Updating access token for Facebook - facebook

My situation:
On my company's page, there is a sidebar which displays wall posts from the company's Facebook page. The previous admin of the page resigned and made another employee the admin. Now, instead of the wall feed, we are seeing "The user must be an administrator of the page in order to impersonate it." in the sidebar.
I have tried several suggestions from SO, but nothing has worked. This seems ridiculously complicated, but maybe it's just me. Any help would be appreciated.
EDIT
This is the URL I tried:
https://graph.facebook.com/oauth/authorize?client_id=MY_CLIENT_ID&redirect_uri=MY_REDIRECT_URL&scope=manage_pages,user_status,user_videos,read_stream,offline_access

Are you using HootSuite?
The reason is probably that you still use an User Access Token of the old Admin, which is not an Admin anymore.
It'd be better if you use a Page Access Token (if you can set this manually somewhere in your application). You can get a new Page Access Token for your new Admin via the
GET /me/accounts
endpoint if the new Admin is loggend in: https://developers.facebook.com/tools/explorer?method=GET&path=me%2Faccounts

Related

Facebook Page Application - determine if user is admin

Thank you very much for visiting this topic. Currently I'm working on a smaller application that can be installed on facebook pages (not accounts, but separately created pages, like company or fan pages on facebook). I managed to fire up the php SDK for it, even made successful user authentications and played around with access tokens (only user access tokens though).
However my problems arose when I've tried to determine if the current user is an administrator for that facebook page (where the application is installed).
I've done numerous google searches and research into this topic, but sadly I've realised that most tutorials, questions or related topics are all outdated, or they have obsolete solutions.
I kept running into the 'manage-pages' permission when people advised me to go for page access tokens. However in my opinion asking facebook to grant me manage-pages permission, then prompting users to allow me access to everything on their pages during authentication seems a bit far fetched.
I do not want to modify or read their page contents in any way. I simply want a mini admin page for the application that can be opened by only users that are admins of that certain page.
I've seen an edit url that can be added in the settings of the application. However I could not find out what it does, or how can I access it if I add an url there. The related documentation on facebook seems to be out of date.
I would be very grateful if someone can point me in the right direction with this. Basically I'm looking for a method, that does not require me to use the 'manage_pages' permission, but I can still check out if the current user viewing the installed application on the page is an admin or not. (I wonder if facebook supports an other method for this)
Thank you very much for any kind of tips or aid in this matter!
Facebook never gives of fan pages or other pages access.
You have to communicate with facebook page admin and its give a token.
Suppose if you have a permission than it generated token will be you use in your application
how do you do?
1 communicate with admin.
2 Admin generat token from https://developers.facebook.com/tools/explorer
3 go to tools and support than it generated token you use in your application.
Note: "Page of admin can it do to generate token"

The user must be an administrator of the page in order to impersonate it

I am getting this error:
FacebookResponseException in FacebookResponseException.php line 106:
The user must be an administrator of the page in order to impersonate it.
The admin has been changed and the website has a new developer now (me). The feed worked before and I have no idea what else to try... This is everything that has changed or I did to the code:
I am the administrator (one of 4) of the facebook page with my personal profile.
And I am also the owner of the facebook developers app.
I have only changed the .env credentials (the faceboook_app_id and facebook_app_secret).
Any ideas on what could fix this?
I found this similar problem, but I only need to get some of the last posts and the feed, so I dont need to post to the page (like the other question).

Facebook API Post as User Fails if user is Page adming

I have tried just about everything at this point, but I cannot get a like or a comment to show up as my user, if I am logged in as the admin of a page. My app allows people to manage their pages, but even if I pass my user's access token back instead of my page's access token, it still performs the action as though it were the page. This is also true of the Graph API explorer. I've logged into Facebook, flipped over to posting as user, then ran the graph API on the post in question, generating a fresh access token from there and the post STILL showed up as the page! Is this broken? Should I submit this bug to FB?
Yes I have all the required permissions, yes I'm verifying that I'm using the user access token and not the page access token... the Facebook API returns true every time, however, even through the Graph API explorer and not through my app.
http://developers.facebook.com/bugs/408406055876958
This is a known facebook bug, opened in July, with no timetable for fixing it.

Can I publish to pages with an app access_token

As mentioned in this other question, if a user grants the publish_stream permission, I can publish to that user's wall using an app access_token. I tested that and it works. But I couldn't publish to the user's pages using the app access_token! Am I missing something?
Right now I use the /me/accounts/ connection to get the access_token of the pages, and use that to publish. But this is a huge headache for me and for users because these tokens expire often (when users change their password, ...et), and every time that happens the publish fails and I need to email the user to come login again so I can retrieve a new access_token for the page. It's a bad user experience and I'm trying to find a way around it. The app token works for publishing to users, which is great, but I couldn't find a way to make it work for pages. Any tips?
Edit:
To clarify further, I currently request the manage_pages and offline_access permissions, and then fetch the access_token of each page and use that to publish to it. That works. The main problem is that tokens expire, even with the offline_access permission. The most common reason a token would expire is if the user changes her password. Here is a common error that I get a lot when publishing to Facebook pages.
Facebook error. type: OAuthException, message: 'Error validating
access token: Session does not match current stored session. This may
be because the user changed the password since the time the session
was created or Facebook has changed the session for security reasons.'
To handle this, I email the user and ask them to visit our app again, and when they do I grab a fresh set of access_token to work with. But that's problematic because users are confused about why the error happened and blame us for it, and some users don't open their emails so the problem doesn't get solved and then they're angry later when they discover that our app had stopped weeks ago without them asking it to stop.
That's why I was hoping that I can publish with the app access_token to avoid these problems. Since it works for user profiles, I hoped it would work for pages as well. But so far no luck, unless I'm missing something obvious.
What you're describing used to work - all last year we were able to successfully post to fan page walls using the app access token. In fact, for some of our users, I see it still working. However, I think the other two answers are correct, this is no longer the way to post to pages (see "Page Login" here)
That said, you should be able to store the access token of the page to spare yourself the step of re-querying the users' linked accounts.
Unfortunately, the page's access token will suffer the same fragility as a user's, per the answer here: Facebook Page Access Tokens - Do these expire? . The page access token will expire when the user who gave you that access token changes their password.
To publish to pages, there is an extra step where you use their token to get a list of their pages. Each page has its own token, use that token to post to the page. Keep in mind that when setting up the original token, you need to specify that you need access to pages.
my app does exactly what you're after.
I request both manage_pages and offline_access permissions from a user.
I store the user's access_token.
I ask the user which page (determined by me/accounts) they want a stream item posted to and when.
Later, when it is time to publish to a page's feed, I grab the user's access_token from the database, the pageid, and the message.
Using that user's access token, I query the me/accounts and grab the latest access token for that account (aka page)
Using that page's access token, I me/feed (or is it me/posts...away from my codebase at the moment) post the stream item.

Facebook API tab settings security

I am working on a Facebook App that adds a tab to fan pages. Admins of those pages should be able to edit some settings for the tab.
So I created a settings script for that. If an admin wants to edit something, he or she is sent to http://mydomain/settings.php?fb_page_id=theirpageid
How can I verify that the person loading that page is actually authorized to change those settings? For example, if I knew the page ID for some other page that uses my tab (and the id of a page is right in the URL of the page) I could get in to their settings.
The only thing in the request array is the page id.
Thanks in advance,
Tim
UPDATE:
The only solution I've come up with is asking the user to sign in with facebook and then checking the rights, but this is something I'd like to avoid, as it's another step for the user.
The best practice for this would be to authorise user to your admin page with the manage_pages permission.
With this permission you can see what Apps / Fan Pages which that particular user is admin of by making a request to:
https://graph.facebook.com/me/accounts?access_token=VALID_ACCESS_TOKEN
So you can easily judge if the user has valid admin access rights to a page with your application tab installed.