I have a blog website and I have a Facebook page where I would like to share updates from my blog. I also would like to share those updates to my personal profile/timeline. I made an application and requested the publish_actions and manage_pages permissions.
It got rejected with the following comment:
You do not need to request these permissions because your blog or CMS
is integrated with an app that you admin. As an App admin, you can
already access these permissions and post to your Timeline or a page
you admin. You can provide access to additional users by adding them
as developers of your App.”
Yes, I am an admin on website, app and Facebook profile/page.
But, can anyone tell me what does it mean?
I read documentation several times. It's pretty clear that I can post even to my own only with access_token. I can get access token if I ask for authorization.
If a request authorization with publish_actions, manage_pages authorization dialog comes with the red banner saying:
"The following permissions have not been approved for use and are not being shown to people using your app: publish_actions and
manage_pages.Submit them for review or learn more."
and
"This does not let the app post to Facebook."
. Then any attempt to post comes with Error #200) The user hasn’t authorized the application to perform this action. It I don't ask for permission I just getting Error 200.
So how exactly I can "already access these permissions and post to my Timeline or a page I admin" as an App admin?
It seems that around mid May they of went back on the review process, at least partially; if your user owns the app and the page then you should be able to publish to your stream or to your page without going through the review process... I guess you just don't have to ask for the permissions that triggers the review process.
I'll be testing this in a bit and I'll get back to you with my results.
UPDATE: Yup. I've just tested it... just ask for publish_actions, manage_pages and status_update and it'll let you autopost on your own page, just ignore the warning about the review process.
Related
I have an app that programmatically make post on a configured Facebook Page.
My app obviously have both the manage_pages and publish_pages permissions approved and I'm using pages access token
Everything work well since now, but recently when I POST on page feed
https://graph.facebook.com/v3.1/234002440799692/feed
I get this error:
{"error": {
"message":"(#200) Requires either publish_to_groups permission and app being installed in the group, or manage_pages and publish_pages as an admin with sufficient administrative permission",
"type":"OAuthException",
"code":200,
"fbtrace_id":"HEVcI\/Tq3fW"
}}
I know that Facebook has deprecated publish_actions scope, so that it's not possible anymore to post programmatically on the personal feed, but I can't find out why the post on a page return this kind of error.
Some further infos:
posting with a developer account actually work
the user by which the page access token is obtained, created the page on Facebook (so I think it's an admin for the page)
i recently migrated from graph_api v2.12 to v.3.1
Any suggestion will be appreciated
Thanks
I figured it out what the problem with some pages is.
It seem that now, if the user grant the manage_pages and publish_pages permission, that will be valid only for already existing pages!
New pages haven't the permission granted by default.
The only way I can fix the problem was to remove my app from the user profile (Facebook Settings > Business Integrations > Select the app > Remove) and then prompt the user again with the Facebook OAuth permission dialog.
I don't know if there is a way to force the app removal programmatically, but I can't find out.
You can use the following URL:
https://graph.facebook.com/v7.0/234002440799692/feed?&access_token={access_token}
I'm working on a notification web-app that has a Post-to-Facebook feature. Until the (Graph) API v2.0, it worked great. A user would authenticate with their Facebook account, put their token into our app, and we'd use that to make posts to their wall/page for them when a new notification was sent.
We have applied for the permissions we need to use on Facebook's new API (publish_pages, publish_actions, manage_pages). We received a notice that our application was rejected, so we re-worded the same application for permissions to try to clarify what we use the permissions for, resubmitted it, but have been rejected again.
An app that does almost exactly the same thing we hope to do was granted these permissions (we know, because we both work with- and compete with- that app). Until we found out that that app can still publish posts to Facebook, we believed that all requests to repost/automatically post on users' behalfs were being denied because of a Facebook policy change.
We can't figure out who to contact or where to appeal the denial of these permissions. This probably isn't the right forum (since this isn't specifically a technical question about the API), but I can't see where to take this issue next.
Did you have a look at the Login Review FAQs:
https://developers.facebook.com/docs/facebook-login/review/faqs
or otherwise refer to
https://www.facebook.com/groups/fbdevelopers
I am building my first facebook app and am facing a issue.
Task : Build a entirely server side application to be used by the admin of a facebook page to post videos/photos on the page. This should not involve having the admin to log in everytime to generate the user acess and page access token.
What I found : Based on the requirement, I found that app tokens can be used for this purpose. This line specifically hints at the usefulness.
App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application
I think that using this will be safe since mine is an entirely server side app.
Problem The docs say that:
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
will give the app token that can be used in place of user access token.
However, I have not been able to do so. Specifically the error encountered is
Error 200 .The user must have accepted the TOS. Since I have already tried publishing content with page access token, I know this is a permission issue.
The following line
a person who has granted an open graph publishing permission to your application.
does not clarify everything. I came across a related question, but the answers seem to be a bit vague.
It would be really great if someone could give me insights about how this can be achieved.
In order to post to a page, you need at least authorize with the manage_pages permission. If you want to post "as user", you need to add publish_actions and use a "User Access Token". If you want to post "as page", you need to add publish_pages and use a "Page Access Token".
Information about how to generate those Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
The error message with the TOS has been discussed a lot of times already, please go to those threads (or find a lot more with the search function):
(OAuthException) (#200) User must have accepted TOS on C# - Facebook
How come I get a "must have accepted TOS" error for test users with app installed?
facebook long term token "(#200) User must have accepted TOS"
Occassional (OAuthException - #200) (#200) User must have accepted TOS
You cannot post to a Page via an App Access Token. This is clearly stated in the docs at
https://developers.facebook.com/docs/graph-api/reference/v2.3/page/feed#publish
A user access token with publish_actions permission can be used to publish new posts on behalf of that person. Posts will appear in the voice of the user.
A page access token with publish_pages permission can be used to publish new posts on behalf of that page. Posts will appear in the voice of the page.
I'd recommend to use a eternal Page Acess Token, so there's no obligation to renew the User Access Token. Have a look at my answer here:
Post to a facebook page without "manage_pages" permission using php
See
https://developers.facebook.com/docs/facebook-login/access-tokens#pagetokens
Facebook sent an attention alert about the permission the App is requesting:
Permissions
Your app asks for read and write permissions at the same time. You should only ask for write permissions when a user tries to share something to Facebook. Please update your app accordingly. Read our best practices for more details.
In fact during authentication App is requesting those permissions:
read_friendlists, publish_stream, offline_access, email
But App is not using FB login so according to second point of this section "Publishing permissions", we can ask for both read and write permission:
https://developers.facebook.com/docs/facebook-login/permissions/#publishing
In this situation, can the Alert be ignored?
The "problem" with your request is the read_friendlists permission, the guidelines in case of non-facebook login says:
In this case, make sure that the only read permissions you request are
public profile and friend list.
Also the offline_access han been deprecated and not useful anymore
So you should ask for read_friendlists in a separate request, the alert does not affect the functionality of the app but maybe it will affects other things like quota or apps store.
Hope this helps
I have implemented a server-side login flow for a facebook page management application to allow my users to grant the necessary permissions to this application. So far, this works nicely and allows my application to obtain a "page access token" after being granted the manage_pages permission.
However, during the login flow, the facebook UI on facebook.com requests both the manage_pages permission (which is what I asked for) and the permission to see the list of friends of the user (which I did not ask for).
To be specific, I redirect the user to https://www.facebook.com/dialog/oauth?client_id=...&redirect_uri=...&state=...&response_type=code&scope=manage_pages.
Is there a way to convince the facebook UI to not request permission from the user to see his list of friends ?
For reference, since I spent a good amount of time researching an answer to that question, I believe that it is impossible to explicitely not request permission from the user to see his list of friends. The Facebook documentation hints at this by stating that these are the "default" permissions that every application gets.