting enter: this param doesn't exist, if the user enter again (not need to accept nothing) this param exists in the URL.
Are there any method to get this param in the first time the user enter?
Thanks
When the user first clicks on a request, you should get the request_id from the URL and store it in a cookie. When the user has completed logging in, check if the cookie exists and then update your record accordingly.
Notifications and Requests are NOT the same thing on Facebook. In your case you're talking about Requests. Request ids are passed to the app as a GET parameter 'request_ids' which is a comma separated list.
To be able to access this parameter after login dialog, you want to save your GET parameters from the original launch URL before redirecting to the OAuth dialog and pass them around in the redirect URL. This way you solved this problem for all of your future GET parameters.
If you're using PHP, the function you're looking for is http_build_query. I'd highly discourage from using a cookie to store one-time and easily accessible URL parameters.
Using the Facebook API, you can get back the post ID of a Facebook share, even if the user has not authorized your app.
The post ID is prefixed by your user ID, and separated by an underscore.
FB.ui({
method: 'feed',
name: 'People Argue Just to Win',
link: 'http://www.nytimes.com/2011/...',
}, function( response ){
// Response gives you :
// { post_id: "[fbUserId]_346759642059572" }
});
To me it looks like Facebook is using this programmatically, rather than with the idea of providing us the userId out of the kindness of their hearts. But it's extremely tempting to use.
I'm a little rusty on permissions - if there is a way to get back all the users that have liked/shared a specific URL, and not just a count, then this should be okay.
But the question remains, is it acceptable to use?
EDIT:
Now that I think about it, you can access the user ID by making an anonymous call to https://graph.facebook.com/[postId] but ONLY if the post was made public.
If you get a response from FB, it means that you have already ask the user for the required permissions,
so yes you can use the data returned from Facebook as you like, but you always have to inform the users how you use those data.
You can only cache user data if you have permission or it is necessary for the function of your app. Using the like button you can subscribe to edge.create and cache the response from the like.
refer to: http://developers.facebook.com/docs/reference/javascript/FB.Event.subscribe/
II. Storing and Using Data You Receive From Us
You will only request the data you need to operate your application.
You may cache data you receive through use of the Facebook API in
order to improve your application’s user experience, but you should
try to keep the data up to date. This permission does not give you any
rights to such data.
in my app i store the id of every page or user that is viewed to speed up page load times and count page views. Seems with in the scope of Policy as long as i am not sharing the info with 3rd parties or making public what a user has set to non public.
If there any way to check in PHP SDK if user can write on specific friend's Wall?
Example:
if ($facebook_can_write_to->'123456789') echo "You can write on this friend's Wall";
Using the FQL table (http://developers.facebook.com/docs/reference/fql/user/) you can check to see if the current user can post to a friends wall by loading up the friend's user information specifically the can_post field.
can_post bool Whether or not the viewer can post to the user's Wall.
According to the documentation you can post on a user friends wall if that user granted you the *publish_stream* permission:
publish_stream
Enables your app to post content, comments, and likes to a user's
stream and to the streams of the user's friends.
There are some cases in which you won't be able to do so, for example if some user blocked your application then I guess it will fail if you try, so you should just check the response you get back from facebook for the api request and see if it worked or not.
Edit
As far as I'm aware you can not ask the api (nor via fql) "can my application post to this users wall", you can only ask "have this user granted my application the publish_stream permission".
If I understand what you want, I might have kind of a solution for you though.
I say show the user the option to post on a friends wall.
When the user chooses this option try to post on the friends wall (and I assume you are using ajax for that call), if it fails return some kind of code, then in the client side check for that code, if it returns use the javascript sdk to open a dialog.
You have two choices for dialogs, you can use the Feed Dialog like this:
var obj = {
method: 'feed',
to: "FRIEND_ID",
name: 'A message',
caption: 'Just trying something',
description: 'This is how to post on a friends wall'
};
FB.ui(obj, function(response) { console.log(response); });
Or you can use the Send Dialog:
FB.ui({
method: 'send',
to: "FRIEND_ID",
name: 'A message',
link: 'LINK_URL',
});
With this one though you have to post a link, I'm not sure if that works for you. After you tried and failed for a user you can save that data and use it later.
I added a like button to the canvas application page that actually configured to the facebook page of the application.
I would like that whenever a user pressed like or dislike on my page, a request will be sent to my server noticing it that the user liked or disliked the application page.
I can catch these events by using the following code:
FB.Event.subscribe('edge.create', function(response) {
alert('You liked the URL: ' + response);
});
FB.Event.subscribe('edge.remove', function(response) {
alert('You disliked the URL: ' + response);
});
I can just check if the response equals to my facebook application page.
the question is.. after I catched the like or dislike, how do i forward it to the server secure enough ? how can I send the request to the server without posting the facebook id as a post/get parameter?
i want to send it to the server in a way that the server will be able to fetch the facebook session information and fetch the userid from there, or any other secure way.
example:
if i'll just call http://mysite/liked_my_app?uid=4534534543
then a user notice this request and start sending liked_my_app with fake uids.
is there a way to prevent that somehow ?
thanks
Instead of using the UID of the user, forward the signed_request. Only you can decode signed requests coming from your application because of the app_secret you have to use to decode it.
Another possible solution (depending on what exactly you want to do when you confirm a like/dislike event) is to check at intervals your page/app like count - in a cron job for example. When a user likes your page/app you can retrieve his UID (possibly other information as well), and you can cross-reference the lists from the last cron job.