I'm using Instafeed.js for a client's site:
http://instafeedjs.com/
I've included the script, got my access token & userID. I obtained these by scrolling down to the 'Getting images from your User Account' section of the aforementioned page, and clicking the link at bottom: Don't know your user id or token? Click here to get one.
My code:
$(document).ready(function() {
var userFeed = new Instafeed({
get: 'user',
userId: clientsID,
accessToken: 'MY_ACCESS_TOKEN',
template: '<img src="{{image}}" />',
target: 'instafeed',
limit: 6
});
userFeed.run();
});
I've created an empty div with the 'instafeed' id. The div is being populated with 6 empty a tags, each with an empty image tag. I don't have any console errors.
In the instructions on this site, I'm told to
"make sure your token is set to basic authorization, which only allows
GET requests. If you aren't sure what scope your token has, check
under your account page."
On my account page, I have an 'Instafeed.js' application set up, but the only option I have is to revoke access. I cannot edit or see any other options, so I'm not sure if this could be related to the problem.
Any help would be greatly appreciated!
All tokens issues by the API are given the basic scope, unless the scope was specified in the authentication request.
From the Instagram API Docs:
Currently, all apps have basic read access by default. If all you want to do is access data then you do not need to specify a scope (the “basic” scope will be granted automatically).
You can verify which scope the token has by visiting the Manage Applications page. Each application will display what kind of access level it has. A basic permission set should say something like "Access your basic information":
So you shouldn't need to do anything to set the token's permissions, that's all handled when the token is created. If you used the helper link on instafeedjs.com to get that token, then all the permission levels should already be taken care of for you.
In case someone else runs into this issue, my problem was actually a conflict with Shopify's template engine. When I removed the template option everything worked fine, thanks to Steven here who actually responded to my email! This dude is killer.
In Shopify, if you drop the configuration script into a new "asset" labeled instafeed_config.js and then call it with
{{ "instafeed_config.js" | asset_url | script_tag }}
after loading
{{ "instafeed.min.js" | asset_url | script_tag }}
then you are able to use the Template feature.
You can adjust the template section.
Change the following:
img src="{{image}}"
To:
img src="http:{{image}}"
Related
I'm trying to implement facebook login/autoregister for a website. There is a problem with the requested scopes.
First I have tried to use the "default" scope. According to the official documentation, it provides access to a subset of the UserData structure. It is documented here:
https://developers.facebook.com/docs/facebook-login/permissions/#reference-default
However, if I try to do this, then I get an error:
Invalid scope: default
I have also tried to use something basic first. For example, scope="id". Then I get this error:
Invalid scope: id
If I try scope="email first_name last_name middle_name name picture" then:
Invalid scope: first_name
The only that worked so far is scope="email", but that is not enough for auto registration.
Moreover, the documentations cleary says that "All permissions, except the Default Public Profile fields, require Facebook Login and Client OAuth Login enabled for your app to allow Users or Pages to grant your app these permissions." (you can read this on the top of https://developers.facebook.com/docs/facebook-login/permissions/ ). So it seems that the scopes are not invalid because I don't have Facebook Login enabled for my app. They are invalid for some other reason - maybe because the don't exist?
I wonder why are these scopes documented if they are invalid? And where can I find the valid ones?
Side note: it seems that Facebook does not follow RFC 6749. When there is an error, the Oauth2 server (https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2 more specifically 4.1.2.1 error response ). But Facebook does not do this. It displays a popup window on facebook.com instead, and if I press "OK" on that window, it enters an infinite loop and keeps displaying the same message again and again: "You are no logged in". (Why would I?)
UPDATE: Even though I used scope=email only, the /me api returned all fields, including first_name, last_name, email, and profile picture. So maybe those things are not scopes, but field names. But it is still unclear what scopes are available? The documentation still seems bad. It should clearly tell which terms are scopes, which are field names from data structures. And a complete list of scopes is still missing from the docs (or maybe there is a list, just I couldn't find it?)
The docs are indeed a bit misleading, but "default" is not a permission/scope, it just tells you want data you can get WITHOUT an additional permission. You can find the available permissions in the link of your question, if you just scroll to the top. Only that list is important, for the default fields there is a link "Default Public Profile Fields", but - again - no scope/permission is needed.
And yes, there is a big difference between scope and fields. For example, the email field can be used after authorizing with the email scope, but the birthday field requires authorization with the user_birthday permission. Fields can be found here, for example: https://developers.facebook.com/docs/graph-api/reference/v3.1/user
I've created a page on Facebook without creating an account. This means that a default account is created with the page_id the same as the account_id.
When I try and perform a graph call to the tabs on the page:
/<page_id>/tabs?auth_token=<auth token>
I get an empty "data" representation:
{
"data": [
]
}
Even though there are application tabs installed.
Add the tab_id makes no difference, I get the same response.
I'm guessing the page is getting confused as the account but I cannot find any way to distinguish the difference between the account and the page.
Does anyone know if it is possible to retrieve the page information another way?
Double-check that the access token you're using is the Page Access Token - this is the most likely reason this will fail to return an answer
I'm using the Javascript SDK inside a node.js (Express) App.
Connecting Users works fine, but the connection does not persist between page reloads.
Is this the default behaviour, or is the User supposed to stay connected in new requests?
Do I have to use OAuth token authentication and if so, how can this be done with the JS-SDK?
Inside the "Permission"-Popup, Users are already logged in with soundlcoud, though.
(just have to click the "connect" button each time)
Figured I'd share my answer for those who are unsatisfied with the current answers for automated oauth:
Retrieving access_token:
I had to define get and set cookie functions and then I use the functions to set and retrieve a function holding the access token. I'm not going to give these functions for conciseness but you can easily find them with a google search. I then use this line of code to get the SC access token (once the user has authenticated for the first time)
SC.accessToken()
Setting token:
So this is kind of just an elephant in the room in my opinion that for some reason no one has mentioned. How in the **** do you connect w/ SC using the access token? Do you set it as oauth param? On each call pass it? Well, after experimenting with putting the parameter in every single place I could think, I found out you have to do something like this:
SC.initialize({
client_id: '[removed for security reasons]',
client_secret: '[removed for security reasons]',
redirect_uri: '[removed for security reasons]',
access_token: getCookie("sc_lm2"),
scope: 'non-expiring'
});
//Where "sc_lm2" is the name of my cookie
Hope the helps! Took me a while to figure this out for such a simple thing
EDIT
Using PHP and Wordpress:
$json = wp_remote_get("http://api.soundcloud.com/users/[user_id]/tracks.json?client_id=[client_id]");
$soundcloudData = json_decode($json['body'],true);
(substitue cURL functionality if you're not using Wordpress). #krafty I assume you would just change the endpoint from "/tracks" to "/users" but I can't say I have ever really needed to grab anything but tracks using the Soundcloud API. Hope this helps, though I'm not sure I fully understand what it is that you are trying to accomplish (or rather, how exactly you're going about it) - are you trying to allow user logins? If you want to explain fully what you're trying to accomplish and the steps you're taking I'd be happy to take a crack at it.
Yep, this is the way to do it, officially. :)
For the Next SoundCloud site, we store the token in localStorage (until the user logs out, of course). In each AJAX request to the API from the front end, we put the oauth token in a request header:
jqXHR.setRequestHeader('Authorization', 'OAuth ' + the_oauth_token);
I'm using devise/omniauth to do facebook authentication and works great. However, I would like to add a flow where an existing (non-facebook) user has ability to connect his account with facebook. This would require different facebook permissions. so i can't seem to find two things
how to use devise/omniauth to request facebook connect without logging out current user
request different extended permissions from user (different from those specified in the devise configuration file)
any ideas? thanks
Answer to 1 is pretty easy: just add a if path into the omniauth_callbacks_controller::process_callback method like this
# If a user is signed in then he is trying to link a new account
if user_signed_in?
if authentication.persisted? # This was a linking operation so send back the user to the account edit page
flash[:success] = I18n.t "controllers.omniauth_callbacks.process_callback.success.link_account",
:provider => registration_hash[:provider].capitalize,
:account => registration_hash[:email]
else
flash[:error] = I18n.t "controllers.omniauth_callbacks.process_callback.error.link_account",
:provider => registration_hash[:provider].capitalize,
:account => registration_hash[:email],
:errors =>authentication.errors
end
redirect_to edit_user_account_path(current_user)
This is what I do in my application and it works fine.
Regarding question 2 I do not know how to support 2 different facebook authentication configurations however I have hard time seeing how that is useful to users since they need a consistent experience across both path: "sign in using facebook" and "link your account to facebook".
(If you still want to pursue this path one idea I would explore is to create a new facebook application with its independent keys and configuration...)
Hope this help.
One simple way to implement multi-tier permissions is to use Facebook Javascript SDK(in addition to omniauth, if you want). You can simply specify different "scope" parameter, which specifies permissions required, at each call you want. What I'm doing is making omniauth provide a basic set of permissions, then, after the user has connected through omniauth(and thus stored their data in our DB), if further permissions are needed, we show them JS-based buttons which provide expanded sets of permissions. If you want to check what particular permissions a user has granted to you, you can simply use me/permissions API call.
I've been messing around with the graph API and have been able to access my own information just fine. However, when I attempt something like:
https://graph.facebook.com/999999/likes?access_token=xxx (where 999999 is a friend's ID)
I get a blank graph like so:
{
"data": [
]
}
Keep in mind I'm doing this all manually for the time being. This is the URL I used to request permission from my profile:
https://www.facebook.com/dialog/oauth?client_id=xxx&redirect_uri=http://www.google.com&scope=email,read_stream,offline_access,user_likes,friends_likes
It all works hunky-dory and I get my access code, yet I still receive the blank graph. Suggestions?
Thanks.
Have you tried multiple friends? Your friends can configure what information third party applications can have access to, of theirs. For example I could limit applications that you use to not see anything about me, if we were friends.
Also you could check in account --> privacy --> settings --> applications and see if your application in fact has the permissions you think you granted it as a user.
-Kevin
I agree with kevin. You need to request permissions first to get at the info and you also need to be prepared that you will get a blank list.
I suggest that you use an already built api as it will save you a lot of time. I've recently released one here that should get you going in no time at all.
The code looks like this:
Dim FB As New SessionInfo("[access_token]")
Dim Req = New Functions.Requests(FB)
Dim U = Req.GetUserInfo("[userid for friend]")
Response.Write(U.name)
Also you can get a list of friends by calling this
Dim FL = Req.GetFriends()
For Each F In FL
Response.Write(F.name)
Next
I have come to notice that even though an application can request (and be granted) certain permissions, e.g. to access Likes, it doesn't necessarily mean that an application will be able to access this information.
I'm not a 100% certain of this but there might be two instances where e.g. requesting a users Likes results in an empty data set even though the right permissions where requested and granted by the user:
The user has set custom permissions in his/her privacy settings
not make public the information (e.g. Likes). Basically, customized
permission settings overrule the granted permissions that an
application requested.
The user is under 18. https://www.facebook.com/help/?page=214189648617074