In the Facebook documentation about Login the user with Facebook APP they say:
"Because it requires you to include your App Secret you should not attempt to make this call client-side as that would expose this secret to all your app users. It is important that your App Secret is never shared with anyone".
I understend it is about APP Secret, but what about the Developer ID?
The developer ID is added in the URL address of the window for login the user with Facebook:
https://www.facebook.com/dialog/oauth?client_id=APP_ID&redirect_uri=...&state=...&scope=...
The APP_ID can be copied and used by anyone.
I tryed with JavaScript SDK, and with PHP SDK, but in both cases the developer ID appears in the address bar.
I tryed also the get and display the page from that URL address using cURL, but of course not works.
Is there any way to login the users in my web site using Facebook, without revealing the developer ID?
Or, it doesn't matter if someone uses your Facebook APP ID?
you could try using iframes? not a very good solution for the problem because it's still very much available but at least it's not in the address bar.
It doesn't matter, this is essentially public information.
Related
I am doing a static web page in my website, in which I am showing the like count of particular Facebook page. There is no kind of login required to see this web page. Also, I don't want to user to login with their Facebook account to see the Facebook page like count.
I have implemented this requirement by using Facebook app token.
API: "https://graph.facebook.com/PAGE_ID?access_token=APP_TOKEN"
But the problem here is, If I use the app token of already approved app by Facebook with some permissions (manage_pages) exists, it works. It is not working for the app token of newly created Facebook app.
I have sent the app for review to Facebook by requesting manage_pages permission, but they rejected the app and said that my website doesn't have the Facebook login functionality implemented.
Since it is not documented clearly, I have a doubt that do the app need to send for review if I want to get the Facebook page like count without Facebook login (By using Facebook app token)? If yes, what permission do I want to request?
Any help would be much appreciated.
First of all, you need to learn what Tokens there are:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
For your problem, you can just use an App Access Token. There is no need for any permission or Login Review, the links above tell you exactly how to create one. Make sure you never use the Token on the client, especially because it includes the App Secret. Do the API call on the server only (file_get_contents or curl, if you use PHP).
If by "it does not work" you mean that you only get the id and the name, then it´s not about "not working", you need to read the changelog and search for "Declarative Fields": https://developers.facebook.com/docs/apps/changelog#v2_4
So if you want to get more than just id and name, the API call would be like this: https://graph.facebook.com/936299239766048?access_token=YOURAPPTOKEN&fields=id,name,likes,...
I have a Facebook App where it can be installed on a users page and then their clients can make bookings with them. As such, the app needs to know who installed the app on their Page, not so much who is currently using it.
I can do this on the web app using signed_request and Page Id. Signed request is not available on Mobile Facebook apps though. Is there any other way of identifying the installed user?
No, in order to get the user's information you'll need them to Login to the app and give you permission to see their data; the workaround you're using elsewhere with the signed_request doesn't apply, because that's specific to page tab apps, and only gives you the 'like' status, not the user ID
on the facebook developers site it recommends using the OAuth Dialog where you use
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE
replacing the the YOUR_APP_ID and YOUR_CANVAS_PAGE with what you have
my question is where am I supposed to put this?
do I put this somewhere on my index.php for my canvas page?
or aside from creating your app, do I need to make a website where info of my app should be displayed together with a link to my app using the OAuth Dialog?
You need to create website that will have the content of the app, since facebook will display it in the iframe.
As for the link you mentioned, it is used to get permissions (basic information, user's email etc). If you need that kind of information about the user, you have to redirect him there so he can grant the permission. If your app doesn't require any information about the user, you can just skip the authorization part.
A while back I created an app ID on facebook and added the appropriate meta data to a website. I now want to continue adding facebook-related features to the site, but it seems the app is not related to my account afterall.
I must have created it under a different account or something, but how can I find who the owner is based on an App ID? I have existing likes, so I don't really want to change the App ID. I don't see any way in the UI, and I do not see the app when I go to the Developer app. Is there a way to do it using the Graph API?
If you have access to the app id and the app secret but no access to the app within Facebook it is possible to discover the creator_uid and from there the email address of the app owner using the graph api.
First get an app access token:
https://graph.facebook.com/oauth/access_token?client_id={APP_ID}&client_secret={APP_SECRET}&grant_type=client_credentials
With this you can get the creator_uid:
https://graph.facebook.com/{APP_ID}?access_token={APP_ACCESS_TOKEN}&fields=creator_uid
Using the app token you will then get the email address when looking up the creator_uid in the graph api:
https://graph.facebook.com/{creator_uid}?access_token={APP_ACCESS_TOKEN}
EDIT (Jan 2013)
Looks like Facebook have removed app profile pages so that method no longer works.
Option 1
You could return the app object, which stores all the populated information about the app by requesting:
https://graph.facebook.com/xxxxxxxxxxxxxxx
Option 2 (This method no longer works)
Or, you could visit the app's profile page and contact the developer directly using the 'contact developer' link:
http://www.facebook.com/apps/application.php?id=xxxxxxxxxxxxxx
(you'll need to replace xxxxxxxxxxx with your app id)
I got this working. If you have both app id and app secret then you can try below steps to get the owner details.
Get the access token using id and secret of the facebook app.
https://graph.facebook.com/oauth/access_token?client_id={APP_ID}&client_secret={APP_SECRET}&grant_type=client_credentials
Using the access token you can call the below API to get a list of administrators of the app.
https://graph.facebook.com/{APP_ID}?fields=id,name,roles&access_token={ACCESS_TOKEN}
Retrieve the owner profile details by,
https://www.facebook.com/{USER_ID}
I have a similar problem, in that I have the id and the secret but no access to the app within facebook.
I haven't found a way to see who owns does have access to the app. But I have found a way to contact a dev
First get the app access token.
https://graph.facebook.com/oauth/access_token?client_id={APP_ID}&client_secret={APP_SECRET}&grant_type=client_credentials
Then get the address:
https://graph.facebook.com/{APP_ID}?access_token={APP_ACCESS_TOKEN}
I've been trying to figure out a way to have my iframe Facebook app (built in PHP) work without requiring separate authentication methods. I am already logged into Facebook, but for some reason I still see all these Oauth notices from the example in the PHP SDK.
The only data I need is publicly available even without them "adding" my app. I am looking to collect their Facebook ID (since this is a contest, we need a unique ID for tracking), their name and (optionally) their email address as well.
The problem is, I cannot use the API to fetch the public information unless I already know their Facebook username. Any ideas on how I might be able to get their logged-in username or public handle so I can then fetch the rest of the information?
For whatever reason, Oauth is driving me completely insane with Facebook today.
Sidenote:
I did manage to technically get the Javascript SDK operational, which fed some information to PHP for use. The only issue there is that once I login, I don't see the data. If I refresh...then it shows up. Unsure why the refresh is required, as I wouldn't expect a user to actually have to hit refresh in order to proceed with the app.
I guess you are a bit confused here, Facebook will NOT share the username, id, full name or email without the user explicitly authorizing/allowing your application (and in the case of the email, requesting the email permission!).
Read the official Canvas Tutorial for more information:
In order to gain access to all the user information available to your
app by default (like the user's Facebook ID), the user must authorize
your app.