i am trying to use facebook api.i get the short term access token.now i can get longterm fb access_token.its validity will be around 60 days.In google apis there is a refresh token.using that we can get valid access token again and again.there is no such way in facebook so that we can get a new long term token without user to login again.i am creating a server app which will retrieve a user's post on daily basis and i dont want them to restrict to again login after 60 days .is there method possible.please guideline.
As explained in the docs, you have to send the user through the login flow to get a new access token. However, as long as you haven't added any new permissions and the user is already logged into Facebook, they won't have to login or grant access to your app again -- they will be immediately redirected back to your app.
Related
Facebook documentation states that
. At any point, you can generate a new long-lived token by sending the person back to the login flow used by your web app - note that the person will not actually need to login again, they have already authorized your app, so they will immediately redirect back to your app from the login flow with a refreshed token - how this appears to the person will vary based on the type of login flow that you are using, for example if you are using the JavaScript SDK, this will take place in the background, if you are using a server-side flow, the browser will quickly redirect to the Login Dialog and then automatically and immediately back to your app again.
What does it mean that the person does not actually need to login? Does not he have to pass his credentials again? If not how does FB is authenticating the user and getting the refreshed access token?
Yes but you need that the user visits your web app. Then you check for login status, if it is "connected" you will get a new short-lived token without even making the user login again. That's because the token has information about apps already authorized by user. If not the case or the user hasn't login in FB then you need to call the login function.
Once you have the token you can create a new long-lived token again.
I want my application to post to a single, pre-defined user's wall something like "We just posted a new blog at [URL]" with no client-side interaction.
But every answer I can find on this topic seems to hinge on getting an access token through
https://graph.facebook.com/oauth/access_token
Which gives you some redirect url through which a user has to log in manually.
I've got near zero experience with Facebook. Is it possible to automatically get an access token for a predefined user? Am I doing it wrong? ;)
You can't.
Facebook doesn't give you a way to automatically get an access token for a user. That user needs to log into Facebook and explicitly give your app permission. The best you can get is a long-lived access token that remains valid for up to 60 days.
Getting that token requires a two step process:
1) Logging into Facebook using either the JavaScript API or redirecting the user to a valid Facebook login URL.
2) Retrieving the short-lived access token you got in step 1 for a long-lived access token.
Once you've got that access token, should your post fail, you know you need to re-authenticate the user and get a new long-lived access token. Your user needs to be online and logged into Facebook for this to work, though it can happen without their interaction.
I use the Facebook PHP SDK to log in users on my website.
I was experimenting with the "long-lived" access token that expires after 2 months instead of 2 hours. Now I can't get rid of it. It is a problem for me, since it gives me access to the graph API even when the user is logged out of Facebook. I use that to determine if a user is logged in on my site, so it becomes impossible to log out.
I have tried changing the app ID and app secret, as well as deleting my facebook and app cookies, using other accounts, but nothing helps.
How can I get the 2 hour access token back, so I can't use the graph API when the user is not logged in?
The server-side authentication flow will always give you a long-lived access token.
If you want a short-lived one, then you have to use the client-side flow (FB.login from the JavaScript SDK).
So there's an app, let's say it's an app that is capable of delivering relevant news based on the user's choice done the first time he runs the app. Is there a way to post the news to the user's wall without having the user to be online and ideally as the app?
So on his/hers timeline it would look like this (edited image, not a real post from some app, it's just so you get what I mean):
When I use $facebook->api('/me', 'post'), it just creates a post as the user, which is not what I want and does not allow me to post when the user is not logged in.
You can use the server side authentication to get a long lived access token (60 days) which you can then use until the token times out. Then you'll need to have the user reengage with your app to get a new token.
You can get the same thing by using the client side authentication and then extending the token on the server side.
Another options which should work for you is to get an app access token (which does not expire) and ask the user for the publish_stream permission, then:
App access tokens can also be used to publish content to Facebook on
behalf of a user who has granted a publishing permission to your
application.
I'm trying to understand how to make scheduled calls to FQL queries without an authenticated user initiating the query. (Similar to a cron-job, I guess)
I've experimented with trying to implement cron jobs to make FQL queries but haven't had any success.
Could anyone please steer me in the right direction?
You have 3 options:
When the user enters your app use the client side authentication, get a short lived user access token and then extend it using the new endpoint for 60 days.
For those 60 days you can use that user token and do as the permissions the user has granted allow you to.
When the 60 days are over you'll need the user to reengage with your app to get a new token for another 60 days.
Use the server side authentication to get a long lived user token (60 days), then the same as in 1.
If you get the publish_stream permission then you can publish as the user with the app token which does not expire, as it states in Authenticating as an App:
App access tokens can also be used to publish content to Facebook on
behalf of a user who has granted a publishing permission to your
application.
App Access Tokens generally do not expire. Once generated, they are
valid indefinitely.
You may not be able to use the 3rd option, it depends on what data you want to get from the api.
I suggest that you use the Access Token Tool to get a user and app tokena, save the app token somewhere and then test your queries in the Explorer Tool with the user token.
When the user token expires try the same with the app token to see if it can be used for what you need.