App in facebook Require Approval? - facebook

Scenario is like this:
I have created an app in facebook say myApp.
I have integrated facebook login in my website say mywebsite.com.
I am intended to fetch user's "education_history" ,"work_history" ,"books" , "music".
I am not asking permissions for writing anything on user's facebook wall.
Here the problem.
I am able to fetch required information from facebook only when I logged in ( myapp created on my account only ) but when someone else try to login to mywebsite.com through facebook then I get only his public profile nothing else.
Why is it so ? What I am missing. All permissions are correct.
Thanks for help
EDITED :
Code for login URl :
// Return facebook or linkedIn login url
public function loginurl(){
// It is facebook
$login_url_params = array(
'scope' => 'email,user_actions.book,user_actions.fitness,user_actions.music,user_actions.news,user_actions.video,user_education_history,user_groups,user_hometown,user_interests,user_likes,user_website,user_work_history',
'redirect_uri' => 'http://localhost/users/store/fb/'
);
$login_url = $this->facebook->getLoginUrl($login_url_params);
echo "<a href=" . $login_url.'>Login</a>';
}

You should get a warning when you authorize some specific permissions as App Admin/Developer, telling you to review them:
Apps requesting more than public_profile, email and the user_friends permission must be reviewed by Facebook before those permissions can be requested from people
HereĀ“s more information about the review process: https://developers.facebook.com/docs/apps/review
Localhost will only work for you, but not for other users. Except you are trying with another user on your computer, of course.

Related

Facebook access token for post message in timeline

I am trying to do something like this. Lets say a user used FB Connect for registration in our site, so I can get the "uid" of facebook and I can store in DB. Now what I want each time that user will visit a store details page or item details page I will post that store/item image with link, photo, description etc to FB timeline.
Something like this:
$post_id = $facebook->api('/me/feed/', 'post', array(
'message' => $products_name, // item name
'link' => 'http://www.blabla.com/item/myshoes', // item url
'picture' => $fb_img_src, // item image
'caption' => $products_name, // item name for caption
'description' => $products_description // item description
));
} catch (FacebookApiException $e) {
$user = null;
}
This process works fine if user logged in to FB by using our FB app. But as I said I want to post if they not even logged in by using their facebook "uid".
Is it possible to authenticate that user depending on facebook "uid"?
Thanks in advance! Any clue/help will be appreciated!
I strongly believe that posting anything to user's Facebook without their's consent or even their action will surely and quickly encourage them to leave your site forever. Do not do this.
Anyway - to answer your question:
Yes, it is possible to get access to user's Facebook and "do stuff", especially when a user is logged in both on Facebook and on your site. You just need to obtain user's access token (read about it in the docs), and make sure the users grants your app all aproppriate permissions. There are also access tokens that can be used offline (user is not even online), but I'm not going to discuss it here.
One way to obtains user's access token is to redirect the user to FB login url providing your APP_ID (as described in FB developers docs). FB will then redirect the user to your Fb-login URL with access code/access token, which enables you to do something like posting to users timeline.
Of course actions that you can take are limited according to permissions said user has granted for your app. And I have to remind you - it's a thin ice you're stepping on.

Redirect to facebook app after login from auth dialog

I got some problem with my testing app
$params = array(
'scope' => 'read_stream, publish_stream'
);
$loginUrl = $facebook->getLoginUrl($params);
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
This is the code I use to send user who has not logged in yet to login
via facebook auth dialog.
The problem is after login using facebook auth dialog
user will be redirected to my site which is not in facebook app.
How can I send user back to facebook app after login using auth dialog ?
Please help
You can use the redirect_uri parameter of getLoginUrl() to tell facebook where you want to send the user after authorization ends (let it be success or failure).
There's a number of restrictions on what you can use there, basically you got three options:
URL under your application's domain.
The canvas path of the application (if it has one): https://apps.facebook.com/YOUR_APP_NAMESPACE
Any page url that has your application installed: https://www.facebook.com/PAGE_USERNAME/app_YOUR_APP_ID
By default, the php sdk takes the current url as redirect_uri. The documentation about these are under the oauth dialog's documentation of the same parameter.
Was google-ing about the same issue and found a solution,so thought might as well answer her.
simply add the following code in the main page.
$config['appBaseUrl'] = "http://apps.facebook.com/your_app_name/";
if(isset($_GET['code']))
{
header("location:" . $config['appBaseUrl']);
exit;
}
$config is the array that i pass while creating the facebook object. In this context,its not necessary to create an array though.

How to post to a Facebook Page (how to get page access token + user access token)

I am trying to work out how to post to a Facebook page wall, when using my app as a different Facebook User (who is not the Page Administrator).
I get a range of error messages while testing:
Exception: 200: The user hasn't authorized the application to perform this action
The page administrator has visited the app and accepted the following permissions: publish_stream, manage_pages, offline_access
Here is the code I plan to use:
// Insert Page Administrators ID here
// This user is not the same user that is currently logged in and using the app
// This user is the page administrator who has authorised:
// - manage_pages
// - offline_access
// - publish_stream
$user_id = '123456789';
// Insert Page ID here
$page_id = '123456789';
$accounts = $facebook->api('/'.$user_id.'/accounts');
foreach($accounts['data'] as $account)
{
if($account['id'] == $page_id)
{
$page_access_token = $account['access_token'];
echo "<p>Page Access Token: $page_access_token</p>";
}
}
// publish to the wall on your page
try
{
$result = $facebook->api(array( "uid" => $page_id,
"method" => "stream.publish",
"access_token" => $page_access_token,
"message" => $message, ));
}
catch (FacebookApiException $e)
{
error_log('FB Error: Could not post on Page Wall. Page ID: ' . $page_id);
error_log('FB Error Message: ' . $e);
}
Note: There may be PHP errors in the code above, as I just spliced it on the fly, but its not so much the PHP errors I need correcting, but more my logically understanding of how I am meant to go about this process.
PROBLEM:
I can't access the $user_id/accounts information without an active user access token for the Page Administrator.
The end result that I'm trying to achieve is:
1.) A normal FB user goes to the app and submits a form
2.) The app posts a message on a FB Page wall, which is not owned by the FB user, but has previously been authorized by the Page Administrator with the following permissions manage_pages, publish_stream and offline_access
Q1. Since the Page Administrator has accepted the appropriate permissions, why can't I just generate an active user access token, without the actual Page Administrator user logging into the website?
Q2. Is there a way I can get the equivalent of /$user_id/accounts for the Page Administrator user_id, when logged into Facebook as a different user (which is why I do not use /me/accounts)?
Q3. Please confirm that my understanding of needing the page access token to post to the page wall is correct (or do I need the user access_token for the Page Administrator - see Q1)?
Q4. Anyone have a handy resource on what each type of access_token can actually access?
If you need any more information, please let me know.
I've spent the last few days working on this and I'm stuck.
Thanks!
You can ask the page admin for manage_pages along with offline_access. I do this in my production app to be able to post scheduled postings onto the pages' walls.
Nope. Not possible. That's what asking permissions is all about. And why not everyone gets to administer everyone else's pages. Could you image if you could administer anyone's page without them granting you access?!?
To post to the page as the page, you need a page access token. To post to page's wall as a user, you need a user access token.
Yes, please see: https://developers.facebook.com/docs/reference/api/permissions and https://developers.facebook.com/docs/authentication/
If you have further questions about any one of these, please start a new question. It's not really fair to users of stackoverflow to be hit with 4 questions in one and then to be asked followup questions to each of those.
I have done in Django:
Step to get Page_access_token:
facebook_page_id=360729583957969
graph = GraphAPI(request.facebook.user.oauth_token.token)
page_access_token=graph.get(facebook_page_id+'?fields=access_token')
This way you can get Page access token.
You can check this thing on Fb GraphAPIexplorer:
http://developers.facebook.com/tools/explorer
GET URL: fb_page_id?fields=access_token
for example: 360729583957969?fields=access_token
that will give you page_access_token

Facebook account delink or deauthorize facebook app and check status of linking from facebook app

My website application having feature login with Facebook login. And for which my app is present on Facebook. Login with facebook is working fine.
But application have feature of linking and unlinking facebook account to Facebook app.
How to check FB account is linked with specific FB app or not?
And how to unlink FB account from specific FB app if linked (On that user's request )?
("Linked" means we select "Allow" to FB app on request)
With the new Graph there is a documented way to deauthorize (I've tested it in the Graph API explorer and it works). Send an HTTP Delete command to "me/permissions" with a valid access token. Not only will it invalidate the access token, but it also removes the app from the user's list of auth apps. This requires the user to authorize the app again (going thru the permissions screens) to use it. Happy coding!
Please note Facebook in the process of deprecating the REST API, and have adding equivalent support to the Graph API User object for "auth.revokeAuthorization" method.
//$this->facebook is facebook object
//$userid is of logged in user or can be written hardcoded.
For checking linked in or not by making api call.
$user_id = $this->facebook->getUser();
$result = $this->facebook->api(array(
'method' => 'fql.query',
'query' => "SELECT is_app_user FROM user WHERE uid=$user_id"
));
$is_installed = $result[0]['is_app_user'];
if($is_installed==1) {
echo 'Linked';
}
else {
echo 'Not Linked';
}
For delinking or deauthorization the user by making app call:
$user_id = $this->facebook->getUser();
$access_token=$this->facebook->getAccessToken();
$result = $this->facebook->api(array(
'method' => 'auth.revokeAuthorization',
'uid' =>$user_id,
'access_token'=>$access_token
));
This can easily achieved with simple FQL query:
SELECT uid FROM user WHERE uid = {USER_ID_HERE} AND is_app_user = true
This will return uid of user if he is connected with app and nothing otherwise
Make an API call to /{USER_ID}/permissions with your App access token and it will show if that user has authorised your app
You can also check with the user's access token if you have one.
The response type will be something like this:
{
"data": [
{
"installed": 1,
"bookmarked": 1
}
]
}
There'll be one entry there for each extended permission the user has granted your app and the installed line means they've installed your app
For a user who hasn't installed your app the response will be:
{
"data": [
]
}
You can also use FQL as Juicy Scripter suggests in another answer
Here's how to deauthorize your app using Facebook iOS SDK v4:
#import <FBSDKCoreKit/FBSDKCoreKit.h>
...
NSString *graphPath = [NSString stringWithFormat:#"/%#/permissions", [FBSDKAccessToken currentAccessToken].userID];
[[[FBSDKGraphRequest alloc] initWithGraphPath:graphPath parameters:nil HTTPMethod:#"DELETE"]
startWithCompletionHandler:^(FBSDKGraphRequestConnection *connection, id result, NSError *error) {
if ( !error ) {
NSLog(#"Facebook unlinked");
}
}];
Through the Graph API, from the docs (thanks #DMCS):
You can de-authorize an application or revoke a specific extended
permissions on behalf of a user by issuing an HTTP DELETE request to
PROFILE_ID/permissions with a user access_token for that app.
The olds REST API offers you auth.revokeAuthorization. You can read more about that on the auth.revokeAuthorization docs.
Be aware that the REST API will be deprecated in the future, although Facebook doesn't specify when exactly.
I am not aware of any way to get a list of apps a given user is connected to, or see any reason Facebook would make that available. To see if a user is connected to your app, the other answers here should provide you with a couple of ideas.

How do I check if a facebook account is currently logged in before requesting permission for my app? (using php sdk)

I'm using the php sdk v3.0.1.
I am trying to get offline access from users.
When my app requests permission from the user, it does so for the currently logged in user. I'd like to first check if a facebook account is logged in, and if so display a message. for example:
User "John Doe" is currently logged in.
then I'd have a link to "log out" or a link to continue to the permission page.
I was trying this but it always returns 0:
$facebook = new Facebook(array(
'appId' => 'XXX',
'secret' => 'YYYYYYYYY',
));
// Get User ID
$user = $facebook->getUser();
if($user)...
else...
the if statement always fails and then when the else is procesed and I send them to the login page, it requests permission for the currently logged in user (which I don't want).
I've searched extensively and can't find an answer. :-/ Any help or suggestions would be appreciated. I'm completely new to the facebook api.
Basically you would like authentication and permission requests to be separate. Correct me if I'm wrong about that. So you can just send users through a plain authentication step:
$loginUrl = $facebook->getLoginUrl();
and then later send them through again with the proper permissions.
$arg['req_perms'] = "[permissions here]";
$loginUrl = $facebook->getLoginUrl($arg);
This will get you a separate login and permission request step.