I'm working on a Facebook app that requires a few basic permissions (email, birthday, etc) as well as publish_actions (so I can create stories about user interaction).
When I ask for these permissions, the end user is presented with one screen for the basic permissions and yet another for the publish_actions permission.
However, when I looked at the following app from Amazon:
http://www.amazon.co.uk/gp/socialmedia/promotions/SprngSweep
When I click on the enter button, I am redirected to Facebook to ask for permissions (as expected), however, they have all their permissions one page (Amazon would like to access your public profile, friend list, email address, birthday, photos, videos, personal description, likes and your friends' birthdays and likes. Amazon would like to post on your behalf. Amazon would like to access your data at any time.)
I can't add a picture due to lack of rep
The url that I'm redirect to is this:
https://www.facebook.com/dialog/oauth?client_id=164734381262&redirect_uri=https%3A%2F%2Fwww.amazon.co.uk%2Fgp%2Fsocialmedia%2Ffbr%2Fconnect-handler.html%2Fref%3Dfbr_hn_SprngSweep%3Fie%3DUTF8%26appName%3DAmazon%26externalApp%3DKindle%26onSuccess%3D%252Fgp%252Fsocialmedia%252Fpromotions%252FSprngSweep%253Fie%253DUTF8%2526sm-sweeps_submit%253D1%2526sm-sweeps_submit.x%253D66%2526sm-sweeps_submit.y%253D20%2526sweepsConnect%253D1%2526sweepsEligibility%253D1%26ref%3DSprngSweep%26token%3D6CBF36BD25311891B2F205333EFA3AA78E561AB9&scope=
While attempting to investigate this myself, I noticed that they aren't even passing a value for scope in the url.
How the hell are they doing this?
Most likely they are using an old API (FB changed the behavior over there recently, read their blogs please) or they are using hidden features which FB created for them (as this has an impact on there advertising revenue obviously, and even these guys are "coin operated").
The "two pager" is normal, FB API and FB advertising API quit the same. I wouldn't worry.
Related
I have the task to integrate some commercial sharing stuff into a website.
The idea is that the user a) logs in/registers in the website, b) the user connects his user account with his facebook account - by adding and accepting the website application.
Here comes the interesting part - is there a way of linking the facebook account with my website's account so that I can send them updates and promotions directly to their walls programatically?
In the application dialog, it's clearly noted that the user allows the application to write to the user wall so they accept and agree this. Then, for example, if I want to send them a promotion or update directly on their wall using the fb application api, how can I achieve this? All the tutorials I've read consider the user using the Facebook Login
The concrete idea is something like weekly promotion feed that my clients want to allow customers to allow being posted directly on their walls. As I don't have any experience with facebook development, I'd appreciate knowing how, if at all possible, this can be achieved?
Most of what you're suggesting is against policy, and isnt' technically possible either as users need to come back to the app once every 60 days for you to have a valid access_token for them.
The Authentication docs explain how to get access to a user's information with their permission, and the Permission documentation explains which permissions grant access to which functions or fields.
From the documentation it seems that the user should always authorize the Facebook application even to access basic permissions.
However, sites like Rotten Tomatoes and Clicker.com auto-authorize the logged facebook user without showing the authorization dialog. If you visit one of those sites for the first time they will be able to access your public data without you authorizing it. If I go to the Apps on my facebook settings, an entry will appear showing that I gave access to those applications (but I DID NOT).
How can this be possible? Is it related to the "Instant Personalization" feature for selected partners?
Thanks
Well, I was doing some research and yes, it's all about Instant Personalization.
From Facebook:
We've partnered with a few websites to provide you with great,
personalized experiences the moment you arrive, such as immediately
playing the music you like or displaying friends' reviews. To tailor
your experience, these partners only access public information (like
your name and profile picture) and other information you've made
public.
From one of its partners:
Clicker.com
So -at the time I'm writing this- unless you're a partner of Facebook, you'll have to show the old OAuth dialog.
Hope it helps!
This is my first post in this facebook's stackoverflow forum. My background is on wireless baseband prototyping on FPGA platform and do not have any prior experience with facebook development. Now i have a chance to work on social network related development work and i'm quite excited. Anyway above is just my background introduction.
Here i want to create a virtual Facebook user. Imagine you are interacting with your refrigerator on Facebook. This is the kind of concept we want to show.
Following are the functionality i would like to have at my virtual's facebook account..
1) recognize real friend check-in and messages posted on his/her wall.
2) ability to write messages on real friend's wall.
3) recognize messages posted on virtual account's wall.
4) ability to write message on virtual account wall.
How can the virtual account be equipped with such functionalities? Can i achieve by writing a facebook application? Please advise the direction i should look at.
Cheers,
Phone Naing
The facebook api lets you query their graph but it requires an access token to do that.
There are 3 main token types: User, Page and App.
Your app would be able to get an app token easily but it's limited to public data only, like data of public pages.
For a page and user tokens you'll need the actual user to interact with your app in order to get the token.
You can get the friends check-ins, feed, images, events and so on by asking for the right permissions from the user (there are user permissions and friends permissions).
You can also post to friends wall with the "publish_stream" permission.
For "recognizing" posted items on a user wall you can either recheck the user feed every once and a while and compare what you had and what you get or use the Real-time Updates.
With all of that said, I seriously doubt that you'll manage to pull something like that with the current limitations of the facebook api.
Let's start with the fact that facebook does not like profiles to be "vritual", they want the profiles to be of real people.
Of course that there are plenty of virtual profiles but they can remove them (and sometimes do).
Even if you do have these virtual profiles, since they are virtual they won't interact with your application using facebook, that is won't be logged in to facebook via their channels (web interface, android or iOS, etc).
Because of that you won't be able to get a user access token which you need for all of the information you want.
Since the deprecation of the offline_access permission there's no way to have a token which is valid for a user for more than about 2 months, which means that for each "virtual user" you'll need to log him in to facebook and then interact with your app to get a new token.
You can create a page instead of a virtual profile, which will also be fine with facebook.
But here again, you need a user to actually interact with facebook and your app to get a valid page access token, and even if you get that, it's not enough for the data you want to ask for.
To put it all together:
I think it can't be done.
Okay. I've spent hours poring over the scattered FB documentation concerning xFBML, Open Graph, etc. -- most of it deprecated it seems.
Anyways, I'm trying to get a visitor's Facebook userid (or name or pic or anything) when they visit my site (assuming they are logged into FB already) without them having to "connect" and give my website permission.
It seems that I cannot though. I would just give up, but then I see Yelp. I don't have a Yelp account and I've never given them permission to my FB account. But...if I'm logged into Facebook, and I go to Yelp, they are still able to post my FB photo at the top, they know my FB name, and they're even able to show me which of my friends are on Yelp.
So, does Yelp have some deal with Facebook to get that info without me giving permission?
Or can you really grab some FB info on your "unconnected" visitor?
It's a feature called "Instant Personalization", and it's exclusive to a select number of Facebook partners.
From the Facebook FAQ:
We have established a small pilot program with an exclusive set of partners—currently yelp.com, Microsoft Docs.com, and pandora.com—to offer a personalized experience as soon as you visit. These partners have been given access to public information on Facebook (e.g., names, friend lists and interests and likes) to personalize your experience.
So, no, you can't get that information yourself without asking permission from the user, unless you're a participant in the pilot program.
According to the Facebook Platform Policies:
You must not pre-fill the user_message
parameter or content sent via an
extended permission (such as a status
update or note), unless the user
generated the content earlier in the
workflow.
Does that mean that I can't publish stories to the stream automatically, even if the user agreed to?
I've seen apps (such as PlayStation Network, Foto Diaria) that publish stories automatically.
PlayStation Network publishes stories about actions you did in PS3 games and Foto Diaria publishes a picture from your wall every day. In both cases the attachment is created by the application, and the user message is empty. Could that mean that publishing stories with an empty user message (empty, not absent) is not considered pre-filling?
EDIT: I need to know what is allowed or not by the Facebook Platform Policies, not how to post stories.
If you ask the user for the publish_stream extended permission then you'll be able to post automatically whilst the user is interacting with the application. You can pre-fill the user message only if it's something that the user has entered earlier in the process e.g. if you've asked them to comment on a piece of content and then publish a story about the comment. If in doubt, leave it blank.
If you want to publish automatically even when the user isn't online then you'll also need them to grant the application the offline_access extended permission. In this case you'll also need to store the session key that Facebook gives you for that user.
https://developers.facebook.com/docs/guides/policy/examples_and_explanations/stream_stories/
Check this out. The Platform policies section of the FB Dev site has some additional documents to allow you gain a better understanding of the guidelines for sharing.
Please also read the section about User Feedback.
https://developers.facebook.com/docs/guides/policy/examples_and_explanations/user_feedback/
Hope this helps.
We can ask user to grain of offline_access permission, which is access to user profile at anytime, even if user is not online. But this permission will no longer available.
I agree that this permission is so harmful to user.
But it still useful if owner app want to post to their own account during user use their app. If you want to post to your self account, you can manually grain offline_access to your app, and select access_token and keep it in your own app, and use it when you need to post your account. It make sense that Facebook should allow developer to do this task.
it is simply forbidden but, there is a catch about it, if is text prepared by user previously, you can post that text later and I think you are able to add your own text to that. But not so sure..
I'm saying this based on McDonald's Canada's yourquestions app, you can ask questions to them, whenever its answered they posting to your wall.
But to clarify that, as a PMD I'll ask to FB personally and let you know what is the answer is.