Facebook token for searching groups - facebook

I have created an application on developers.facebook.com from my profile. Get APP ID, APP SECRET and generate TOKEN. Now, when I send the request like
https://graph.facebook.com/search?q=media&type=page&access_token=MY_TOKEN
is ok, but when I try to send the request for GROUP, like
https://graph.facebook.com/search?q=media&type=group&access_token=MY_TOKEN
I get the error
The remote server returned an error: (403) Forbidden.
Seems I have permissions problem. I set the permissions friends_groups, user_friends, user_groups to the account, but.. still the same error...
Can you please tall me what am I doing wrong? Maybe I need a different token?

As I understand you're using an App AccessToken for an endpoint (object type) which needs a user AccessToken. See the docs at https://developers.facebook.com/docs/graph-api/using-graph-api/#search
It's stating
"All Graph API search queries require an access token included in the request. The type of access token you need depends on the type of search you're executing.
Searches across Page and Place objects requires an app access token.
All other endpoints require a user access token."

Related

Facebook Access Token is Expired using Facebook SDK PHP

I am trying to link my application to a facebook user account but every time I go through the process of retrieving their profile I get this error:
string(140) "{
"error":{
"message":"An active access token must be used to query information about the current user.",
"type":"OAuthException",
"code":2500
}
}"
The reason I am confused is that when I initially request an access_token from facebook it return a token for me.
string(56) "access_token={app_id}|{app_secret}"
Which I am then told is expired and I don't know why.....
I understand in order to get an access token you must follow a particular workflow.
Client Requests access and permissions via SDK and Login Dialog.
User Authenticates and approves permissions
Access token returned to client
Graph API calls with short-term access token (web) or long-term access token (native mobile)
Based on what I've seen in my code, I get to step 3 but step 4 fails because the token is said to be expired. Does anyone have any idea what I can do to fix this!?
I notice that for step 1 the login dialog is never shown but I still get an access code returned despite this. Could that be something to do with it? This is the way I perform step 1.
<a class="lists" href="https://graph.facebook.com/oauth/authorize?client_id=564083793722908&redirect_uri=<?=urlencode($facebook_callback_url)?>&scope=offline_access,publish_stream,status_update">Connect a Facebook account</a>
Step 2. never seems to occur
Step 3. An access token is returned though. See above.
Step 4. Fails with the above error of expiration.
Any advice?
You cannot request user information with an app access token. You need a usser access token to do that. Your Login process needs to adhere the docs at
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.1#login
to get a user access token. Apparantly, this is not the case with your code.
Furthermore, you're only using permissions which are (long) deprecated. See
https://developers.facebook.com/docs/facebook-login/permissions/v2.1#adding
https://developers.facebook.com/docs/facebook-login/permissions/v2.1#reference

Use "appId|appSecret" as access_token

I've found in documentation that it is possible to use appId and appSecret pair as access_token in the format "appId|appSecret".
The problem, when I'm using this technique with graph API, I don't receive the full information, only some of the fields (permissions are set in the app settings). When I'm trying to use it with FQL I get "A user access token is required to request this resource." exception.
Could somebody route me on the right track how to perform API requests?
My application is running on the server-side, that's why I've chosen these method.
E.g.
When I run GET request on https://graph.facebook.com/me/friends?fields=name&access_token="app_id|app_secret" I get correct response. But when I run https://graph.facebook.com/me/friends?fields=name,notes&access_token="app_id|app_secret" the query returns only friends id's and names. It's worth to mention, that I user has granted access to "notes" for that application.
I think this because this kind of access token can replace the app token, but not the user token.
And with the app token, you can:
This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.
It means that with this kind of token, you don't have any special permission, so your request cannot work.
What you could do is send the user access_token to your server and then use this token to perform the API request.

Posting photos using an app token to Facebook

Several people have asked how to post photos using an app token and the general response seems to be that they should use a user token instead.
However, according to https://developers.facebook.com/docs/concepts/login/access-tokens-and-types/ :
"[y]ou can use app tokens to publish or delete content on behalf of a user who gave your app permissions".
and according to https://developers.facebook.com/docs/reference/api/photo/ :
"To publish a 'photo' object you need
-a valid access token
-publish_stream permission
"
The way I interpret those two statements is that I should be able to POST a photo to .../USER_ID/photos using a valid APP token.
However, when I try to do that I get the message "A user access token is required to request this resource". At the same time I can easily publish to .../USER_ID/feed using nothing but the APP token. It is also possible to submit stories containing "User Generated Photos" with only an APP token.
So an App can do those things with an APP token, but needs a USER-specific token for .../USER_ID/photos? I wonder if this behavior is by design? So far I have not found anything in the documentation to indicate that is the case.
I too was stuck at the same point as mentioned. And the documentation barely helped.
The workaround I used was to take the 'offline_access' permission while logging in and storing that temporary user access token given to the user.
While publishing the photo I used that offline user access token since the app access token didn't work. It worked like it should've although offline_access has been discouraged to be used...it seemed to be the only way for now.

developers.facebook.com issued access token VS OAuth generated

Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.

facebook small issue

If anyone is familiar with the fql query, why am I getting this error for the next query:
https://api.facebook.com/method/fql.query?query=SELECT%20post_id,%20actor_id,%20target_id,%20message%20FROM%20stream%20WHERE%20source_id%20=%20302056140380%20AND%20updated_time%20%3E%201111111
This is the page:https://www.facebook.com/Inna?sk=wall
All I want to do is to retrive the last posts from Inna's wall.
Thank you very much;
You need to provide a valid access_token with the FQL request even though the data is public. You can test it here. You won't need to have any permissions granted to access the feed, but you will need to provide the token.
You will need an access_token of type "Any Valid" as defined here. In short, it means that you can use any access_token that hasn't expired. One easy to obtain access_token is an app access token which you can obtain by going to:
https://graph.facebook.com/oauth/access_tokenclient_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials
You will find YOUR_APP_ID and YOUR_APP_SECRET under your created apps page (or you can create one there if you don't have one).
When you provide the app id and secret to the oauth, you will receive an access_token which you can use for the request until the token expires.