when I use
$facebook->api("/userId/feed/", 'POST', $attachment);
Facebook post to my friends wall who authenticated with my application.
I don't want this.
And when I use
$facebook->api("/me/feed/", 'POST', $attachment);
Facebook post to my feed only.
so I want my APP to post $attachment array to my feed (as me) and every authenticated user feed (as him) without posting to friends wall. (sure I have stream_publish permission from authentication process)
When you authenticate the user and the user authorizes your application's permissions, Facebook provides you with an access token for that specific user. You need to persist this access token in a database (or where ever you see fit). Each time you make a request to the Facebook API, you need to pass this access token.
So, you can post as a user on their own wall by using the /me/feed endpoint, but you need to pass the user's access token along with your request. The access token is how Facebook knows who "me" is referring to.
As an example, let's say I use your application. I authorize your application with my Facebook account and Facebook gives you an access token that represents me. I use your application to post a message on my wall: "Hello World!" You then submit a request to the /me/feed/ endpoint using my access token. The message "Hello World!" will show up on my Facebook wall and shows that it was posted by me.
Related
I've been reading documentation and Stack Overflow link all morning, but I'm just not understanding the correct process to authorize a web server to post to a Facebook page wall.
What I'm not clear on is why I have to post to Facebook as a Facebook User, using an access_token, meaning that this user has to log into Facebook manually to authorize my app.
I'm not trying to authorize a User, nor any of my visitors to do anything with their accounts, so I don't need any permissions from them. Instead, I'm trying to authorize my Web Server to post updates to its wall as a specific Page.
Why do I have to use a user access_token to do this? I'm not attempting to impersonate the user, I'm trying to post to the page as the page...
Is it possible to authorize a user and get their access token without having to create a login page on the Web Server? I don't want to have to require the user to login to make this work, I thought that was the point of having an app ID and Secret?
I guess my question is this: Is it not possible to allow a web server to post to a Facebook page wall as that page, without having to present a login dialog to a specific user? If it is possible, what is the correct workflow to set this up?
In order to post to a Page as a Page, you have to use a Page Access Token. You get that with a User Access Token, and you can extend it so it will stay valid forever.
Steps:
Request a User Access Token with the manage_pages permission (valid for up to 2 hours)
Extend the User Access Token (valid for up to 60 days)
Get the Extended Page Access Token for your Page with the User Session
Store and User The Page Access Token in the publish call
It may sound a bit complicated, but there are many tutorials for this and you don´t actually need to program it, you can just use the Graph API Explorer.
Here are some Links about the Access Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/ (see "Extended Page Access Token" for a step by step tutorial)
I have read some introduction about Facebook's access token on http://www.devils-heaven.com/facebook-access-tokens/
What I want to ask is that can the page access token of Facebook be used as a permanent token if I just want to post something on the wall like user access token?
First of all don't ever follow the third-party documentation for the facebook integration. They have the official documentation pls follow that. For access tokens read here.
What I want to ask is that can the page access token of Facebook be used as a permanent token if I just want to post something on the wall like user access token?
Its actually a vague question. It depends on what kind of posting you want to do. For eg:
If you want to post on a user's wall- there's nothing that a page access token can do
If you want to post a user's group/event etc. wall, again page access token has nothing to do with it.
If you want to post on a page, then yes you have to use the page access token in order to post on behalf of page itself.
Page access tokens are used in Graph API calls to manage Facebook Pages. To generate a page access token, an admin of the page must grant an extended permission called manage_pages. Once this permission has been granted, you can retrieve the page access token using the following Graph API request:
GET /{user-id}/accounts
You can also extend a page access token that will never expire. See here how to do that!
Don't think as developer yet. I'm a Facebook "normal user" and I'm logged. Then I access a friend 'X' profile. As a friend, I can see all the friends of friend X through this url:
https://www.facebook.com/friendx/friends
Fine... I can close the browser and, when I open it again, I can access the same url and see my friend's friends. And it's fine, because there is a cookie telling the server who I am.
But now, I'm still logged and I wanna retrieve all the friends of friend X throught graph api request, so i access this url:
https://graph.facebook.com/friendx/friends
And the error is, according to the documentation, expect:
An access token is required to request this resource.
I can't understand why facebook needs an access token. I'm logged in both cases. That cookie, in the second situation, is useless when I try to access the same information through graph api request.
What I wanna mean is: I don't wanna parse a whole html page to know who are friends of my friend. Parsing json is much easily.
The Facebook API requires authentication from the user to make that GET request, therefore you need an access_token saying that the user gave permission for you to access their friends list.
You cannot get an access_token from your cookies as it has to be generated via the API after the user approves your app.
If you want to test the graph API consider using the Graph API Explorer to generate an access token and generate the request but you should not use this as a solution to your answer.
consider reading the facebook documentation on access_tokens to further understand how the facebook API and authentication work.
The facebook GraphAPI doesnt allow us to collect the data which belongs to someone else. As you said you can access the friend's friend but at that time you are not collecting data for personal use, so that is allowed. That data is public so you can access, but I certainly doubt that they do allow us to access that data through GraphAPI or any other API. Also scrapping Facebook data is not against the facebook policies.
I'm using php sdk to have an app post to a wall of a random page as an app, not admin.
$facebook->api('/'.$page_id.'/feed/', 'post', $attachment);
Error returned is:
The user hasn't authorized the application to perform this action
The facebook object already has a app id and app secret, so access token for app is set, yet it won't allow the app to post to a page.
What am I missing here?
The user who is using your app needs to give your app permission to post on their behalf - if you want to post as the page itself you should read the page login docs at https://developers.facebook.com/docs/howtos/login/login-as-page and ensure you're definitely using the Page Access Token to make the post
I am wondering if it is possible to post to the wall of the Facebook app page created for using Facebook in iOS. Rather than use the user login to post to their own wall, I would like to post to the app's page with updates on open games. Is this possible to do?
Yes, it's possible. From http://developers.facebook.com/docs/reference/api/application/:
To perform the following operations as an Application Page, and not the current user, you must use the Application's Page access token, not the user access token commonly used for modifying Graph API objects nor the Application access token. This access token can be retrieved by issuing an HTTP GET to /USER_ID/accounts with the manage_pages permission. This will return a list of Pages (including Application profile pages) to which the user has administrative access, along with an access_token for each Page.
…
You can create a link, post or status message by issuing an HTTP POST request to the APP_ID/feed connection. To see more details please see links, posts, and status messages documentation.
To impersonate the Application when posting to the wall (i.e. post as the Application, and not the current user), you must use an Application Page access_token with the manage_pages and publish_stream permissions, as described under Application Access Tokens above.
So you first have to ask the API for an Application Page access token and then use this access token to post on the wall. The Facebook iOS SDK helps to construct the Graph API calls mentioned in the documentation cited above.