there is a problem with my access token. I have made my own application, and I took the permission from the facebook user, who is me. And also I have given the same permissions to the facebook graph api. However when I can easily get the results using FQL with graph api access token, but I cannot get the result with my own application access token. What is the problem with my access token.
It is not user access token. Maybe this can be problem however also graph api is not also user access token.
Per the error message you need to use a user access token retrieved via the Authentication flow - you cannot use an app access token for this.
You mentioned in the comments you're successfully using an access token from the Graph API Explorer tool - this is also a user access token which the tool retrieves using the client-side oauth flow. This is not the same as using an app access token for your own app.
Related
I have a Web API developed with ASP.Net Core. I also have a client app developed with Next.js and it uses NextAuth.js to handle the authentication.
In the UI, when a user is authenticated, I have access to the access token from Facebook.
My question is how can I use this access token to authenticate the requests sent to the back-end API.
This is the back-end code used to register the Facebook authentication scheme (it is all standard):
builder.Services.AddAuthentication()
.AddFacebook(
facebookOptions =>
{
facebookOptions.AppId = "<my_app_id>";
facebookOptions.AppSecret = "<my_app_secret>";
});
I want to construct a Postman request that can authenticate my user using a specific access token but I do not know where to put this access token and whether this is possible at all.
Just sending the request like this (without any modifications) results in visualizing the Facebook login page.
Your Asp.NetCore project integrates Facebook login. After logging in, the token you get can only access protected resources in the current project, such as: [Authorize].
If you want to access Facebook's resources, you need to write your own code to get the token and then access the resources.
1. How to Get Facebook Access Token in a couple of minutes: 2020 guide
2. How to get current user access token from Facebook SDK in C#? Not the App access token
After you get facebook access_token, then you can access Facebook's resources.
I got an issue with the debug_token option in the Graph Api.
Here and Here it states that a call like:
https://graph.facebook.com/debug_token?input_token={token to check}&access_token=APP_ID|APP_SECRET
should give me back information about the token I query.
If I use a Admin-User token in the Graph Api Explorer it works fine but not for the App Access Token.
I am trying to access a public FB community page and display the images on web page, example-http://www.codeofaninja.com/2011/06/display-facebook-photos-to-your-website.html
My site is being developed in java, so I am looking for a core java solution to do something like this.
My site does not prompt for the user to login via Facebook or authenticate. I am simply trying to display all the images from my own album on my website.
I have created an FB app, and then created a community page on which I have my pictures.
I am struggling to I authenticate from the backend code of my with my app or page. My app has user_photos permission and the App Type (Apps->Your APP->Advanced->App type) is Web.
Here are the things I tried using graph API:
1) Get access token
https://graph.facebook.com/oauth/access_token?client_id=ABC&client_secret=XYZ&grant_type=client_credentials
2) Then use access token to get access to the page and its albums, but the above gives me app access_token. As mentioned on Graph API documentation for Page it requires a page acess_token, but I am not understanding how do I get the page_access_token via an app access_token with a backend application.
After Page access token is retrieved I can use the following call to retrieve all photos.
https://graph.facebook.com/PAGE_ID/photos?access_token=<page_access_token>
You can make the following Graph API call To get the page access tokens for all the Pages a particular user admin.
https://graph.facebook.com/user_id/accounts?access_token=<user_acess_token>
the app access token that you're retrieving from
https://graph.facebook.com/oauth/access_token?client_id=ABC&client_secret=XYZ&grant_type=client_credentials
can be used to access the public data on a page - you don't need a specific 'page' access token.
this page https://developers.facebook.com/tools/explorer/ is handy for testing things out - plug in the app access token and the page url to try it out
but I am not understanding how do I get the page_access_token via an app access_token with a backend application.
Not at all …
To get a page access token, you have to have a user access token with manage_pages permission first.
(If you get a long-lived user access token, and use that to get the page access token, then the latter will not expire by default.)
Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.
Facebook changed their Graph API recently to require an access token. Therefore I quickly made a Facebook application to be able to retrieve an access token, use a URL similar to the one below, generated my access token and implemented the token in my iPhone application. Lately I have been thinking about if I have done something wrong. Should I request the access token everytime a user of my application retrieves data from the Graph API? I am starting to doubt whether or not the access token is unique to each user or just to the Facebook application.
Can I hardcode an access token into my application or should I make a request on the URL below every time I need to retrieve data through the Graph API?
I am generating my access token with the following URL:
https://graph.facebook.com/oauth/access_token?client_id=MYID&client_secret=*MY_SECRET*&grant_type=client_credentials
Access token granted by user have expiration time. If token expired then you need to request it again. But if you ask user to grant you "offline_access" permissions then you'll have almost not limited access token. You can store it in database or file and use next time.
Here FB documentation about permissions:
http://developers.facebook.com/docs/authentication/permissions/
Enables your app to perform authorized
requests on behalf of the user at any
time. By default, most access tokens
expire after a short time period to
ensure applications only make requests
on behalf of the user when the are
actively using the application. This
permission makes the access token
returned by our OAuth endpoint
long-lived.