Having an application token, a user who authorized the application with manage_pages permission, how can I access to the pages this particular user is admin of?
You can't, you need a user access token for that permission as outlined in the docs
https://developers.facebook.com/docs/reference/api/user/ (look for accounts)
You don t need an application token but a user access token to access those pages
Related
My application authenticates users via Facebook. It requests user token for permissions public_profile and user_photos.
One day I found that all registered users have only public_profile, and application have no access to their photos, because I did not get approve from Facebook for user_photos permission.
After all I got this approve, and tokens of new users logged in via Facebook have user_photos permission.
But legacy users have no, their tokens did not updated automatically to obtain additional user_photos permission.
Is there a way to refresh a Facebook token, without logout and login again?
You can´t just refresh a Token without user interaction, that would make the whole point of permission authorization pointless. You can just check for the granted permissions and call FB.login (if using the JS SDK) again if some permission is missing: https://developers.facebook.com/docs/graph-api/reference/user/permissions/
This may be interesting for you too: https://developers.facebook.com/docs/facebook-login/handling-declined-permissions/
I'm using a Facebook app (in development mode) to generate a page access token so that my personal web app can schedule/edit/delete posts on a Facebook fan page.
I'm using the Graph Explorer to generate the token while logged in as the admin of the fan page.
When I use that token, I'm able to GET a list of the scheduled posts, but whenever I try to edit or delete a post, I get this error:
"User does not have sufficient administrative permission for this action on this page."
Here is the debug of the token:
Any ideas on how to fix this?
Here according to the documentation
DELETING YOUR POST
These are the permissions you need in the scope of your token.
To delete a user's post, a user access token with publish_actions permission is required.
To delete a Page's post a Page access token and publish_pages permission is required.
To delete a User's post on Page a Page access token is required.
To delete another User's post on a Page-owned event the user_managed_groups permission is required.
UPDATING YOUR POST
A user access token with publish_actions permission.
SO you need publish_actions permission within the scope of your token.
Update 1
Also check here if you have the valid page role
I need to send private replies to page comments from my website. I am admin of the page and app.
Facebook's graph's api doc states following: "A Page access token with the read_page_mailboxes permission is required to create a message" but does not say, how to get the token with such permission.
I have tried tokens from "me/accounts", "/{page_id}?fields=access_token" and even generated 60 day access token from graph api explorer, but I get "OAuthException" with message "Requires read_page_mailboxes permission to manage the object". Any ideas?
To get a permanent Page Access Token with the additional permission 'read_page_mailboxes' you have to:
Generate a User Access Token with the permission 'read_page_mailboxes' for your app (use the Graph API Explorer) -> this generates a 24h User Access Token
Extend this User Access Token to "expires never" (using the Access Token Debugger)
Get a permanent Page Access Token with this User Access Token (using the Graph API Explorer on your Page Id)
See also:
facebook: permanent Page Access Token?
Note: You don't need to request this permission through developers.facebook.com/apps - "App Review" - "Submission" - "Add Items"
You need to ask the user for that permission during login, of course – like with any other permission.
It is the user (page admin), that grants this permission. Only after that is done, the page access token will “include” that permission.
I am administrator of facebook page which DOES NOT have a classic facebook account assigned. So I am not able to create any facebook application as you can see in Picture 1. How can I obtain long lived (never expiring) page access token, which I need to use Graph API? I need to post messages to the facebook page from my server.
Thanks for advice
You do need a User account that is admin of the Facebook Page in order to get a Page Token. Without a User account, it is not possible.
Here´s what you need to do:
Authorize the User account in the App - which means, get a User Access Token
Extend the User Token
Get an Extended Page Token with /me/accounts or /[page-id]?fields=access_token
Some Links for more information:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
I am wondering if it is possible to obtain an extended access token for facebook pages that do not have a facebook profile set as it's administrator. I see it is possible to create a facebook page without setting a user profile as the admin and having those pages auth with my app.
For pages that do have a facebook profile as it's administrator, I am able to extend the short lived access token when requesting the manage_pages permission. But I'm not if there is no user associated with it.
The documentation describes this process for extending page tokens.
Apps can retrieve a Page access token from Page admin users when they
authenticate with the manage_pages permission. If the user access
token used to retrieve this Page access token is short-lived, the Page
access token will also be short-lived.
To get a longer-lived Page access token, exchange the User access
token for a long-lived one, as above, and then request the Page token.
The resulting Page access token will not have an expiry time at all.
Extending Access Tokens Documentation
I am wondering if it's possible to obtain extended access tokens for pages when there is no admin associated with the page.
All pages must be owned by a user account, either a regular user account or a business account - and both work in the same way as far as the API is concerned, at least for login (business accounts don't have names, a timeline, friends, etc so are obviously not the exact same, but they log in and grant access to apps the same way)
I just tested a few minutes ago using the my app, a business account and the server side oauth flow and received a long expiry (approx 60 day) token correctly when exchanging the business account's code for an access token
I was then able go through the flow again, this time asking for manage_pages permission and was able to use the token to retrieve a non-expiring page access token for a page the account manages using the regular process (a call to /me/accounts or `/?fields=access_token)