I've developed a Facebookapp that has the "user_photos" permission. Now i've submitted the App, which is now live. I've installed it on several Facebook-Accounts of my friends... (Yes! they have granted the requested permissions)
When i now try to make an request i get the following error message
{
"error": {
"message": "A user access token is required to request this resource.",
"type": "OAuthException",
"code": 102
}
}
Here's my Request-Query:
https://graph.facebook.com/LogInIDOfMyFriendThatHasInstalledTheAPP/?fields=albums.fields(photos,name,description),email&access_token=mySecretAppToken
Ok it works if I replace the App-Token with a User-Token that is generated by an OAuth-Process or via GraphAPIExplorer but in the Documentation (https://developers.facebook.com/docs/facebook-login/access-tokens/) it is said (in Paragraph) "App Tokens" that
"App access tokens are used to make requests to Facebook APIs on behalf of an app rather than a user. [...]" and that i have to generate an other "App Accesstoken" but this also does't work.
I'm confused...
So is there something i've forgotten / missunderstood or do I have to use the oAuth-Way which means that my friends have to reauthenticate to my App every two month???
Thanks a lot!
Best regards
Mike
A few lines after in the documentation it states
App access tokens can also be used to publish content to Facebook on behalf of a person who has granted a publishing permission to your application.
This is what they mean by requests on behalf of the user.
For the albums endpoint you need a user access token.
Yes your friends need to re-authenticate your app every two months if you extend a short lived user access token. The point is not to have apps sitting around with access when the user may have forgotten them. Prompting the user to re-authenticate ensures they are still aware of these apps and can have the choice to keep or delete them
Related
I want to post on my own Facebook Page using Graph API.
For this, I have created an App.
When App is in Dev Mode, I am able to post on page using Page Access Token with proper permissions.
However, the problem here is, the post are not visible to public unless I make the App Live. The posts are only visible to Page Admins.
But as I make my App Live, I am getting below exception from FB APIs.
{
"error": {
"message": "(#200) If posting to a group, requires app being installed in the group, and \\\n either publish_to_groups permission with user token, or both pages_read_engagement \\\n and pages_manage_posts permission with page token; If posting to a page, \\\n requires both pages_read_engagement and pages_manage_posts as an admin with \\\n sufficient administrative permission",
"type": "OAuthException",
"code": 200,
"fbtrace_id": "abcdefgh"
}
}
I regenerated the Page Access token after I make my App Live but still above error is coming.
I checked some resources which says that I need to submit my App for review. But I don't want to go through that lengthy process.
So, Is there any otherway with which I can post on facebook page using API without putting my App for review process ? Will any other kind of token (i.e. other than page access token) work here ?
Please note, I want to make sure the posts I make to be visible by everyone and not just page admins.
Last week I requested an app review with Facebook, which has successfully granted me permission to request "read_page_mailboxes" permission for users of my application.
I now have an extended access token which, according to the Graph Explorer tool has properties:
App {app_id}: SAM :. Thinkka
User {user id}: James Hartnoll
Valid: True Scopes read_page_mailboxes, manage_pages, publish_pages, business_management, public_profile
I am trying to read conversations of a business page, using this URL:
https://graph.facebook.com/v2.7/[Page_Id]/conversations?fields=can_reply,id,unread_count,updated_time,subject,snippet,link&access_token=[access_token]
However, when I make the request, the response is:
{
"error": {
"message": "(#298) Requires extended permission: read_mailbox",
"type": "OAuthException",
"code": 298,
"fbtrace_id": "FEHvo/6+z39"
}
}
Now according to the Facebook documentation, here:
https://developers.facebook.com/docs/graph-api/reference/v2.7/page/conversations
I have all the permissions I need (namely read_page_mailboxes).
I have done some research and this question (not mine) on Stack Overflow, sums up fairly well what I am doing.
One answer suggests to try using https://graph.facebook.com/v2.7/me/conversations.... but that results in the same error, and the other answer suggests that read_page_mailboxes need approving.
That permission has been approved though, see the start of this question!
The Facebook change log here: https://developers.facebook.com/docs/apps/changelog#v2_4
Tells me that read_mailbox is deprecated, and reading further into that permission, it seems it would not have been granted anyway according to the App Review request, that permission is not available for Web applications anyway.
So... I am stuck?! I have all the permissions that I am required to have according to the documentation, my token is valid and my "GET" requests are correct, but I need a permission which was deprecated a year ago?!
I've sent this message to Facebook too, but it'll take a few days for them to reply and it's irritating me as this should work apparently!
Anyone here had any experience/solution with this?
**NOTE: ** I am after Business Page messages, NOT, personal ones - for clarity.
You're not using page access token to request,instead you're using user access token.You need to first get page access token via GET /me/accounts or visit getting page access token for more details on that.
Once You have this token you can read page conversation by using the following method in PHP:
$pagemessages = file_get_contents('https://graph.facebook.com/me/conversations?access_token={page-access-token}');
var_dump($pagemessages);
or simply using GET request to above link.
Thanks!
I am facing this error with some of my users, the case is as following:
I use facebook "App access token" to post actions to facebook Open Graph instead of the user access token because app access token don't expire according to facebook documentation unless you refreshed the app secret, I use the follwoing Post url to post actions
https://graph.facebook.com/user_facebook_id/App_Namespace:action_name?FBOG_Object=FBOG_OBJECT_URL&access_token=app_access_token
Some of the actions do appear on facebook, but for some users the actions fails to post and return the following message:
{ "error": { "message": "Error validating access token: Session has expired at unix time 1345759200. The current unix time is 1345925578.", "type": "OAuthException", "code": 190, "error_subcode": 463 } }
What am I doing wrong? Why do I have an expiration error although am using the app access token? Should I worry for user permissions?
After checking the servers it seems that the code that uses the app token was not deployed and the code that uses the user token is still there.
The app token does not expire unless the app owner took some action.
https://developers.facebook.com/docs/authentication/applications/
Error message clearly shows that your access token expired and you need to get another one.
However you can handle this issue : Access token expiration
Also if you are looking for a long life token you need to provide some more parameters while authorizing the application to a new user.
offline_access parameter can be included in a request but now it's been deprecated by facebook. Removal of offline access
There is documentation for test users in the Facebook Developer online documentation but how do you delete actual users where the application doesn't show in their app list anymore? This is with the knowledge of the access_token and facebook_user_id.
Used to delete Test Users:
https://graph.facebook.com/893450345999?method=delete&access_token=A2ADI1YMySweBABBGrWPNwKMlubZA5ZCrQbxwhtlEd9FIQUrOVjsGD3mnIWEbUhzDz7dkuBekMFdHvjvJ9CZAU7EMSSaZBsgN60FkMCi3AAZDZD
Running the test user link produces the following error:
"error": {
"message": "(#100) Can only call this method on valid test users for your app",
"type": "OAuthException",
"code": 100
}
You seek for application de-authorization:
You can de-authorize an application or revoke a specific extended permissions on behalf of a user by issuing an HTTP DELETE request to PROFILE_ID/permissions with a user access_token for that app.
permission - The permission you wish to revoke. If you don't specify a permission then this will de-authorize the application completely.
To achieve this issue request to:
https://graph.facebook.com/me/permissions?method=delete&access_token=...
Once application de-authorized it will not appear in the list of user's applications.
Update December 2021
Follow the reference for Requesting & Revoking Permissions:
To remove single permission issue a DELETE request to /{user-id}/permissions/{permission-name} passing user access token or an app access token
To de-authorize an app completely issue similar request to the /{user-id}/permissions endpoint
Real users 'delete' themselves from your app when they remove your app from their account, you don't have to do anything.
If you would like to know when users de-authorize your app like this, you can specify a Deauthorize Callback URL in your app's settings. As described in the docs at https://developers.facebook.com/docs/authentication/:
Upon app removal we will send an HTTP POST request containing a single parameter, signed_request, which, once decoded, will yield a JSON object containing the user_id of the user who just deauthorized your app. You will not receive an user access token in this request and all existing user access tokens that were previously issued on behalf of that user will become invalid.
UPDATE: To remove your own app from the user's authorized applications, issue an HTTP DELETE to https://graph.facebook.com/[userid]/permissions?access_token=... as per https://developers.facebook.com/docs/reference/api/user/.
Typically Graph API calls also support doing an HTTP POST with an extra parameter, method=DELETE, in case DELETE calls are not possible/supported.
To do it:
You must have the user access token.
Visit https://developers.facebook.com/tools/debug/accesstoken/ and debug the user access token.
Copy App-Scoped User ID
Via API call HTTP DELETE to https://graph.facebook.com/[App-Scoped User ID]/permissions?method=delete&access_token=[YOUR-APP-ACCESS-TOKEN]
I'm working to enable my app to hit the FB Graph API to look up data on a user. I want to do this in a way that is app focused meaning it isn't based on a user signed into my app. It's a relationship between the app & the FB Graph API.
My understanding is I can do that with the APPLICATION ACCESS TOKEN is that right?
If I use my app access token here:
https://graph.facebook.com/search?q=born#gmail.com&type=user&access_token=208131059208382|xFN8da1tIDxuuMp8hoRtGs3l0aM
I get an error:
{
"error": {
"type": "OAuthException",
"message": "An access token is required to request this resource."
}
}
Why is that?
Can I use my personal FB account to hit the API for the purposes of the app?
When a user oAuth's in to an app, how long does the access token last? Is it something I can hard code in my app so I can hit the FB graph api?
Thanks
For a lot of things on Facebook, you have to have a valid session access token from the user. What this means is, the access token you get from a user must be used to access a resource. This is especially true when pulling data about the user out of the graph. The access token that FB gives you when the user loads your application typically lasts for an hour (if I recall correctly). The session object FB gives you tells you the expire time on the token, though.
If you need to access the data for a user in an offline manner, you could ask the user for the offline_access extended permission. Doing this makes Facebook give you an indefinite access token, which doesn't ever expire (unless the user changes their password). That allows you to query the graph on the user's behalf whenever you feel like doing it.
The search feature doesn't require an access token if you're performing a standard search, or a page search, etc. But it does require a valid access token when you're searching for users. I assume this is to keep people from hammering the search and crawling public user data with a bot.
You can follow the instruction in
http://developers.facebook.com/docs/authentication/
take a look at https://github.com/michaelbaldry/fb_graph_canvas - It's a barebones canvas application that you can test locally. It uses fb_graph and is about as simple as can.