I have never stored Facebook access token of users, but now I need them so I can start publishing on thier behalf.
Is there a way through Facebook's app management interface, to retrieve all the access tokens of users ?
Thanks
No, there is not.
You can only generate user access tokens by having users visit your app/website again – if you embed the JS SDK, it will give you an access token automatically; otherwise (server-side) you will have to send them through the login flow again to generate one.
Related
I am using Facebook as advertising platform to promote my application on Apple and Google stores. I would like to make windows service which will download daily report(s) about advertising status of my marketing campaign running one Facebook, preferably using 60 day token, or some permanent solution so that token is retrieved when required. I think that i understand everything to do this except how to generate access token to use it with Facebook Graph API. Which token for which Facebook account do I need and how to obtain it?
You'll need a Facebook app and to grant that app the ads_read permission in order to retrieve reports about your advertising efforts via the API (source).
You'll want a long-lived token so that you don't have to re-authenticate very often. The access token documentation details the steps to exchange a short-lived token for a long-lived one.
You may also want to consider managing the app, ad account, and access tokens (via a business system user) with the FB Business Manager.
Create a facebook app.
Go to the Graph API Explorer in Facebook's Tools & Support section.
Pick your app from the drop down.
Hit Get Token > Get User Access Token.
In Select Permissions choose required permissions or select them from extended permissions.
Use the user access token that will be presented to you in the access token form input field.
I have started on developing a server side application that requires integration with facebook. My needs is an access token that will not expire, but unfortunately facebook has removed the offline_access feature and replaced with a long-live user access token that will last only 60 days.
I realise that there is an Application Access Token that will not expire. When I use it instead of the User Access Token to fetch the feed, I get must less information.
I have read from other sources that as long as relevant permissions are delegated, such as read_stream is given, using the application access token should allow the server-side application to access the users information that accepted the facebook application.
Am I mistaken ? Can anyone help to clarify ? Thanks
Thanks
Excerpt from: https://developers.facebook.com/docs/opengraph/using-app-tokens/
While an App Access Token is largely for the purposes of publishing information back to Facebook on behalf of the user, there is a limited set of information that can be retrieved from Facebook using an App Access Token.
Basic Profile Info of a User (ID, Name, Username, Gender)
A User’s Friends and their IDs
Permissions granted by the User to your App
So there is a limited set of info you can get using an app access token. So you probably don't want to use it to get the user's feed.
What is access token in Facebook API?
why I need it ?
What is its purpose ?
Do I need to store it persistently in my website ?
For almost every request you make to facebook API you need to pass access token along to get the results. This token may expire depending on what kind it is, you might need to persist it in case your application need to access facebook API when user is offline.
PS: Access token comes from user's request to your application.
Facebook implementation of the OAuth 2.0 involves three different steps: user authentication, app authorization and app authentication. User authentication ensures that the user is who they say they are. App authorization ensures that the user knows exactly what data and capabilities they are providing to your app. App authentication ensures that the user is giving their information to your app and not someone else. Once these steps are complete, your app is issued an user access token that you enables you to access the user's information and take actions on their behalf.
access token will be expired unless the user has granted to your app the "offline_access" permission. In other word, unless you have such a perm granted, you don't need to store it persistently in your website.
Suppose that I make an app that is using Facebook login (basically for dealing with who is who). Is it possible that the app to fetch the user's history from Foursquare if it get the user's permission? (The user uses Facebook's login on Foursquare as well)
No. You need to go through each authorization flow separately. First, the user grant your application access by going to Facebook and coming back with an access token (or authorization code you later exchange). Then you need to send them over to Foursquare to approve access again. Foursquare might need to authenticate them via Facebook but that's really not your concern (and should be transparent if they have an active Facebook session). Foursquare will issue you another access token for their API.
There are discussions in the community about the use case of allowing your application to pass the Facebook access token to Foursquare so they can validate the user identity with Facebook and then issue you an access token. However, there are many issues with that. By not directly interacting with the user, Foursquare has no way of knowing that the user wants to give one application access to their data stored on another application.
I wonder is it possible to access user's wall info without passing his/her access token?
for example, I will just pass my app secret token and app id. and FB user already allows to access his/her info from my app. Facebook does the checking and matching of my app and my app's user by just using my app secret token and app id.
Because I found some topics similar to that.
http://forum.developers.facebook.net/viewtopic.php?pid=9172
When I check Rest FB doc,it says like that.
http://restfb.com/javadoc/index.html
public DefaultFacebookClient()
Creates a Facebook Graph API client with no access token.
Without an access token, you can view and search public graph data but can't do much else.
I doubt that it will work or not without access token.
can everyone share me ideas or any possible similar approaches ?
Thanks.
You will need to ask the users to authorize your app for offline access. You will be able to access the user's wall even if the user is offline, but you still need the access token. It is part of Facebook's security measures.
There are two types of access tokens:
Session based: expires in a short term, are used when the user will be logged to FB every time you need to perform an operation.
Offline access: do not expire and allow the app to perform operations for the user in any moment. This requires the offline_access permission when the app is authorized.
Check here: http://developers.facebook.com/docs/authentication/ for the oauth mechanism and here: http://developers.facebook.com/docs/authentication/permissions/ for the permissions list.
The REST API is deprecated and it is strongly suggested that you don't use it anymore. Furthermore, from this October you will be allowed to use only the Oauth2 authentication (see When is Facebook turning off their session based auth?)
Without token you can only access public information.
Public data
From RestFB homepage :
// It's also possible to create a client that can only access
// publicly-visible data - no access token required.
FacebookClient publicOnlyFacebookClient = new DefaultFacebookClient();
If the user does not protect his posts, then you can access everything without token. But most of user do protect their data and then you need a valid user access token to read the data.
Private data
When you say "FB user already allows to access his/her info from my app" it means that the user has clicked on "Allow app" in the web browser and at that moment here Facebook will give you a token. You can after use that token with RestFB :
FacebookClient facebookClient = new DefaultFacebookClient(USER_ACCESS_TOKEN);
User user = facebookClient.fetchObject("me", User.class);
out.println("User name: " + user.getName());
By default, the token will expire a few hours later. If you ask for the offline_access permission, the token will be valid for ever (as long as the user does not remove the permission for your app in his settings). You should store that token in your database to be able to use it when you need.
Get the user token
You cannot get the user token with RestFB. On the RestFB homepage, you can read :
Non-goals: [...] Providing a mechanism for obtaining session keys or OAuth access tokens
Because you need a browser to do so : the user has to authenticate and authorize your app on Facebook website (the popup that shows).
What you can do is to have a PHP page on which your users have to go to authorize your app. You can read this stackoverflow answer that explains how to use the Facebook PHP SDK to do so.
Hope that helps !