Facebook access token for post message in timeline - facebook

I am trying to do something like this. Lets say a user used FB Connect for registration in our site, so I can get the "uid" of facebook and I can store in DB. Now what I want each time that user will visit a store details page or item details page I will post that store/item image with link, photo, description etc to FB timeline.
Something like this:
$post_id = $facebook->api('/me/feed/', 'post', array(
'message' => $products_name, // item name
'link' => 'http://www.blabla.com/item/myshoes', // item url
'picture' => $fb_img_src, // item image
'caption' => $products_name, // item name for caption
'description' => $products_description // item description
));
} catch (FacebookApiException $e) {
$user = null;
}
This process works fine if user logged in to FB by using our FB app. But as I said I want to post if they not even logged in by using their facebook "uid".
Is it possible to authenticate that user depending on facebook "uid"?
Thanks in advance! Any clue/help will be appreciated!

I strongly believe that posting anything to user's Facebook without their's consent or even their action will surely and quickly encourage them to leave your site forever. Do not do this.
Anyway - to answer your question:
Yes, it is possible to get access to user's Facebook and "do stuff", especially when a user is logged in both on Facebook and on your site. You just need to obtain user's access token (read about it in the docs), and make sure the users grants your app all aproppriate permissions. There are also access tokens that can be used offline (user is not even online), but I'm not going to discuss it here.
One way to obtains user's access token is to redirect the user to FB login url providing your APP_ID (as described in FB developers docs). FB will then redirect the user to your Fb-login URL with access code/access token, which enables you to do something like posting to users timeline.
Of course actions that you can take are limited according to permissions said user has granted for your app. And I have to remind you - it's a thin ice you're stepping on.

Related

App in facebook Require Approval?

Scenario is like this:
I have created an app in facebook say myApp.
I have integrated facebook login in my website say mywebsite.com.
I am intended to fetch user's "education_history" ,"work_history" ,"books" , "music".
I am not asking permissions for writing anything on user's facebook wall.
Here the problem.
I am able to fetch required information from facebook only when I logged in ( myapp created on my account only ) but when someone else try to login to mywebsite.com through facebook then I get only his public profile nothing else.
Why is it so ? What I am missing. All permissions are correct.
Thanks for help
EDITED :
Code for login URl :
// Return facebook or linkedIn login url
public function loginurl(){
// It is facebook
$login_url_params = array(
'scope' => 'email,user_actions.book,user_actions.fitness,user_actions.music,user_actions.news,user_actions.video,user_education_history,user_groups,user_hometown,user_interests,user_likes,user_website,user_work_history',
'redirect_uri' => 'http://localhost/users/store/fb/'
);
$login_url = $this->facebook->getLoginUrl($login_url_params);
echo "<a href=" . $login_url.'>Login</a>';
}
You should get a warning when you authorize some specific permissions as App Admin/Developer, telling you to review them:
Apps requesting more than public_profile, email and the user_friends permission must be reviewed by Facebook before those permissions can be requested from people
HereĀ“s more information about the review process: https://developers.facebook.com/docs/apps/review
Localhost will only work for you, but not for other users. Except you are trying with another user on your computer, of course.

how to post facebook user wall/ page status by a single user only no app install for other users

I am working on a site and i need to post page links from that site to a special user wall or page if something is published on it which means i only need one user to post that question.
the problem which i am facing is access token since i am not trying to show facebook login page in front of website traffic. its not like sharing on user wall we are basically trying to post status on a page automatically so any help for this problem will be appreciated.
i am using the following code which seems to work fine as long as the access token for the page is valid but i need to make something permanent so that i can add all the info in the php code hardcoded and it work for some weeks at-least without changing the api key or token
$appid = 'code';
$appsecret = 'code';
$wall= $pageId = 'code';
$token='page token';
$facebook = new Facebook(array('appId' => $appid, 'secret' => $appsecret, 'cookie' => true));
$params=array( 'message' => $msg,'name' => $title, 'caption' => $title, 'link' =>$uri,'description' => $desc, 'picture' => $pic, 'access_token' => $token,'actions' => json_encode(array('name' => $action_name,'link' => $action_link)) );
$result = $facebook->api($wall.'/feed/','post',$params);
if i make token from the graph api debug page then it works fine but after some time i got the message "OAuthException: An active access token must be used to query information about the current user."
i am really desperate to find something solid for it.
thank you
You can write a backend script (maybe a cron job using the FB PHP-SDK) that runs as the special user and makes the desired FB api calls. For this, you will want to use a long-lived access token, which needs to be renewed every 60 days. You might also try your FB api calls using an App Access Token, which do not expire but also do not support all FB publishing and other operations.
To post to someones wall (or perform any action with the open graph) you must be authenticated with facebook as somebody in their graph or an application that they have granted permission to.
You should look at the permissions that can be set using the oauth scope attribute...
https://developers.facebook.com/docs/reference/dialogs/oauth/
To me it looks like they will need to grant your application publish_stream if you want to write to their friends walls as well as the user that you are authenticated as.
https://developers.facebook.com/docs/reference/login/extended-permissions/

Is it possible to publish action from a Facebook Page?

I've been using the great facebook OpenGraph and the publish_actions permission. My users can publish actions through our website, and it's directly connected to there Facebook-Timeline. Great integration, very simple to be developped : thanks a lot for your work!
But, I have one more question :
Is it possible to use publish_actions not from a specific user but directly from a Facebook Page? (as described here for a user: https://developers.facebook.com/docs/opengraph/actions/#create)
For example, User John Smith has one Facebook Page (named "John Smith Advocate"), and wants to publish action, not from John Smith himself, but from the Facebook Page "John Smith Advocate".
I wonder if it's possible.
Thanks a lot guys !
In order to publish as a page, you need to obtain an authentication token for that page. To do this you need to follow these steps (sorry for the lack of detail, hopefully this will point you in the right direction):
1) A user who is an administrator of your page needs to be authenticated with your app, and you need to get the "manage_pages" extended permission for them
2) get a list of all the accounts the user is an admin of:
https://graph.facebook.com/me/accounts
3) you'll get a json array of pages the user is an admin of, and also an access token for each page - extract the relevant access token
4) Use the access token to post to the relevant album ID (owned by the page) - here is some php code that does it;
<?php
$args = array('message' => 'Caption');
$args['image'] = '/path/to/image.jpg';
$args['access_token'] = $page_access_token;
$data = $facebook->api('/'. $album_id . '/photos', 'post', $args);

How to post to a Facebook Page (how to get page access token + user access token)

I am trying to work out how to post to a Facebook page wall, when using my app as a different Facebook User (who is not the Page Administrator).
I get a range of error messages while testing:
Exception: 200: The user hasn't authorized the application to perform this action
The page administrator has visited the app and accepted the following permissions: publish_stream, manage_pages, offline_access
Here is the code I plan to use:
// Insert Page Administrators ID here
// This user is not the same user that is currently logged in and using the app
// This user is the page administrator who has authorised:
// - manage_pages
// - offline_access
// - publish_stream
$user_id = '123456789';
// Insert Page ID here
$page_id = '123456789';
$accounts = $facebook->api('/'.$user_id.'/accounts');
foreach($accounts['data'] as $account)
{
if($account['id'] == $page_id)
{
$page_access_token = $account['access_token'];
echo "<p>Page Access Token: $page_access_token</p>";
}
}
// publish to the wall on your page
try
{
$result = $facebook->api(array( "uid" => $page_id,
"method" => "stream.publish",
"access_token" => $page_access_token,
"message" => $message, ));
}
catch (FacebookApiException $e)
{
error_log('FB Error: Could not post on Page Wall. Page ID: ' . $page_id);
error_log('FB Error Message: ' . $e);
}
Note: There may be PHP errors in the code above, as I just spliced it on the fly, but its not so much the PHP errors I need correcting, but more my logically understanding of how I am meant to go about this process.
PROBLEM:
I can't access the $user_id/accounts information without an active user access token for the Page Administrator.
The end result that I'm trying to achieve is:
1.) A normal FB user goes to the app and submits a form
2.) The app posts a message on a FB Page wall, which is not owned by the FB user, but has previously been authorized by the Page Administrator with the following permissions manage_pages, publish_stream and offline_access
Q1. Since the Page Administrator has accepted the appropriate permissions, why can't I just generate an active user access token, without the actual Page Administrator user logging into the website?
Q2. Is there a way I can get the equivalent of /$user_id/accounts for the Page Administrator user_id, when logged into Facebook as a different user (which is why I do not use /me/accounts)?
Q3. Please confirm that my understanding of needing the page access token to post to the page wall is correct (or do I need the user access_token for the Page Administrator - see Q1)?
Q4. Anyone have a handy resource on what each type of access_token can actually access?
If you need any more information, please let me know.
I've spent the last few days working on this and I'm stuck.
Thanks!
You can ask the page admin for manage_pages along with offline_access. I do this in my production app to be able to post scheduled postings onto the pages' walls.
Nope. Not possible. That's what asking permissions is all about. And why not everyone gets to administer everyone else's pages. Could you image if you could administer anyone's page without them granting you access?!?
To post to the page as the page, you need a page access token. To post to page's wall as a user, you need a user access token.
Yes, please see: https://developers.facebook.com/docs/reference/api/permissions and https://developers.facebook.com/docs/authentication/
If you have further questions about any one of these, please start a new question. It's not really fair to users of stackoverflow to be hit with 4 questions in one and then to be asked followup questions to each of those.
I have done in Django:
Step to get Page_access_token:
facebook_page_id=360729583957969
graph = GraphAPI(request.facebook.user.oauth_token.token)
page_access_token=graph.get(facebook_page_id+'?fields=access_token')
This way you can get Page access token.
You can check this thing on Fb GraphAPIexplorer:
http://developers.facebook.com/tools/explorer
GET URL: fb_page_id?fields=access_token
for example: 360729583957969?fields=access_token
that will give you page_access_token

Prevent signups with Facebook proxy email

Problem is, when a user clicks on FB Login button on my site, Facebook API throws him with a window which ask for access permissions(which is the usual flow). But when the user chooses the proxy mail address (anonymous), then I want to force the user to login only using his real email id.
How am I supposed to handle this ?
I can detect that user used proxy email and prevent him from registering, but then I can't remove my app from his list of authorized apps - meaning I can't get him to that initial dialog for choosing which email he will provide.
You can't force the user to go through the authorization dialog again, because as far as Facebook is concerned, the user has installed your application and nothing else needs to happen. The best thing you can do here is write your own form which informs the user that the Facebook proxy e-mail address is unacceptable and you need a real e-mail address. Unfortunately, this does not force the user to give you their Facebook account e-mail address, or even a real e-mail address. This is the best we have via Facebook though, and it's just something we have to deal with.
UPDATE 5/10/11
I was browsing around the Facebook documentation, and found a method that exists in the old Legacy REST API which actually allows you to remove extended permissions for your app from a user. I think you could use this exact API call to manage getting non-proxy addresses from your Facebook user, while still using the native install dialog.
I tested this using the FB JS SDK and it worked! The method you need to use is the auth.revokeExtendedPermission method. Here are 2 examples of calling that method via the JS SDK and the PHP SDK.
Javascript:
<script>
FB.api({
method: 'auth.revokeExtendedPermission',
perm: 'read_stream'
}, function(response)
{
console.log(response)
});
</script>
PHP:
<?php
$facebook->api(array(
'method' => 'auth.revokeExtendedPermission',
'perm' => 'email',
'uid' => $uid
));
Because these use the Legacy REST API they're not as "supported" as the new Graph API. I've not seen anything regarding migrating this feature to the Graph API. Hopefully they will.
Invoke revocation of the app through graph api (as below) with the php sdk then redirect user back through your dialog with this non-proxy requirement explained.
private function revokeAccess() {
$access_token = $this->facebook->getAccessToken();
$result = $this->facebook->api(array(
'method' => 'auth.revokeAuthorization',
'uid' => $this->{facebook id here},
'access_token' => $access_token
));
return $result;
}
This code is php.
This completely removes the app.
Returns 1 on success; 0 on failure.
$this->facebook == facebook object from the facebook php sdk.