I want to post on my facebook friends wall using my facebook app. I have already set the sufficient permissions like publish_stream, offline_access for it and I am using it's Graph API with PHP but it post to only those who are either the developer of the app or the administrator of the app. I dont know where i am doing the mistake. However one of my friend has successfully done it through objective c(iphone) code. I checked his code he was doing the same way as I am doing. Please help me over it. Here is my code and I am using facebook sdk 3.0 -:
if(isset($_POST['submit'])) {
$sendTo = $_POST['friend'];
$link = $_POST['link'];
$message = $_POST['message'];
$attachment = array('message' => $message, 'link' => $link );
if($result = $facebook->api("/$sendTo/feed/",'post', $attachment))
{
$feedbackMessage = "Message sent to friend $sendTo";
}
else
{
$feedbackMessage = "Oops something went wrong";
}
}
First of all, I would suggest that you will take a look at the recent update to facebook developers roadmap:
https://developers.facebook.com/roadmap/
February 2013 Breaking Change:
"Removing ability to post to friends walls via Graph API
We will remove the ability to post to a user's friends' walls via the Graph API. Specifically, posts against [user_id]/feed where [user_id] is different from the session user, or stream.publish calls where the target_id user is different from the session user, will fail. If you want to allow people to post to their friends' timelines, invoke the feed dialog. Stories that include friends via user mentions tagging or action tagging will show up on the friend’s timeline (assuming the friend approves the tag). For more info, see this blog post."
As mentioned by CBroe, the fact that only app administrators/developers can post might be related to the sandbox settings.
Anyway, the api should return a detailed error.
Related
I am trying to do something like this. Lets say a user used FB Connect for registration in our site, so I can get the "uid" of facebook and I can store in DB. Now what I want each time that user will visit a store details page or item details page I will post that store/item image with link, photo, description etc to FB timeline.
Something like this:
$post_id = $facebook->api('/me/feed/', 'post', array(
'message' => $products_name, // item name
'link' => 'http://www.blabla.com/item/myshoes', // item url
'picture' => $fb_img_src, // item image
'caption' => $products_name, // item name for caption
'description' => $products_description // item description
));
} catch (FacebookApiException $e) {
$user = null;
}
This process works fine if user logged in to FB by using our FB app. But as I said I want to post if they not even logged in by using their facebook "uid".
Is it possible to authenticate that user depending on facebook "uid"?
Thanks in advance! Any clue/help will be appreciated!
I strongly believe that posting anything to user's Facebook without their's consent or even their action will surely and quickly encourage them to leave your site forever. Do not do this.
Anyway - to answer your question:
Yes, it is possible to get access to user's Facebook and "do stuff", especially when a user is logged in both on Facebook and on your site. You just need to obtain user's access token (read about it in the docs), and make sure the users grants your app all aproppriate permissions. There are also access tokens that can be used offline (user is not even online), but I'm not going to discuss it here.
One way to obtains user's access token is to redirect the user to FB login url providing your APP_ID (as described in FB developers docs). FB will then redirect the user to your Fb-login URL with access code/access token, which enables you to do something like posting to users timeline.
Of course actions that you can take are limited according to permissions said user has granted for your app. And I have to remind you - it's a thin ice you're stepping on.
I'm making a simple Facebook app that posts updates to the user's timeline using node.js and Facebook's Open Graph API. Even though I can see the posts I make using the OG API on my timeline (and it has the globe icon identifying that it's a public post, see pic below), none in my FB friend network can see it.
Here's a screenie of a public post I made via OG API showing up on my timeline, along with a post from a 3rd party app (Pool practice) for comparison:
Now here's the screenie of my friend's timeline showing only the Pool Practice post, the post from my app is nowhere to be seen...
I've checked the app settings and permissions as well as the OG API options, but haven't seen anything that points to how I can solve this problem. Here's the node.js code I'm using to post the updates:
// app permissions set to 'publish_actions' and 'publish_stream'
// I do the auth dance here to get the access_token and store it in session as fb_token
var request = require( 'superagent' ); // module from TJ Holowaychuk similar to "request"
request
.post( 'https://graph.facebook.com/me/feed?access_token=' + req.session.fb_token )
.send( { message: 'posting via node.js' } )
.set( 'Content-Type', 'application/x-www-form-urlencoded' )
.end( function( response ) {
log( response );
});
The code above works and the post shows up on my timeline, but no one else is able to see it.
Anyone know a way out of this?
you need to submit each action for Facebook validation before your friends can view it. Only users defined as developpers for the app are allowed to view those timeline messages.
If there any way to check in PHP SDK if user can write on specific friend's Wall?
Example:
if ($facebook_can_write_to->'123456789') echo "You can write on this friend's Wall";
Using the FQL table (http://developers.facebook.com/docs/reference/fql/user/) you can check to see if the current user can post to a friends wall by loading up the friend's user information specifically the can_post field.
can_post bool Whether or not the viewer can post to the user's Wall.
According to the documentation you can post on a user friends wall if that user granted you the *publish_stream* permission:
publish_stream
Enables your app to post content, comments, and likes to a user's
stream and to the streams of the user's friends.
There are some cases in which you won't be able to do so, for example if some user blocked your application then I guess it will fail if you try, so you should just check the response you get back from facebook for the api request and see if it worked or not.
Edit
As far as I'm aware you can not ask the api (nor via fql) "can my application post to this users wall", you can only ask "have this user granted my application the publish_stream permission".
If I understand what you want, I might have kind of a solution for you though.
I say show the user the option to post on a friends wall.
When the user chooses this option try to post on the friends wall (and I assume you are using ajax for that call), if it fails return some kind of code, then in the client side check for that code, if it returns use the javascript sdk to open a dialog.
You have two choices for dialogs, you can use the Feed Dialog like this:
var obj = {
method: 'feed',
to: "FRIEND_ID",
name: 'A message',
caption: 'Just trying something',
description: 'This is how to post on a friends wall'
};
FB.ui(obj, function(response) { console.log(response); });
Or you can use the Send Dialog:
FB.ui({
method: 'send',
to: "FRIEND_ID",
name: 'A message',
link: 'LINK_URL',
});
With this one though you have to post a link, I'm not sure if that works for you. After you tried and failed for a user you can save that data and use it later.
My website application having feature login with Facebook login. And for which my app is present on Facebook. Login with facebook is working fine.
But application have feature of linking and unlinking facebook account to Facebook app.
How to check FB account is linked with specific FB app or not?
And how to unlink FB account from specific FB app if linked (On that user's request )?
("Linked" means we select "Allow" to FB app on request)
With the new Graph there is a documented way to deauthorize (I've tested it in the Graph API explorer and it works). Send an HTTP Delete command to "me/permissions" with a valid access token. Not only will it invalidate the access token, but it also removes the app from the user's list of auth apps. This requires the user to authorize the app again (going thru the permissions screens) to use it. Happy coding!
Please note Facebook in the process of deprecating the REST API, and have adding equivalent support to the Graph API User object for "auth.revokeAuthorization" method.
//$this->facebook is facebook object
//$userid is of logged in user or can be written hardcoded.
For checking linked in or not by making api call.
$user_id = $this->facebook->getUser();
$result = $this->facebook->api(array(
'method' => 'fql.query',
'query' => "SELECT is_app_user FROM user WHERE uid=$user_id"
));
$is_installed = $result[0]['is_app_user'];
if($is_installed==1) {
echo 'Linked';
}
else {
echo 'Not Linked';
}
For delinking or deauthorization the user by making app call:
$user_id = $this->facebook->getUser();
$access_token=$this->facebook->getAccessToken();
$result = $this->facebook->api(array(
'method' => 'auth.revokeAuthorization',
'uid' =>$user_id,
'access_token'=>$access_token
));
This can easily achieved with simple FQL query:
SELECT uid FROM user WHERE uid = {USER_ID_HERE} AND is_app_user = true
This will return uid of user if he is connected with app and nothing otherwise
Make an API call to /{USER_ID}/permissions with your App access token and it will show if that user has authorised your app
You can also check with the user's access token if you have one.
The response type will be something like this:
{
"data": [
{
"installed": 1,
"bookmarked": 1
}
]
}
There'll be one entry there for each extended permission the user has granted your app and the installed line means they've installed your app
For a user who hasn't installed your app the response will be:
{
"data": [
]
}
You can also use FQL as Juicy Scripter suggests in another answer
Here's how to deauthorize your app using Facebook iOS SDK v4:
#import <FBSDKCoreKit/FBSDKCoreKit.h>
...
NSString *graphPath = [NSString stringWithFormat:#"/%#/permissions", [FBSDKAccessToken currentAccessToken].userID];
[[[FBSDKGraphRequest alloc] initWithGraphPath:graphPath parameters:nil HTTPMethod:#"DELETE"]
startWithCompletionHandler:^(FBSDKGraphRequestConnection *connection, id result, NSError *error) {
if ( !error ) {
NSLog(#"Facebook unlinked");
}
}];
Through the Graph API, from the docs (thanks #DMCS):
You can de-authorize an application or revoke a specific extended
permissions on behalf of a user by issuing an HTTP DELETE request to
PROFILE_ID/permissions with a user access_token for that app.
The olds REST API offers you auth.revokeAuthorization. You can read more about that on the auth.revokeAuthorization docs.
Be aware that the REST API will be deprecated in the future, although Facebook doesn't specify when exactly.
I am not aware of any way to get a list of apps a given user is connected to, or see any reason Facebook would make that available. To see if a user is connected to your app, the other answers here should provide you with a couple of ideas.
I am trying to make an app that has permission to post on user's wall. I have got the publish_stream rights from the user as well as offline access just to make sure. However now when I try to post on the app's subscribers wall using:
$status = $facebook->api("/$user_id/feed", 'POST', array('message' => "$msg"));
However when I do that then instead of posting on subscriber's wall from app it posts from the subscriber's name.
For example, let's say my app name is MyApp and I have a subscriber name Sub1. If, from my interface, I try to post a message 'Test message', it posts on Sub1's wall not by name of MyApp but instead the user himself. Can anyone tell me what might be wrong?