I am making a system where users can log in a see stats of Facebook pages I administer.
I don't want the users to have to log in each time they visit the site, and more importantly they will only be able to see the stats for all pages if it was my account that was logged in.
Is it common practise to log in with my account, get an extended access token and store in a database so future users don't need to keep logging in via Facebook to see the stats?
You could make use of the "manage_pages" extended permission. If your application received this permission via an User Access Token, it could call
/me/accounts
with this Access Token and receive the Page Access Tokens for all Pages this User administers. With these you could access the Page insights of the respective Page.
Related
I've been reading documentation and Stack Overflow link all morning, but I'm just not understanding the correct process to authorize a web server to post to a Facebook page wall.
What I'm not clear on is why I have to post to Facebook as a Facebook User, using an access_token, meaning that this user has to log into Facebook manually to authorize my app.
I'm not trying to authorize a User, nor any of my visitors to do anything with their accounts, so I don't need any permissions from them. Instead, I'm trying to authorize my Web Server to post updates to its wall as a specific Page.
Why do I have to use a user access_token to do this? I'm not attempting to impersonate the user, I'm trying to post to the page as the page...
Is it possible to authorize a user and get their access token without having to create a login page on the Web Server? I don't want to have to require the user to login to make this work, I thought that was the point of having an app ID and Secret?
I guess my question is this: Is it not possible to allow a web server to post to a Facebook page wall as that page, without having to present a login dialog to a specific user? If it is possible, what is the correct workflow to set this up?
In order to post to a Page as a Page, you have to use a Page Access Token. You get that with a User Access Token, and you can extend it so it will stay valid forever.
Steps:
Request a User Access Token with the manage_pages permission (valid for up to 2 hours)
Extend the User Access Token (valid for up to 60 days)
Get the Extended Page Access Token for your Page with the User Session
Store and User The Page Access Token in the publish call
It may sound a bit complicated, but there are many tutorials for this and you donĀ“t actually need to program it, you can just use the Graph API Explorer.
Here are some Links about the Access Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/ (see "Extended Page Access Token" for a step by step tutorial)
I am wondering if it is possible to obtain an extended access token for facebook pages that do not have a facebook profile set as it's administrator. I see it is possible to create a facebook page without setting a user profile as the admin and having those pages auth with my app.
For pages that do have a facebook profile as it's administrator, I am able to extend the short lived access token when requesting the manage_pages permission. But I'm not if there is no user associated with it.
The documentation describes this process for extending page tokens.
Apps can retrieve a Page access token from Page admin users when they
authenticate with the manage_pages permission. If the user access
token used to retrieve this Page access token is short-lived, the Page
access token will also be short-lived.
To get a longer-lived Page access token, exchange the User access
token for a long-lived one, as above, and then request the Page token.
The resulting Page access token will not have an expiry time at all.
Extending Access Tokens Documentation
I am wondering if it's possible to obtain extended access tokens for pages when there is no admin associated with the page.
All pages must be owned by a user account, either a regular user account or a business account - and both work in the same way as far as the API is concerned, at least for login (business accounts don't have names, a timeline, friends, etc so are obviously not the exact same, but they log in and grant access to apps the same way)
I just tested a few minutes ago using the my app, a business account and the server side oauth flow and received a long expiry (approx 60 day) token correctly when exchanging the business account's code for an access token
I was then able go through the flow again, this time asking for manage_pages permission and was able to use the token to retrieve a non-expiring page access token for a page the account manages using the regular process (a call to /me/accounts or `/?fields=access_token)
I have an app, and I can write to user's walls with it, having requested the publish_stream permission when they sign in.
I've also created a page and a group, and would like my app to be able to write to those. (Specifically, I want my back-end server to post some updates to those periodically, without a user being involved.) The ability to do this seems to be implied by the descriptions of the /feed parts of those here https://developers.facebook.com/docs/reference/api/page/ and here https://developers.facebook.com/docs/reference/api/group/ . However, I can't seem to find a way to authorize the app to write to these pages. Those docs say it can be done if you have publish_streams and manage_pages. OK, but how do I grant those to my app?
In the user case, you request those permissions when the user signs in via the OAuth flow. However, the page and the group never sign-in, so there's no way for them to grant the app permission. I looked around the settings pages for the group and the page, and couldn't find anything that will let me add the app. So how do I give the app the required permissions to post to the group and the page?
Found it!
http://developers.facebook.com/docs/reference/api/application/
http://developers.facebook.com/docs/howtos/login/login-as-page/
"Application Page Access Tokens
To perform the following operations as an Application Page, and not the current user, you must use the Application's Page access token, not the user access token commonly used for modifying Graph API objects nor the Application access token. This access token can be retrieved by issuing an HTTP GET to /USER_ID/accounts with the manage_pages permission. This will return a list of Pages (including Application profile pages) to which the user has administrative access, along with an access_token for each Page.
Note: Applications that are configured as Native/Desktop apps will not be able to make API calls that require an application access_token."
So:
I went to http://developers.facebook.com/tools/explorer/ and, as me, created an access token with "manage_pages" permission.
I then went to https://graph.facebook.com/$myname/accounts?access_token=$accesstoken
and it gave me a list pages and apps that I had given permission to. I copied the access_token from the relevant page, and pasted that into my code, so that the server-side create event code always used that access token.
And it worked!
Is it possible to somehow get an access token to use the facebook api like a user that clicked "use facebook as "?
What I'm trying to do is to allow my website to post messages to the facebook page's wall. I already have an app which I use to allow my users to login with their FB account. However, I'd prefer not to require a page admin to authorize full manage_pages to my app. I already added the app to my FB page, but there are no options to give that app some permissions for my page.
Of course it's possible.
In the official documentation page about Permissions it's written:
Page access_token
An access_token used to manage a page. This is used
when you want to perform an operation acting as a Page. This access
token is retrieved by issuing an HTTP GET to /USER_ID/accounts or to
/PAGE_ID?fields=access_token with the manage_pages permission. Getting
/USER_ID/accounts will return a list of Pages (including app profile
pages) to which the user has administrative access in addition to an
access_token for each Page. Alternatively, you can get a page access
token for a single, specific, page by issuing an HTTP GET to
/PAGE_ID?fields=access_token with the manage_pages permission (you
must ask for the access_token field specifically via the fields=
parameter). See the documentation for the Page object for more
information. NOTE: After November 1, 2011, manage_pages permission
will be required for all access to a user's pages via this connection,
i.e. for both reading the user's pages and also retrieving
access_tokens for those pages. See the documentation for the User
object for more information.
I used the graph api in order to connect the user and publish an event on its wall.
But if I am connected as a page, I get this error message : "You need to be connected as a user and not as a page to run this app"
But I which I could publish my event on a fan page.
Here is my TOKEN_URL
How shoud I do to be able to publish on my fan page.
How can I enable that ?
To publish "on behalf" of a Page, you need to use a Page access token. To get a Page access token, first get an access token for a user with the manage_pages and publish_stream permissions:
https://graph.facebook.com/oauth/authorize?client_id=YOUR_APP_ID&
redirect_uri=YOUR_REDIRECT&scope=manage_pages,publish_stream&type=user_agent
Then, using the access token you get as a result, do a GET of:
https://graph.facebook.com/me/accounts?access_token=ACCESS_TOKEN_FROM_STEP_1
Here, you'll find the list of the Pages the user is an admin of. Here you can grab the access token for one of these Pages. Now calls you make will be made on behalf of the Page. Now anything you try to post will be posted as the Page. If you are trying to create events, you may also need the create_event permission.
To see how this works, you can test this out using these URLs in your browser or in the Graph API Explorer.
You need to get an offline access token with the manage_pages permission for the user that created/owns the fan page. After obtaining the user's access token, then you need to get the page's access token.
See this answer with code for details:
How can I use 'manage_pages' permission with the SDK on Facebook?
You could log in as the administrator of the page and create an offline access token for that user.