I have web application where I use Facebook oauth. User authentication works fine. and in javascript when I call FB.getUserID() I get correct identification. But when I try do this I get empty array:
FB.api('/me/albums', function (response) {
console.log(response.data);
console.log(FB.getUserID());
});
What I do wrong?
In order to retrieve the albums created by that user, you must provide user_photos permission to your access token.
Have a look at the this documentation on albums. It clearly says under permission that your Access Token must have the user_photos permission to retrieve the the albums. Without
this specific permission, it'll return an empty object.
Now, in order to provide one or more additional permissions, call FB.login with an option object, and set the scope parameter with a comma-separated list of the permissions you wish to request from the user.
FB.login(function(response) {
// handle the response
}, {scope: 'user_photos,friends_photos'});
Reference: Javascript FB.login doc
Related
I can't create a Facebook album via graph api. Now, it always throws a error
(#10) Application does not have permission for this action
I don't know why. I'm sure I have the correct access token (it is a valid, it does not expire). I have the same error in php & javascript.
My example code in js:
FB.api('/me/albums', 'post', {
access_token: access_token, // it is a valid
name: 'test album 1',
message: 'test album 1'
}, function(res) {
console.log(res); // throw a error "(#10) Application does not have permission for this action"
});
Does Facebook have some bugs or I missed something?
Edit: I found the correct answer from https://developers.facebook.com/bugs/680991411993635/:
Even though you are using a Page Access Token, you need the
user_photos permission in order to create a Photo Album as the Page.
Facebook does have some bugs...don't we all?
You actually did miss something - you need the correct permissions.
In order to create an album, you'll need to request the publish_actions permission from your users. This permission allows your application to publish stories to the users feed including new albums.
Perhaps I am going about this the wrong way but I have a website that allows facebook login.
If the user has already registered on my website
and is logged into facebook but not logged into my site
when visiting the login page i check for their facebook login status and get response.status === 'connected' via-
FB.Event.subscribe('auth.authResponseChange', function (response)
{
if (response.status === 'connected')
{
var s = JSON.stringify(response.authResponse);
LogMeIn(s, function(response)
{
HandleAjaxError(response, function(msg)
{
window.location = '/_/';
});
});
}
}
I then want to pass their authResponse object to the server and confirm that this userid works with this token before I log them in as this user
I have read to simply grab the json contents of -
https://graph.facebook.com/{userID}?access_token={accessToken}
and if it does not return an error then it is good! But when testing this method I noticed that the same access_token worked for two different user ids (meaning it did not return an error for the userid that was not logged in on my computer). Instead it returned the facebook user object with name , location etc.
This really surprised me, as I expected the access_token to work only with a single user id.
In an effort to prevent someone from simply changing the user id before continuing the script I need to authenticate via server side. What is a way to accomplish this?
Proof, go to these links to see profile information
My profile-
https://graph.facebook.com/1233822590?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Another userid with same access_token-
https://graph.facebook.com/100000116781159?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Nothing to be surprised. You can fetch the basic details of any user of the facebook using the access token of any user of the facebook.. So this isnt really good way to validate the token. Moreover, that confirmation of token part isnt required.
If you want the authorization through server side go through.this link
I'm just a little confused as to how to pass my access token into FB.api() when making requests for protected things.
I'm getting my app to login and authenticate fine, but how do I use FB.api() with the access token I have?
app.accessToken = response.authResponse.accessToken; // This is a valid access token.
FB.api('/me/friends?access_token='+app.accessToken, {fields: 'name,id,location,picture,installed'}, function(response) {
console.log(response);
});
Is that the correct way to pass in the access token to FB.api()?
In this case, my response comes back with the friends name,id,location,picture but it doesn't seem to have the 'installed' data as that is protected.
Am I doing this right?
Although I see why some users are saying you may not need to pass access token due to your specific use.
Generally, there are cases where you do need to pass an access token through FB.api()
The way this is done is by passing it in the parameter object, as such:
FB.api('/{fb-graph-node-goes-here}/, {
access_token: "TOKEN GOES HERE"
//other parameters can go here aswell
}, function(response) {
console.log(response);
});
You do not need to pass the token, if the user logged in (with FB.login, for example). In fact, by using the JavaScript SDK (or PHP SDK), you almost never need to deal with the (user) access tokens.
So, your call would just be like this:
FB.api('/me/friends', function(response) {
console.log(response);
});
Getting the info if the user installed the app:
Test if user has application installed with Graph API
How to fetch a list of the current users' friends who also use my app?
That is how I did it:
Pass access_token as a parameter.
FB.api("/me", { access_token : response.authResponse.accessToken }, {fields: ['last_name', 'first_name', 'name']},
function (response) {
console.log(response);
console.log('Name: ' + response.name);
}
);
You would need to pass access token if requesting for extending fields. Please refer to
https://developers.facebook.com/docs/facebook-login/permissions/v2.0#reference-extended-profile
I have a situation on my site where a user who has authorized my app can later opt to get their friends list so I want to check their current permissions before executing anything. I have found I can use
FB.api('/me/permissions', function(response) {
console.log(response);
});
I want to check if the user has read_friendlists permission but I have not found any information about the object so I do not know how to write a condition against it. Facebook has an example of returned data on this page http://developers.facebook.com/docs/reference/api/
but like I said I have not found a resource which describes the object.
Thanks for the help
If there's no read_friendlists entry in the response, you don't have that permission - write your condition based on the presence, or lack thereof, of the particular key (permission) you need
Is there any fb tag i can use to wrap around my html anchor tag so that if the user isn't logged in, they will get prompted to login before getting access to the link?
I'm using python/django in backend.
Thanks,
David
You simply need an if statement to check whether a facebook session exist or not. If not redirect them to the login page.
-Roozbeh
First I think you must create a Facebook App.
Second: if you are programming in PHP, you should use the PHP SDK.
See: https://developers.facebook.com/docs/reference/php/
Third: Use getUser method:
https://developers.facebook.com/docs/reference/php/facebook-getUser/
I'm almost sure that getUser will return 0 if the user has not accepted your app, so IMO it's not the best method to find the user connection status on Facebook.
Also, getLoginStatusUrl could help, with this function you could make redirections based on the user status on Facebook, and think of a mechanism to show or not the contents based on parameters and session variables (it's an idea).
See: https://developers.facebook.com/docs/reference/php/facebook-getLoginStatusUrl/
Hope that helps.
Using the JavaScript API you'll want to use FB.getLoginStatus to wrap around the anchor tag. See https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
Example from that page:
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
// the user is logged in and connected to your
// app, and response.authResponse supplies
// the user's ID, a valid access token, a signed
// request, and the time the access token
// and signed request each expire
var uid = response.authResponse.userID;
var accessToken = response.authResponse.accessToken;
} else if (response.status === 'not_authorized') {
// the user is logged in to Facebook,
//but not connected to the app
} else {
// the user isn't even logged in to Facebook.
}
});
Note: I would simply make this call up front and set my own JS variable boolean on the response so I didn't have to use the FB API call again. Then wrap any dependent code with a simple JS boolean test.