How can I get hold of an App where the only Developer with Admin Access is not reachable? Can I recover and administrate the App using my App Id and Secret Key?
I think that's a problem, because you can only add a role to an existing app via the Graph API if you have a User Access Token of one of the administrators of this app:
https://developers.facebook.com/docs/graph-api/reference/app#roles
An App Access Token (which you could generate with App Id and App Secret) is not enough.
Related
Am trying to get the fb reports, better way is to use facebook internal functionality to get reports. But for that i need app id and app secret, i have access token with that token is it possible to fetch app id and app secret?
First, I have use Facebook App ID & Secret ID, then Login with Facebook and get Access token,
I have changed the my Facebook App ID & Secret ID, but, affect the existing user Access token.
How do I get new Application Access token without Login with Facebook?
Changing your App ID effectively means you've created a new application. Since the access_token is tried to a particular App ID and Secret combination, you cannot transfer existing users over to the new App ID. Furthermore, Facebook Platform Policies does not allow sharing of user information between different application - you'll just have to get users to login into the new application.
A while back I created an app ID on facebook and added the appropriate meta data to a website. I now want to continue adding facebook-related features to the site, but it seems the app is not related to my account afterall.
I must have created it under a different account or something, but how can I find who the owner is based on an App ID? I have existing likes, so I don't really want to change the App ID. I don't see any way in the UI, and I do not see the app when I go to the Developer app. Is there a way to do it using the Graph API?
If you have access to the app id and the app secret but no access to the app within Facebook it is possible to discover the creator_uid and from there the email address of the app owner using the graph api.
First get an app access token:
https://graph.facebook.com/oauth/access_token?client_id={APP_ID}&client_secret={APP_SECRET}&grant_type=client_credentials
With this you can get the creator_uid:
https://graph.facebook.com/{APP_ID}?access_token={APP_ACCESS_TOKEN}&fields=creator_uid
Using the app token you will then get the email address when looking up the creator_uid in the graph api:
https://graph.facebook.com/{creator_uid}?access_token={APP_ACCESS_TOKEN}
EDIT (Jan 2013)
Looks like Facebook have removed app profile pages so that method no longer works.
Option 1
You could return the app object, which stores all the populated information about the app by requesting:
https://graph.facebook.com/xxxxxxxxxxxxxxx
Option 2 (This method no longer works)
Or, you could visit the app's profile page and contact the developer directly using the 'contact developer' link:
http://www.facebook.com/apps/application.php?id=xxxxxxxxxxxxxx
(you'll need to replace xxxxxxxxxxx with your app id)
I got this working. If you have both app id and app secret then you can try below steps to get the owner details.
Get the access token using id and secret of the facebook app.
https://graph.facebook.com/oauth/access_token?client_id={APP_ID}&client_secret={APP_SECRET}&grant_type=client_credentials
Using the access token you can call the below API to get a list of administrators of the app.
https://graph.facebook.com/{APP_ID}?fields=id,name,roles&access_token={ACCESS_TOKEN}
Retrieve the owner profile details by,
https://www.facebook.com/{USER_ID}
I have a similar problem, in that I have the id and the secret but no access to the app within facebook.
I haven't found a way to see who owns does have access to the app. But I have found a way to contact a dev
First get the app access token.
https://graph.facebook.com/oauth/access_token?client_id={APP_ID}&client_secret={APP_SECRET}&grant_type=client_credentials
Then get the address:
https://graph.facebook.com/{APP_ID}?access_token={APP_ACCESS_TOKEN}
I'm developing an mobile app on the iPhone.
After creating an app on Facebook/Twitter, I received 2 keys:
Facebook call them as app ID and app Secret
Twitter call them as consumer Key and consumer Secret
When I use OAuth authorization as some tutorials on Google, my app must provide both keys to proceed. I'm confused as to why it needs 2 keys. As their names (id and secret), I guess that their roles is equal to public/private keys pair in Linux. But I must provide both 2 keys so that my app proceeds.
I want to place the secret key in my own Apache/PHP server, the secret place, not in my app's code. My app is only responsible for authorization, then my server proceed with other tasks, as posting,...
The app id and consumer key are identifiers of your app. The secret is what you share with the service provider in order to authenticate requests and such. Like a username (identifier) and password (secret).
The secret must not be shared - this is in the developer policies. Doing so would allow other to access the data of your app users which would obviously be a serious privacy breach. So you are right to plan on keeping it out of sight. Your app id is publicly available to anyone, so you can put that where you want/need.
AppID is used for authentication, appSecrect is used for other tasks.
Consider these two documents of Facebook and Twitter about authentication for web app for more detail:
http://developers.facebook.com/docs/guides/web/#login
https://dev.twitter.com/docs/auth/oauth
Consider this flow for an implementation Facebook/Twitter app on mobile if you have an own server for the secret:
OAuth Twitter with only Consumer Key (not use Consumer Secret) on iPhone and android
I am creating a web application that is trying to use "public" Facebook content.
It is not your traditional "Facebook Application" because I'm not actually signing up Facebook users to use it, but the users will be all server-side.
I've come to a point in which I am having to use an "access_token" for certain "public" pieces of content and I have been able to generate a app access_token but this does not work for the public data I'm interested in accessing.
access_token's created via
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=client_credentials
do not work for
https://graph.facebook.com/chickfila/notes?access_token=CODE_FROM_ABOVE
which is publicly accessable w/o login here...
http://www.facebook.com/ChickfilA?sk=notes
Any way to give an app itself a user-level access_token?
I had a very similar problem with publicly available event data. What I had to do was to create an offline access token for the admin of the application.
So, log in with your admin and open the following URL (replace APP ID with your ID and eventually you need more permissions, but read_stream and offline_access should do the trick):
https://graph.facebook.com/oauth/authorize?client_id=APPID&scope=offline_access,read_stream&redirect_uri=http://www.facebook.com/connect/login_success.html
This will give you a code, that you will paste in the following URL (with your APP ID and SECRET):
https://graph.facebook.com/oauth/access_token?client_id=APPID&redirect_uri=http://www.facebook.com/connect/login_success.html&client_secret=SECRET&code=CODE
This will give you an access token that should work forever (or until you change your password).
Recently I used the access token freely available from the Facebook Graph Explorer which will let you browse different graph resources and will let you specify what permissions you need. For this you can tell it you want offline_access and that token can be used to pull this information whenever it is needed without worrying about your token expiring.
Create an user just for your app and let the user authorize your app and get the access token and use it for this kind of data fetching. Some manual work but as long as you have some user authorized access token you should be able get the public contents.