Looking at this page
https://developers.facebook.com/docs/reference/login/extended-profile-properties/
it seems that a Facebook users can allow an application to access pretty much everything about their friends (including notes and photos); this seems really strange to me and I am wondering if there is any limitation. If user A decides to share some pictures just with his close friends and one of this close friend (user B) uses the App XYZ that requires friends_photos permissions, pictures of user A at some point can be viewable by all the user of the App XYZ.
Is this exactly what happens or there is any kind of limitation?
You might say that user B could anyway publish the pictures of user A, for example on flickr, even without using the app XYZ but I think the case is very different, if there is a third-party between, the risk of loosing the control on the content is much higher.
Related
My latest project has (had) a requirement for the user to invite their friends to their online service. I discovered that, apparently, as of April 2015 with the new v2.0+ Facebook Graph API, you cannot actually get a list of friends for the user, unless those friends are already subscribed members of your app.
The scenario:
My app is a web service that lets the user collaborate on research work in a private group online. The user needs to
look up their list of friends,
set permissions their friend will have in the group, and
send them an invitation both join the service, and the specific group. (using a unique, one-time use link tied to each recipient)
The user would (ideally) receive an invitation with a specific link for them to not just become a subscriber of said online app, but specifically to join the group they were invited to (i.e. not just a generic "hey, check out this app" type of invitation).
The expectation:
The user doesn't care whether their friend is already a member of "MyApp.com". They expect to simply look up their friends just like they do today from their phone when they connect it to Facebook (makes all contacts available, regardless of whether those friends connected their Facebook to their phone, respectively). Likewise, compare inviting members to your Google docs, for example: look up your contact, set permission, send invite - so easy. Users demand this UX simplicity today and do not distinguish or care whether they are dealing with email, Facebook, Twitter contacts, whatever.
The problem:
The entire point of a social network is to be, well, social. If the Graph API only lets my app access friends that are ALREADY users of my app, it completely defeats the entire purpose - it cuts my user off at the knees, kills UX, no more ability to actually contact their own friends. My understanding is Facebook made this change to prevent developers from spamming users, and I get that, I completely support that. HOWEVER, my company and my app are not the ones that are trying to invite friends for it's own purposes, it is the USER and THEIR OWN friends that THEY have the right to access and converse with for their purposes (or so you'd think). Beyond just friends list, even if I had that, I think there are additional hurdles and limitations with posting messages to friends, even private (not wall) messages, which again would be anti-social.
The Question:
Am I understanding Facebook limitations properly, and if so, what is the work-around? I'd be ok with such an API being locked down until you pass a review that proves you aren't spamming users, but I did not see such an option.
Facebook supposedly prioritizes users over developers, and these changes were made because if the user is not comfortable with privacy (don't spam my friends), then they wont be users any longer, and that obviously affects developers and Facebook. OK, but did they not realize that by locking it down this extreme just killed UX for the user in legitimate scenarios? And to my original point, not just a little, but paramount - the result quite literally is that on April 30, 2015, Facebook became anti-social. Surely this is not inline with their mission. Surely there is a better approach.
If your app is not a game (which I assume), the only viable option would be the Message Dialog as desribed at
https://developers.facebook.com/docs/apps/faq#friend_invite
If your app is not a game and has a mobile or web presence:
You can also use the Message Dialog on iOS and Android, or the Send Dialog on Web. These products let a person send a message directly to their friends containing a link to your app. This type of message is a great channel for communicating with a smaller number of people in a direct way. The Message Dialog and the Send Dialog both include a typeahead which lets the person easily select a number of friends to receive the invite.
You might also find App Invites useful but I beleive it's only for iOS and Android apps and might not exactly fit your use case:
https://developers.facebook.com/docs/app-invites
App Invites are a content-rich, personal way for people to invite
their Facebook friends to a mobile app.
As far as I know, you can only tag friends of the account associated with the access_token currently in use. This means that if I want to be able to make an app to share photos on facebook with a tagging functionality, it's mandatory that I make an authentication system, where the user needs to type his password to login on FB and I request and store his sixty_days_access_token. This approach is fine for web apps, but is troublesome if I have to implement a desktop touchscreen interface where the users interact with the system in an environment where anyone can watch him typing his user and password. I'm facing this problem with a public touchscreen, where the users can take pictures and send it to Facebook. The interface is implemented with C++ and the curl library. As the touch is in a very crowded environment and the screen is big, we experienced that the users are intimidated to enter his acc/pass. We worked around this problem by creating a fan page to the event where we store all the photos. As we already have the fan page admin access token stored, we don't need to login the users but clearly we are not able to tag any of the user friends, which vastly reduce the viralization potential of the solution.
So, having this problem in mind, how can I face this?
Do I really need to make an authentication of the users to be able to
tag their friends?
Is there any creative solution?
Yes, if you want to tag a user or their friends in a post, you need them to log in - this is a requirement of the Photo tagging API.
The only alternative i can think of is to give the user a URL they can go to later (e.g. on their phone or PC) which will prompt them to authorise your app and do the tagging at that time.
Would it be possible to have an app that returns the friends of friends of the current user that have the app installed? I understand that this may be impossible due to privacy issues, but is there not some sort of requirement that can be imposed when the app is installed to make this information public to everyone and so to the current user?
EDIT:
In fact, users will be entered into my own database so what I really need to be able to do is search through all of a user's friends and for each one query whether they have any friends who match a name/id in my database.
Nope, apps can only access information for friends of the current user, but not for friends of those friends again.
Otherwise, the “operating distance” of an app could be quite huge, without people even knowing what way an app was able to get access to their information (or that it even did get access at all) – look at it this way:
If you do not want to generally disallow apps to access some of your info when friends are using them, because it has some (social) benefits from your standpoint, but you have this weird guy/girl amongst your friends, who’s using sh*tloads of apps and giving them friends-permissions all the time … well, no problem, unfriend him/her, and all’s well. But now let’s say, that guy/girl/dude/whatever is not directly friends with you, but only with your younger brother (who you’re FB friends with in this scenario, of course) – you’d have to actually unfriend your brother for this to stop … and, not knowing your little brother (or whether you even have one) – I’d still guess this would not be what most Facebook users would want.
This is my first post in this facebook's stackoverflow forum. My background is on wireless baseband prototyping on FPGA platform and do not have any prior experience with facebook development. Now i have a chance to work on social network related development work and i'm quite excited. Anyway above is just my background introduction.
Here i want to create a virtual Facebook user. Imagine you are interacting with your refrigerator on Facebook. This is the kind of concept we want to show.
Following are the functionality i would like to have at my virtual's facebook account..
1) recognize real friend check-in and messages posted on his/her wall.
2) ability to write messages on real friend's wall.
3) recognize messages posted on virtual account's wall.
4) ability to write message on virtual account wall.
How can the virtual account be equipped with such functionalities? Can i achieve by writing a facebook application? Please advise the direction i should look at.
Cheers,
Phone Naing
The facebook api lets you query their graph but it requires an access token to do that.
There are 3 main token types: User, Page and App.
Your app would be able to get an app token easily but it's limited to public data only, like data of public pages.
For a page and user tokens you'll need the actual user to interact with your app in order to get the token.
You can get the friends check-ins, feed, images, events and so on by asking for the right permissions from the user (there are user permissions and friends permissions).
You can also post to friends wall with the "publish_stream" permission.
For "recognizing" posted items on a user wall you can either recheck the user feed every once and a while and compare what you had and what you get or use the Real-time Updates.
With all of that said, I seriously doubt that you'll manage to pull something like that with the current limitations of the facebook api.
Let's start with the fact that facebook does not like profiles to be "vritual", they want the profiles to be of real people.
Of course that there are plenty of virtual profiles but they can remove them (and sometimes do).
Even if you do have these virtual profiles, since they are virtual they won't interact with your application using facebook, that is won't be logged in to facebook via their channels (web interface, android or iOS, etc).
Because of that you won't be able to get a user access token which you need for all of the information you want.
Since the deprecation of the offline_access permission there's no way to have a token which is valid for a user for more than about 2 months, which means that for each "virtual user" you'll need to log him in to facebook and then interact with your app to get a new token.
You can create a page instead of a virtual profile, which will also be fine with facebook.
But here again, you need a user to actually interact with facebook and your app to get a valid page access token, and even if you get that, it's not enough for the data you want to ask for.
To put it all together:
I think it can't be done.
I have a tough situation here. When a User A logs into my website he authorizes me to pull out his information from facebook. Now what I am doing is searching User A facebook friends present on my website(suppose I got User B)..and then showing User A information of User B friends. Now I am getting very limited information of User B friends even if User B has authorized our site to pull out information of his friends.
Please give your input.
User B would have to have very open privacy settings for you to get information on them, unless they have also allowed your application. The default settings are pretty relaxed, but I suspect lots of people, like me, disable everything.
Ignore the red circle, that was for another answer along similar lines.