I wrote a python script that runs on a cron job on my server that posts to my facebook account for me using my own facebook app. Unfortunately, every couple months, I get:
Response: {u'error': {u'message': u'Error validating access token: Session has expired...', u'code': 190, u'type': u'OAuthException', u'error_subcode': 463}}
Every time this occurs, I have to log into facebook, get a new code -> access token.
I'd like to fully automate this so that I can get a new access token without ever logging into facebook. What's the best way to do this?
I'd prefer a way to do this without storing my password on my server or accessing facebook via curl (which would be a hack), but--worst comes to worst--I suppose I could just login to facebook with curl to get the code -> access token.
Please don't tell me to use offline_access (as most of my searches show). That's been deprecated.
TIA!
edit: here's how I currently re-auth (this requires me to log into facebook):
log into facebook in browser
visit in browser: https://www.facebook.com/dialog/oauth?client_id=XXX&redirect_uri=https://www.facebook.com/connect/login_success.html&scope=publish_actions
extract $code returned from facebook
curl "https://graph.facebook.com/oauth/access_token?client_id=XXX&redirect_uri=https://www.facebook.com/connect/login_success.html&client_secret=YYY&code=$code"
store updated access_token that's returned from facebook
That is exactly how it is supposed to be. There is no way (anymore) to get a User Access Token that is valid forever. No app should be allowed to use a Token of a User who did not open the App in more than 60 days.
One solution is to create a Facebook Page and use an Extended Page Access Token, because those are valid forever. Here are a couple of links with all the information you need:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
Related
I have a server-side script, that should upload photo-albums to my facebook app page. How can script obtain page access token?
I know it's possible on client-side, when user logs in into facebook, and then asks for page access token using me/accounts query. But server-side script can not authorize as a user. So how this can be done?
UPDATE: I actually found how the same goal - uploading albums to app page from server-side script - can be achieved in another way, by manually creating never expired page token. It's described in here: https://stackoverflow.com/a/43570120/4050723
But still I wonder, if this can be done programmaticaly, from script.
There is no way to generate a User Token server side, it always needs user interaction. And you do need a User Token to get a Page Token.
You can create an Extended Page Token with an Extended User Token though, as you have found out already.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
I have written a Python script that makes some statistics for me and a couple of friends based on our posts and comments in them. I've been using it by getting a temporary token in Graph Explorer and copying it to the script before running it. So far I've been able to access friends' posts with API 1.0 (and for some time with 2.0, I assume that was a bug) but now the 1.0 API is getting closed and I'm running into an issue - while some of the /post requests are still accessible to me, many return an "Unsupported get request" error. I can only assume that I can't access these anymore unless I'm using their User Access Token.
I'm not sure what I can do now:
ask them to use Graph Explorer to provide me a temporary token. It works, is pretty secure with default permissions but I would have to do it every time I wanted to update the data.
make some sort of dummy app that they will log into once. I don't know if that violates any rules and if it will be removed immidetaly, I hope not. But I have no idea how to extract the user access token out of the app so I can use it in the script.
What's the "correct" way of doing this?
If the App is only for a specific group of people, it should be no problem. Just add your friends as Tester in the App so they can authorize it with the read_stream permission. Else you would need to go through a review process, and Facebook usually does not approve read_stream.
You don´t really need to handle the Access Token, just use the JavaScript SDK and read the stream of your friends whenever they visit your App.
Btw, you can get the Access Token in the callback response of FB.login. But it will only be valid for 2 hours, you can extend it to 60 days though. More information about extending Access Tokens: https://developers.facebook.com/docs/facebook-login/access-tokens
Easy solution: Create an entry page where your friends (who are Testers in the App) can authorize with read_stream. Right after authorization or refreshing the Token with FB.getLoginStatus, read their posts and store them.
Here´s some code to get you started on that entry page: http://www.devils-heaven.com/facebook-javascript-sdk-login/
...of course you can also just let your friends generated the Access Token manually. Information about that can be found in the Facebook docs (see Link above) or (for example) here: http://www.devils-heaven.com/facebook-access-tokens/ - they can then give you the Token, it will be valid for 60 days if it´s an extended one, or only 2 hours if it´s a default User Token.
I want my application to post to a single, pre-defined user's wall something like "We just posted a new blog at [URL]" with no client-side interaction.
But every answer I can find on this topic seems to hinge on getting an access token through
https://graph.facebook.com/oauth/access_token
Which gives you some redirect url through which a user has to log in manually.
I've got near zero experience with Facebook. Is it possible to automatically get an access token for a predefined user? Am I doing it wrong? ;)
You can't.
Facebook doesn't give you a way to automatically get an access token for a user. That user needs to log into Facebook and explicitly give your app permission. The best you can get is a long-lived access token that remains valid for up to 60 days.
Getting that token requires a two step process:
1) Logging into Facebook using either the JavaScript API or redirecting the user to a valid Facebook login URL.
2) Retrieving the short-lived access token you got in step 1 for a long-lived access token.
Once you've got that access token, should your post fail, you know you need to re-authenticate the user and get a new long-lived access token. Your user needs to be online and logged into Facebook for this to work, though it can happen without their interaction.
I am trying to get events from a Facebook page via Ajax.
But there should be no login process for user. For this reason I am trying to implement "Login as an App" by following the the documentation on this page.
I am getting the access token correctly by
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&client_secret=YOUR_APP_SECRET
&grant_type=client_credentials
However when I try to query Facebook Graph API with this access token I am getting an empty result set.
This is an example request;
https://graph.facebook.com/FAN_PAGE/events?access_token=ACCESS_TOKEN
I know the result set should not be empty because the same request with Graph Explorer returns the correct values.
Even a request like https://graph.facebook.com/FAN_PAGE/events?access_token=ACCESS_TOKEN_FROM_GRAPH_EXPLORER works correctly.
Any idea on whats going on? How can I get this to work correctly?
Actually the reason was not about the access token. The reason is that the page I want to get the events for is restricted. This works fine for unrestricted pages.
After a little research I found out that to read a restricted page's events (or posts etc.) you need a user access token. You get this by asking the user. (at login flow)
The other solution to get this data without prompting for a login is to get "page access token". You can generate a page access token by following this link.
And more on Access Tokens
I use the Facebook PHP SDK to log in users on my website.
I was experimenting with the "long-lived" access token that expires after 2 months instead of 2 hours. Now I can't get rid of it. It is a problem for me, since it gives me access to the graph API even when the user is logged out of Facebook. I use that to determine if a user is logged in on my site, so it becomes impossible to log out.
I have tried changing the app ID and app secret, as well as deleting my facebook and app cookies, using other accounts, but nothing helps.
How can I get the 2 hour access token back, so I can't use the graph API when the user is not logged in?
The server-side authentication flow will always give you a long-lived access token.
If you want a short-lived one, then you have to use the client-side flow (FB.login from the JavaScript SDK).