Why can some folks access their facebook photos/albums by using the following endpoint:
www.facebook.com/facebookID/albums
But, when I try to access MY albums in this manner I get an error prompting me to use an access_token.
www.facebook.com/facebookID/albums?access_token=GFDGTRDSVGRDWVSGRDESVGRDSVGDFRSGRDSGDRSGRD....
It (obviously) works fine when I use a token but, I'd like to be able to allow access without a token... any ideas?
Accessing photos is privileged you require an access token from either photos or friends_photos to make the request successfully.
The reason some people may be able to access albums or photos without the token appended to the url is because it was previously requested and is currently stored.
You should always provide an access token in these requests.
see: https://developers.facebook.com/docs/reference/api/album/
for reference it states:
To read an Album you need
- Any valid access token if it is public and belongs to a Page
- The user_photos permission if it belongs to a User The friends_photos
- permission if it belongs to a User's friend
Related
I've been working on getting an old server-to-server Facebook app working which was previously used to load a feed of page posts for pages we own, but even after completing the review for manage_pages access I still get the error "This endpoint requires the 'manage_pages' permission or the 'Page Public Content Access' feature" when I try to access the feed via
https://graph.facebook.com/[page_id]/posts?access_token=[app access token]
or
https://graph.facebook.com/[page_id]/feed?access_token=[app access token]
I've tried generating the app access token with the Graph API explorer and also tried using [app ID]|[app secret] as the access token, but get the same result either way. Is there something I need to do to grant the app manage_pages access for specific pages now facebook's reviewed it, or is there something else I'm missing? The user that created the app can access the data if using a page access token, but since they removed the ability to create permanent page access tokens that's not really a viable option
edit: Looking into the documentation, it seems I should be able to request a page access token using the app authentication now that it's been approved for manage_pages permissions. However, trying to access one with https://graph.facebook.com/v5.0/[page ID]?fields=access_token&access_token=[app access token] also generates the manage_pages or Public Content permissions error, which seems like it would suggest the app doesn't actually have manage pages permissions?
I want to get /{user-id}/feed from another user (user B) rather than "me" (user A), but the query returns an empty list.
I'm using the Graph API Explorer to make the queries, and I've got the Access Token with user_posts, user_status and read_stream permissions, but I can't get this information.
In this thread is said that:
Additionally the queried user needs to grant the app the read_stream permission.
In this other thread they said:
If the user is your app user authorized with read_stream permission, then you access the USER_ID/feed. It's because USER_ID/feed endpoint only available if user give permission read_stream to your app. App Access Token is not allow.
If the user is not your app user with read_stream, then you access the USER_ID/links instead. It's because no read_stream permission require to access this endpoint. App Access Token is not allow.
MY QUESTIONS:
Do I really need this other user (user B) to grant this permission to access his feed?
Where can I find official documentation saying so?
As /{user-id}/links seems to be accessible, are posts, statuses or tagged accessible too, or I just can access links without User B granting this permission?
Note:
Since the purpose is to use it in and iOS and Android App I can't use the read_stream permission, so I would use the user_posts which is supposed to be valid as they say in https://developers.facebook.com/docs/graph-api/reference/v2.3/user/feed
>
Of course, why would anyone want your App to access his newsfeed without his authorization? Keep in mind that not only the user would be able to access the feed of his friends, but the App too - which means, it would be easy for the App developer to get access.
Should be clear with number 1. Why would there even be a permission if you could just grab the feed from another user with it?
You canĀ“t get ANY data from a user without his authorization, for privacy reasons. Friend permissions are gone.
Each user who allow permission to my app will have an access token
or
One access token can handle actions, for example, upload photos to an user album?
I know that an access token can expire up to 60 days,
so do I need save this access token for each user on my database and when request comes from that user, load the access token for him?
Each user who allow the app will have an access token, which will include all the permissions user has granted to your app.Read more about user access tokens here
Each user who allow permission to fb app, will have different Access Token which will be unique.
The Access Token is generated on the basis of browser session from client, AppID and App Secret. In a web server based application, it is not absolute requirement to save application token for user. But application like HootSuite saves user credentials and access token for later use to get facebook feeds and other services.
So it depends on application requirement.
Thanks
Each user sends you another access token in context to use User session of course.
An access token is a random string that provides temporary, secure
access to Facebook APIs.
A token identifies a User, App or Page session and provides
information about granted permissions.
And in User Access context:
You can use this token to perform API calls on behalf of a user,
including reading, publishing and deleting, depending on the
permissions your app has. For example, you can retrieve a user's
friend list or publish a new photo to their timeline with a user
access token.
http://developers.facebook.com/docs/concepts/login/access-tokens-and-types/
Yes, you have to remember this access token if you dont want to reconstruct it. But in many API's this is done "automagically", for e.x. in PHP SDK the access token is stored in user cookie. If you implement more complicated user-flow, you have to remember access token OR regenerate it each time (http://developers.facebook.com/docs/concepts/login/login-architecture/). Remember, that access token will expire and you will have to regenerate it (on the faith of already granted permissions).
FYI: If you want to preserver offline access (executing application activities without user session), you will consider offline_access, but it is deprecated:
http://developers.facebook.com/roadmap/offline-access-removal/
Hope it revealed the problem.
I am sending a POST request to /FACEBOOK_ID/photos?access_toke=APP_ACCESS_TOKEN. I already have publish_stream permission. My goal is to post a photo into the user's photo album of my Application (Facebook creates an album for that app).
The result is:
{"error":{"message":"A user access token is required to request this resource.","type":"OAuthException","code":102}}
OK, so I tried to use the user_access_token instead of my app's access token. But it says that it has "expired"?
I can't do either! What can I do? Ideally, I want to use the app's access token for all cases. That's because I can't just bring the user to the Facebook "allow" dialog everytime...
Posting a status update works fine (I use the app's access token), but it's only when I do photos that I run into this problem.
Note: I will give 500 bounty to whoever can answer this for me ASAP.
Thanks!
When you obtain the user's access token, request the offline_access permission to obtain a user access token that doesn't expire. Store the token & use it in the POST to /.../photos.
Note that this is only a short-term fix as Facebook are removing the offline_access permission on May 1 2012. After that applications will have to call a new FB api to extend the life of an existing access token.
I am creating a web application that is trying to use "public" Facebook content.
It is not your traditional "Facebook Application" because I'm not actually signing up Facebook users to use it, but the users will be all server-side.
I've come to a point in which I am having to use an "access_token" for certain "public" pieces of content and I have been able to generate a app access_token but this does not work for the public data I'm interested in accessing.
access_token's created via
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=client_credentials
do not work for
https://graph.facebook.com/chickfila/notes?access_token=CODE_FROM_ABOVE
which is publicly accessable w/o login here...
http://www.facebook.com/ChickfilA?sk=notes
Any way to give an app itself a user-level access_token?
I had a very similar problem with publicly available event data. What I had to do was to create an offline access token for the admin of the application.
So, log in with your admin and open the following URL (replace APP ID with your ID and eventually you need more permissions, but read_stream and offline_access should do the trick):
https://graph.facebook.com/oauth/authorize?client_id=APPID&scope=offline_access,read_stream&redirect_uri=http://www.facebook.com/connect/login_success.html
This will give you a code, that you will paste in the following URL (with your APP ID and SECRET):
https://graph.facebook.com/oauth/access_token?client_id=APPID&redirect_uri=http://www.facebook.com/connect/login_success.html&client_secret=SECRET&code=CODE
This will give you an access token that should work forever (or until you change your password).
Recently I used the access token freely available from the Facebook Graph Explorer which will let you browse different graph resources and will let you specify what permissions you need. For this you can tell it you want offline_access and that token can be used to pull this information whenever it is needed without worrying about your token expiring.
Create an user just for your app and let the user authorize your app and get the access token and use it for this kind of data fetching. Some manual work but as long as you have some user authorized access token you should be able get the public contents.