I use the following code:
$access_token = $object->getAccessToken();
This method sometimes generated an access token (118-char string)
and sometimes it's a 49-character string with a pipe symbol which does not work properly.
Can I use same access token to post feed with different user id?
Why do access tokens not work properly in safari with iframe & non iframe?
Is there any link do access token documentation?
Firs of all there are two type of tokens that are generated by Facebook
Application without User
When there is no user using the application the application uses what is known as "App Access Token". The app access token can be represented as
<APP ID>|<APP Secret>
This token can retrieve all the public domain information for different Objects in Facebook, like it can be used to retrieve basic information about a User with specific ID, likes on a Public Page, Public Posts on a Page.
Application with User
When User authorizes the application Facebook generates a "User Access Token" which is the access token with longer length. You can't use User Access Token of one user to do the actions on behalf of another User and if you try the action will be done as the User for whom the token was generated for(If you are not Using Extended Access Token it will also expire).
There is issue in setting the Cookies within an iframe in the safari due to which there is some issues in the application working.
For further clarification on Access Token check this documentation
Related
I've read alot of topis, alot of docs. Literally i read them since morning.
From what I got there are few kind types of tokens: App token, App access token, User Token, User access token, Page access token.
While tokens with access allow some kind of action. the non-access tokens seem to allow me to generate a token of access type. Corrent me if I'm wrong. Docs are terrible and some answers are outdated due to facebook updates.
So basically, what I look for is to be able to:
$permanent_token = 'A token, which will allow me to generate access tokens whenever I request';
// And that token could be used for:
file_get_contents('https://graph.facebook.com/v2.1/me/accounts/?access_token='.$permanent_token);
// Some code here to extract page access token and write it to variable $app_token
file_get_contents('https://graph.facebook.com/v2.1/{page_id}/ratings/?access_token='.$app_token);
// Note: I may've missed some steps... those are the ones I lack I think.
Without having to make any user (including me) to login. It's more like I need some kind of API Key and method to generate access token.
And would prefer NOT to use facebook SDK. Just pure graph url calls.
This is the most import page to read about Access Tokens: https://developers.facebook.com/docs/facebook-login/access-tokens
There is the App Token, the User Token and the Page Token. A User Token can be extended to 60 days, a Page Token can be extended to be valid forever.
/me/accounts needs a User token, so there is no permanent Token to use that endpoint.
/{page_id}/ratings/ needs a Page Token and you probably want an extended one.
How to get an Extended Page Token is explained very well int he Facebook docs, here are some articles:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
Btw, i suggest not using file_get_contents but CURL.
And in order to get a User Token or Page Token, you MUST authorize/login with a User account. One that is admin of the Page, obviously.
If You are trying to get photos and captions like me, You could do like this:
Enter on facebook developer page: facebook developer
Create an app to the page. (I created to a not mine page)
Access on facebook developer menu: Tools & support and select access token tools.
There you'll find: User token - App token.(There some important text on the top)
copy App token. (should not be hard coded where is possible to see like on javascript)
create a php file to return a JSON.
use file_get_contents($url) function to get a facebook JSON.
echo the file_get_contents return.
finally, get on your page your own returned JSON from the created php file with the data desired and use it.
Obs: My URL is something like this: https://graph.facebook.com/desiredpage/photos?type=uploaded&access_token=013245667890|qwer-adsFGsfgsdGsfg
pay attention to the token on the URL that I pasted.
I need to get FaceBook access token using appid and app secret in C# windows application. Actually i did below coding, but getting app token only not getting the access token.
how to achieve to retrieve access token.?
FacebookClient client = new FacebookClient();
dynamic result = client.Get("oauth/access_token", new
{
client_id = "1498796747020950",
client_secret = "c50341f5b4e42a595f0791467f439e38",
grant_type = "client_credentials"
});
var accessToken = result.access_token;
The token that you are requesting is an app access token which can not be used with every API call (instead its usage is very limited).
Let me try to elaborate the access tokens and OAuth 2.0 to make the concepts clear.
OAuth 2.0
With the standard OAuth 2.0 implementation, the first step is to invoke the OAuth Dialog of the service provider (facebook)-
\GET http://www.facebook.com/dialog/oauth
Parameters-
client_id (APP ID)
redirect_uri (App's Redirect Url)
scope (permissions - optional)
Returns-
code (appended with the redirect url)
After the user successfully authenticated the app, a code is returned by the service provider(facebook) appended with the redirect_url passed. So you'll be redirected to-
{redirect-url}?code=XXXXXXXXXXXXXXXXX
We use this code then and request for the access_token-
\GET https://graph.facebook.com/oauth/access_token
Parameters-
client_id (APP ID)
client_secret (APP Secret)
code
redirect_uri
If you dont want to build this manual flow, you can use the SDKs that take care of this flow. It will just invoke the outh dialog and if success will give you the access token in response. Facebook provides official SDKs for iOS, Android, Javascript and PHP; also there are other third-party SDKs.
Now this will give us an access token, to be more precise- a user access token. This is only process required to obtain a user access token (i.e. user engagement is required). What you were requesting was an app access token, I'll now elaborate facebook access tokens-
Access Tokens
There are 3 types of access tokens to support different use cases:
User Access Token - The user token is the most commonly used type of token. This kind of access token is needed any time the app calls an API to read, modify or write a specific person's Facebook data on their behalf. I've explained the detailed process of obtaining this token.
App Access Token - App access tokens are used to make requests to Facebook APIs on behalf of an app rather than a user. This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.
Except these there's nothing an app access token can do. And its like a password of your app so it is important that your app secret is never shared with anyone. This can be obtained by the API call that you have mentioned in the question-
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
or directly from here, or simply use {app-id}|{app-secret}
Page Access Token- Page access tokens are used in Graph API calls to manage Facebook Pages. To generate a page access token, an admin of the page must grant an extended permission called manage_pages. Once this permission has been granted, you can retrieve the page access token using the following Graph API request:
/GET /{page-id}?fields=access_token
Reference
I'm not really sure if this all was significant to you but I hope it helps you clearing some doubts regarding the same.
If the app access token is significant to you, you can use it by any of three methods I've mentioned. If not, user access token is what required to you which cannot be obtained without user interaction.
I'm new to the Facebook Graph API!
I want to display the 5 latest news feed items from my public Facebook page. I understand you can do that through https://graph.facebook.com/cocacola/feed/?limit=5, but it requires an access token, however, https://graph.facebook.com/cocacola doesn't.
When these access tokens are generated through Facebook's Graph API Explorer, what permissions are given for the token? Just the information already displayed in the above link?
So would it be safe to use the access token via cURL's PHP? I only need read access. Would it be insecure to display the access token in the source code? I'm confused as to why the latter link doesn't need an access token while the /feed/ does, even though it's a public facebook page.
when you use your app in a website there is a parameter that defines how much access you have from the user, u can set up params like, email, photo_stream, friend_stream, etc. when the user accepts the conditions, the generated AUTH TOKEN has permisions from that scope.
I have a Facebook app and I can retrieve the App Token by calling
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&client_secret=YOUR_APP_SECRET
&grant_type=client_credentials
as specified on the Authenticating as an App page. I see this app token is also available in the Access Token Tool page along with a User Token for the app. I need the User Token in order to do a /USER_ID/accounts on users that have already approved my app with the manage_pages permissions.
Basically I wish to post to a users Facebook page when they submit an article to my app. Some users are in locations where Facebook is blocked, thus I can't use the regular Javascript SDK.
Edit 1: I understand the concept of user access tokens and retrieving them via the SDK with the OAuth redirect. My question is in regards to the User Token for an app as seen in the Access Token Tool page, not a user access token (which requires client access to Facebook)
In order to get a user token without using the javascript SDK, you need to authenticate the user using the OAuth dialog redirect. Essentially, you prompt the user to fetch a code from Facebook that you can exchange for an access token. At this point you should store the access token and re-use it for all requests that require authentication. Keep in mind though that you will need to detect when the token is expired or invalidated, and if so you will need to re-issue the authentication redirect & token exchange process.
I wonder is it possible to access user's wall info without passing his/her access token?
for example, I will just pass my app secret token and app id. and FB user already allows to access his/her info from my app. Facebook does the checking and matching of my app and my app's user by just using my app secret token and app id.
Because I found some topics similar to that.
http://forum.developers.facebook.net/viewtopic.php?pid=9172
When I check Rest FB doc,it says like that.
http://restfb.com/javadoc/index.html
public DefaultFacebookClient()
Creates a Facebook Graph API client with no access token.
Without an access token, you can view and search public graph data but can't do much else.
I doubt that it will work or not without access token.
can everyone share me ideas or any possible similar approaches ?
Thanks.
You will need to ask the users to authorize your app for offline access. You will be able to access the user's wall even if the user is offline, but you still need the access token. It is part of Facebook's security measures.
There are two types of access tokens:
Session based: expires in a short term, are used when the user will be logged to FB every time you need to perform an operation.
Offline access: do not expire and allow the app to perform operations for the user in any moment. This requires the offline_access permission when the app is authorized.
Check here: http://developers.facebook.com/docs/authentication/ for the oauth mechanism and here: http://developers.facebook.com/docs/authentication/permissions/ for the permissions list.
The REST API is deprecated and it is strongly suggested that you don't use it anymore. Furthermore, from this October you will be allowed to use only the Oauth2 authentication (see When is Facebook turning off their session based auth?)
Without token you can only access public information.
Public data
From RestFB homepage :
// It's also possible to create a client that can only access
// publicly-visible data - no access token required.
FacebookClient publicOnlyFacebookClient = new DefaultFacebookClient();
If the user does not protect his posts, then you can access everything without token. But most of user do protect their data and then you need a valid user access token to read the data.
Private data
When you say "FB user already allows to access his/her info from my app" it means that the user has clicked on "Allow app" in the web browser and at that moment here Facebook will give you a token. You can after use that token with RestFB :
FacebookClient facebookClient = new DefaultFacebookClient(USER_ACCESS_TOKEN);
User user = facebookClient.fetchObject("me", User.class);
out.println("User name: " + user.getName());
By default, the token will expire a few hours later. If you ask for the offline_access permission, the token will be valid for ever (as long as the user does not remove the permission for your app in his settings). You should store that token in your database to be able to use it when you need.
Get the user token
You cannot get the user token with RestFB. On the RestFB homepage, you can read :
Non-goals: [...] Providing a mechanism for obtaining session keys or OAuth access tokens
Because you need a browser to do so : the user has to authenticate and authorize your app on Facebook website (the popup that shows).
What you can do is to have a PHP page on which your users have to go to authorize your app. You can read this stackoverflow answer that explains how to use the Facebook PHP SDK to do so.
Hope that helps !