I'm trying to implement facebook connect in Adobe PhoneGap through the Graph API but apparently I'm getting back an "App" token instead of a "User" token. This causes for my app to disallow any additional users connecting onto it, which is not the point of course.
I have notice this as no matter what user I use for logging in, the access_token returned is always the same.
I'm using the following URL to authenticate:
var authorize_url = "https://graph.facebook.com/oauth/authorize?";
authorize_url += "client_id=" + fb_clientid;
authorize_url += "&redirect_uri=" + fb_redirect_uri;
authorize_url += "&display=" + fb_display;
authorize_url += "&scope=publish_stream"
And to get the authorisation token:
https://graph.facebook.com/oauth/access_token?client_id='+fb_clientid+'&client_secret='+fb_secret+'&code='+fbCode+'&redirect_uri=http://www.facebook.com/connect/login_success.html'
I presume the problem lies with the second url (secret being passed indicates it's an app token) but then how do I get the user token?
Use the Facebook Connect plugin, instead of crafting the login procedure manually. It provides better usability as it is integrated with the Facebook native application or the iOS 6 Facebook functionality.
Related
I created a google app and in Google app marketplace sdk api filled all the required details and added scopes what i required. And created a webapp in chrome developer dashboard and submitted the app for testing. While first time installing the app from marketplace it get permission from user for the scopes i added in the google app marketplace sdk api. After i click allow it will just install the app. Here how can i retrieve Accesstoken and refresh token or Authorization code while user clicks allow?
I manually get Auth code using this api call:
""https://accounts.google.com/o/oauth2/auth?client_id=CLIENTID &redirect_uri=REDIRECT_URI&scope=email+profile+https://www.googleapis.com/auth/drive&response_type=code&access_type=offline""
In the redirected uri collects access and ref token using this api call:
String accessTokenUrl = "https://accounts.google.com/o/oauth2/token";
String accessTokenUrlParameters = "client_id=" + clientId + "&client_secret=" + clientSecret + "&redirect_uri="
+ redirectUri + "&grant_type=authorization_code&code=" + code;
String accessToken = null;
String refreshToken = null;
try {
HttpClient hc = new HttpClient();
hc.setURL(accessTokenUrl);
hc.setHeader("Content-Length", "" + Integer.toString(accessTokenUrlParameters.getBytes().length));
hc.doPost("application/x-www-form-urlencoded; charset=UTF-8");
}
In this type i get both access and refresh tokens but while installing app for first time how do i get access token using that permissions and scopes. The consent screen while installing app has url like this.
https://accounts.google.com/o/oauth2/auth?client_id=1234567890-1od573nk87eq712l7suam1hu9upa8tm2.apps.googleusercontent.com&origin=https%3A%2F%2Fapis.google.com&authuser=0&login_hint=abcdefghijk#gmail.com&response_type=token&redirect_uri=postmessage&hl=en&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile
but it doesnt have redirect uri and all. How to get access token while allowing this consent screen.
Ok, so what I am trying to do is a bit odd, so I can't find anything that gives me even a remote idea about how to do this.
I need to access my personal profile posts:
FB.api("/" + myPersonalUserId + "/feed", {limit: 5}, function(data){
console.log(data);
// do stuff with my user info
});
in order to display them on my personal webite, similar to a dynamic blog. But I want it to automatically retrieve these posts without my having to be signed in on each computer that wants to view my site.
Before you get sidetracked on the init, I am using an app and app id that my personal user account has verified access to all permissions.
I know it will require the use of an access token, but how do I get a valid access token without being logged into that computer?
Honestly, I'm starting to question if it is even possible, but if anyone knows how I could accomplish this, that would be awesome!
The best way to achieve this is to just cache the data in your own database and refresh it whenver the user uses your App again.
If that´s not good enough, you have to generate and store an Extended User Token. How to create one is explained in the docs:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Extended User Tokens are valid for 60 days, there is no User Token that is valid forever. And you should never use Tokens directly on the client, because some user could just copy it from the source. Tokens are meant to be secret, so use it on the server only. You don´t need to use the PHP SDK, a simple CURL call to the Graph API will do it:
https://graph.facebook.com/[your-app-scoped-id]/feed?access_token=[extended-user-token]
Ok, so I found a solution similar to the one above, but offers a permanent access token.
first, build a url:
url = 'https://graph.facebook.com/v2.5/' + {app user Id, not public Id} + '/feed';
url += '?access_token=' + {app Id} + '|' + {app secret};
url += '&fields=id,name,message,full_picture,created_time'; // these scopes should be approved by corresponding user
url += '&limit=5';
then run it by calling a simple ajax request. These variables should be served from the server through ajax, not hardcoded on the client
I'm having a lot of trouble with connecting to the spotify api on my mobile app.
I have been able to successfully able to get a token with this url:
"https://soundcloud.com/connect?client_id=" + client_id + "&response_type=token&redirect_uri=" + encodeURIComponent(redirect_uri) + "&state=" + Spotify.State + "&scope=" + encodeURIComponent(scope) + "&display=" + display;
However, this requires the user to click on connect every time they log into the app. Is there not a way to only have them authorize the app once?
I'm assuming that's what /oauth2/token is for, but when I change my &response_type=token to &response_type=code (above) so that I can pass the code into /oauth2/token it returns a redirect error (works fine with token).
I've looked around for samples but they are hard to come by. Any help would be greatly appreciated, even a point in the right direction.
I'm referring to the HTTP API guide (https://developers.soundcloud.com/docs/api/reference). I don't want to use a javascript plugin.
I am doing a project for school where I have to get all of my friend data, and the friend data of some of my friends, from facebook in order to make a graph of it. To do this I am planning on using facepy, but in order to do that I need an access token. My question is how do I obtain this access token?
facepy doesn't natively include a way for the OAuth process
https://github.com/jgorset/facepy/issues/22
You will need to use your own method or external library for the user to be guided via a web application.
For example using web.py and facepy to get me/posts with read_stream permission
import web
from facepy import GraphAPI
from urlparse import parse_qs
url = ('/', 'index')
app_id = "YOUR_APP_ID"
app_secret = "APP_SECRET"
post_login_url = "http://0.0.0.0:8080/"
user_data = web.input(code=None)
if not user_data.code:
dialog_url = ( "http://www.facebook.com/dialog/oauth?" +
"client_id=" + app_id +
"&redirect_uri=" + post_login_url +
"&scope=read_stream" )
return "<script>top.location.href='" + dialog_url + "'</script>"
else:
graph = GraphAPI()
response = graph.get(
path='oauth/access_token',
client_id=app_id,
client_secret=app_secret,
redirect_uri=post_login_url,
code=code
)
data = parse_qs(response)
graph = GraphAPI(data['access_token'][0])
graph.get('me/posts')
For more info see
* Facebook API - User Posts: http://developers.facebook.com/docs/reference/api/user/#posts
* Publish a Facebook Photo in Python – The Basic Sauce: http://philippeharewood.com/facebook/publish-a-facebook-photo-in-python-the-basic-sauce/
* Facebook and Python – The Basic Sauce: http://philippeharewood.com/facebook/facebook-and-python-the-basic-sauce/
Basically, you just have to log in.
If you go to the graph API overview page It will ask you to log in with your own facebook account. After that all of the links on the page will have an access token with permission to see whatever you can see.
I maintain an asp.net website and have a requirement to publish to the businesses facebook wall as the business.
We set up a facebook app to do so.
So what happens is after a user clicks a button on the website the program calls facebook with scope=publish_stream,offline_access,manage_pages parameter
Facebook returns a code
We call facebook again with something that looks like this
string.Concat("https://graph.facebook.com/oauth/access_token?client_id=" + facebookPostClientId,
"&redirect_uri=" + "blah.aspx", "&client_secret=" + facebookPostSecret, "&code=" + code )
Facebook returns an access token.
We then call facebook to get all the accounts with something like this:
https://graph.facebook.com/" + facebook_user_id + "/accounts?access_token=" + accessToken;
We then loop throught the accounts until we find the correct one and call facebook again with something like
https://graph.facebook.com/" + userName + "/feed?&access_token=" + accessToken + "&picture=" + picture + "&name=" + "Studentcard - Deal" + "&link=" + link + "&message=" + message + "&caption=" + caption + "&from=" + userName + "&to=" + userName;
It works after a fashion. IF the owner of the business who created the facebook app is logged on to facebook, then the processing works.
If anyone else is logged on then it doesn't.
The reason being that the bit where we call facebook to get all th accounts only works when the business owner is logged on to facebook.
I tried inserting the business owners facebook id inbto the code instead off the logged on users, but it doesn't work.
So what do I do? Is this the wrong way to go about this?
I realise this maybe a bit long winded, but I am new to facebook and am providing as much information as I think necessary.
Thanks in advance
Niall
The reason being that the bit where we call facebook to get all th accounts only works when the business owner is logged on to facebook.
Separate this part of the process. Get all the accounts, and then cache them in your database. Whenever you fail to get the accounts, just use the cached information and proceed normally (otherwise update the DB and proceed normally).