I have integrated firebase on website and able to get the information.
Now need to validate the accessToken on server which is fetched from web.
1st Step
Generating access_token by using below api
https://graph.facebook.com/oauth/access_token?client_id=1234&client_secret=some_secret&grant_type=client_credentials
which gives below json
{
"access_token": "1234|some_secret_here",
"token_type": "bearer"
}
2nd Step
Now using the access_token fetched from 1st step. Need to fetch user details from facebook and also validate the accessToken fetched from website.
Using below api to do it.
https://graph.facebook.com/debug_token?input_token=accessToken_fetched_web&access_token=1234|some_secret_here
which results in
{
"data": {
"error": {
"code": 190,
"message": "Bad signature"
},
"is_valid": false,
"scopes": []
}
}
Not sure whats the issue. Can someone help me out to validate the accessToken & fetch the user details from Facebook
I'm trying to post to a facebook page (as the page and as the admin user with each one access token) with just a parameter 'message'.
I've the same error in php and in Graph API Explorer in both cases:
{
"error": {
"message": "(#1) An unknown error occurred",
"type": "OAuthException",
"code": 1,
"error_data": {
"kError": 1455002
}
}
}
The same post to the API adding a paremeter link or just link without message works fine.
The user has granted those permissions: create_note, email, manage_pages, photo_upload, publish_actions, publish_stream, share_item, status_update, user_friends, video_upload.
The app is in Sandbox Mode and the user is a test user, not a real one.
I'm able to write to user feed and to create custom actions for him.
I've verified both, the page access token and the user access token with Access Token Debugger.
I've already reviewed a lot of questions in stackoverflow, tutorials and blog posts.
What am I missing?
UPDATED: I can't either post a link in page with app access token.
I try to get an access_token like this documentation : https://developers.facebook.com/docs/authentication/server-side/
but it does not work !
I have this error :
{
"error": {
"type": "OAuthException",
"message": "Error validating verification code."
}
}
In the documentation it says we can use :
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
client_id is my app_id
client_secret is the App secret
redirect_uri is the url of the website (Site URL in app configuration) (I tried with / and without at the end)
So my url is :
https://graph.facebook.com/oauth/access_token?client_id=14588084****&redirect_uri=http%3A%2F%2Fwww.mywebsite.com&client_secret=693ce9538e1f14e0*********&code=AQCVmlM9peMiL8Pv3mdi7c3FifwGLQDECdtN0oGMW4I6cisebeawDdSHP_crQlhsZxHKDOFT6zOrqeaoiL2pkQSkqAvwoPZdw0o1uCoLpUVjchghgfhgfhEXb2XS3UBD7iEc8eZ_YLF0cbVWL5i58sj3Rsr9vVFtfYwfghghgfhgfTkwajGcRp9n-lWWcepxghgIwzMMYLv8e__iDoMDiSNg
It's been ages since I last coded a Facebook app. Not sure if this will help: Facebook access token and AJAX calls
There's only thing that server has to do; just check any access token's validity.
Clients send to the server user id and access token obtained by FB.getLoginStatus. As I expected, there would be any URL that checks access token's validity, like http://xxx.facebook.com/access_token?=xxxxxxxxxxxxxxxxxxxxxxxxxxxx.
That returns whether it's available one or not or is there any API (server side) for that?
The officially supported method for this is:
GET graph.facebook.com/debug_token?
input_token={token-to-inspect}
&access_token={app-token-or-admin-token}
See the check token docs for more information.
An example response is:
{
"data": {
"app_id": 138483919580948,
"application": "Social Cafe",
"expires_at": 1352419328,
"is_valid": true,
"issued_at": 1347235328,
"metadata": {
"sso": "iphone-safari"
},
"scopes": [
"email",
"publish_actions"
],
"user_id": 1207059
}
}
You can simply request https://graph.facebook.com/me?access_token=xxxxxxxxxxxxxxxxx if you get an error, the token is invalid. If you get a JSON object with an id property then it is valid.
Unfortunately this will only tell you if your token is valid, not if it came from your app.
Just wanted to let you know that up until today I was first obtaining an app access token (via GET request to Facebook), and then using the received token as the app-token-or-admin-token in:
GET graph.facebook.com/debug_token?
input_token={token-to-inspect}
&access_token={app-token-or-admin-token}
However, I just realized a better way of doing this (with the added benefit of requiring one less GET request):
GET graph.facebook.com/debug_token?
input_token={token-to-inspect}
&access_token={app_id}|{app_secret}
As described in Facebook's documentation for Access Tokens here.
Simply request (HTTP GET):
https://graph.facebook.com/USER_ID/access_token=xxxxxxxxxxxxxxxxx
That's it.
The app token can be found from this url.
https://developers.facebook.com/tools/accesstoken
I found this official tool from facebook developer page, this page will you following information related to access token - App ID, Type, App-Scoped,User last installed this app via, Issued, Expires, Data Access Expires, Valid, Origin, Scopes.
Just need access token.
https://developers.facebook.com/tools/debug/accesstoken/
Exchange Access Token for Mobile Number and Country Code (Server Side OR Client Side)
You can get the mobile number with your access_token with this API https://graph.accountkit.com/v1.1/me/?access_token=xxxxxxxxxxxx. Maybe, once you have the mobile number and the id, you can work with it to verify the user with your server & database.
xxxxxxxxxx above is the Access Token
Example Response :
{
"id": "61940819992708",
"phone": {
"number": "+91XX82923912",
"country_prefix": "91",
"national_number": "XX82923912"
}
}
Exchange Auth Code for Access Token (Server Side)
If you have an Auth Code instead, you can first get the Access Token with this API - https://graph.accountkit.com/v1.1/access_token?grant_type=authorization_code&code=xxxxxxxxxx&access_token=AA|yyyyyyyyyy|zzzzzzzzzz
xxxxxxxxxx, yyyyyyyyyy and zzzzzzzzzz above are the Auth Code, App ID and App Secret respectively.
Example Response
{
"id": "619XX819992708",
"access_token": "EMAWdcsi711meGS2qQpNk4XBTwUBIDtqYAKoZBbBZAEZCZAXyWVbqvKUyKgDZBniZBFwKVyoVGHXnquCcikBqc9ROF2qAxLRrqBYAvXknwND3dhHU0iLZCRwBNHNlyQZD",
"token_refresh_interval_sec": XX92000
}
Note - This is preferred on the server-side since the API requires the APP Secret which is not meant to be shared for security reasons.
Good Luck.
Is it possible to retrieve Facebook page statuses using an app access token?
According to the documentation I could use "any valid access_token or user access_token" but when I try to use the application access token I'm getting the following message: "A user access token is required to request this resource.". Am I generating the app access token in a wrong way? Is there anyway to access the statuses of a public Facebook fan page without a user?
It seems that a user access_token is required to query this connection.
Tried without any access_token in the Graph API Explorer on redbull page and the result was:
{
"error": {
"message": "An access token is required to request this resource.",
"type": "OAuthException"
}
}
But after providing an app access_token:
{
"error": {
"message": "A user access token is required to request this resource.",
"type": "OAuthException"
}
}
This is a bit misleading!
Don't know if your still facing this issue. But here's a workaround :
By asking the graph API, you have this issue, but by using the FQL langage, it works perfectly with an App ID!
Here's an example for the 'PSG' page :
https://api.facebook.com/method/fql.query?query=SELECT post_id, type, attachment, message FROM stream WHERE source_id IN(SELECT page_id from page where username='PSG')&access_token=YOUR_APP_ACCESS_TOKEN
;)