I have a app scoped user id. Now, I wanted to find its real id but as I went some existing forums like Get Facebook User ID from app-scoped User ID it appears that it is not possible to derive real id from app scoped user id.
But I see that it is possible via https://izitools.com/en/tool/get-facebook-id-from-scoped-id.
Is there any Graph API which can be used to derive real id from the app scoped user id?
If it is not possible, we might need to derive app scoped user id from real id.
It seems there is some solution to derive the app scope user id from the real id but could not figure out the solution. Could someone sheds some light on it?
Will exposing app specific Facebook friend user IDs in client side source code expose my app/my apps users to any exploitable security/spam risks?
Example where data is exposed:
I'm requesting the list of facebook friends using the user_friends permission with the graph API. This list returns a name and app specific user ID for each friend.
I allow a user to select a friend which will send them an in-app invite.
The best way to identify this friend is the app specific user ID which means it will appear in my client side source code.
Exploits I can think of:
Using a sending message dialog link (https://developers.facebook.com/docs/sharing/web#sendingmessages), might allow someone to use my app id (which can be easily found by logging in via facebook) and an exposed user ID to prepopulate the to field to pretend to be my app trying to spam their friends.
Workaround to exposing data:
Store the friend list in a db table and generate a new harmless ID for each relationship.
I'd rather not do this as I'll have to update this list every time as friend lists will change regularly.
It is perfectly safe to expose those App Scoped IDs on the client. You can only prepopulate the send dialog with one single ID, and the ID must be a friend of yours. So you canĀ“t really exploit it.
IDs are safe in general (App ID, User ID, ...). You only need to be careful with your App Secret and Access Tokens.
i'm crawling user comments and its user ids in public links to build a graph, and i noticed some users have more than one ID. For example, this user have two different IDs: 100000571429851 and 993673107328394.
I'm not using different aps to get the user ids (someone told me user IDs changes between different apps).
Any ideas about how i can get a really unique ID for each user?
The reason for the different IDs is because this user is using a mixture of v1 and v2 facebook apps. The first ID is the user's personal ID and is returned when someone authorizes the v1 of an app. The second ID is an app scoped-ID and is returned using v2 of the facebook API. See the section in the facebook docs on App-scoped User IDs
https://developers.facebook.com/docs/apps/upgrading
Facebook will begin to issue app-scoped user IDs when people first log into an instance of your app coded against v2.0 of the API. With app-scoped IDs, the ID for the same user will be different between apps.
In advent of the new V2 Facebook Open Graph API, I need to make note of the logged in users 'App-Scoped' user ID, in order to register the id with Parse in order to receive PUSH notifications.
However, as the logged in user I get the Facebook ID instead.
Haven't found anything in the docs to solve this problem yet, so thought I better ask here.
If you created your facebook application before the introduction of graph API 2.0, It will continue to receive the canonical facebook user ID
If you created your facebook application, after the introduction of graph API 2.0, It gives you app scoped id instead of the canonical id.
In this case I assume your application is quite old.Therefor create a new app and it will give you the app scope id.
In facebook document:
"The id of this person's user account. This ID is unique to each app
and cannot be used across different apps. Our upgrade guide provides
more info about this." You only get id with each apps.
more information in here: facebook.developers
The "Facebook ID" as you call it IS the App-scoped User ID.
See https://developers.facebook.com/docs/apps/upgrading#upgrading_v2_0_user_ids
The id you get from the api's is an opaque string, and you should use it as such.
If the user has already granted your app access on v1, then your app will continue to receive the same id.
The old users who have registered keep receiving the canonical ID from Facebook for those users, and new users are getting the new scoped ID. Although it is working fine as a long integer, I suggest to change the long field for a string field (unless you already treat it as a string), because we cannot know what Facebook will send here in the future. To keep your code mainly unchanged, create a new internal user id long integer which will be the one your code is already using, and relate it with the string ID from Facebook, which is canonical or scoped, depending if the user registered before or after the migration, and which you will have to manage only for logins, requests, open graph stories, etc.
This way you have not worry about canonical or scoped id EXCEPT one case. Everything works fine, except we found a problem, and maybe somebody can correct me and so help me to solve this: when a new user accept a invite request from an existing user, when your app reads the ID of the sender of the request, I found that Facebook gives you the new scoped id ALWAYS, no mater if the referrer is old or new user. This way, if a user registered before the migration, you have stored the canonical ID, and later, you read a request from this user accepted for a new one, you get the scoped id from the old user, but what you have stored is the canonical one! As result, old users can no more invite new users properly! If anyone knows how getting canonical ids from requests sent for old users, or knows how to obtain the scoped ids for the existing users with canonical ids (to store the new scoped ids in the database) it would be very helpful to hear their suggestions.
I want to create a Facebook app that can operates inside IFrame / FB connect.
I have to store some user information inside my database, but I still can't decide whether to use Facebook UID as the primary key or to create my own user ID (and have the Facebook UID as a regular column). Which approach is commonly used and why?
Thanks !
Andree
The Facebook UID are also unique, as far as I am concerned, i always use the Facebook UIDs. Although that shouldn't a problem if you create your own ID but that would be an extra overhead.