I've tried first to store and use the link the API returns, but it expires in a short amount of time. Then I tried to download and store the image locally (and serve it from my servers); but the thumbnail links throws a 404 error when I'm not logged in with my account (though the documents are fully public).
What's the correct way of serving/retrieving the thumbnail of a document?
I finally solved the problem. You can download the thumbnails if you fetch the URL before it expires and you use an authenticated client (using the token you have to access the API). This last bit it's important, because a normal GET request will receive a 404 error otherwise.
You need to add the Authorization header to the HTTP GET request for the thumbnailLink URL.
Authorization: OAuth [token]
Replace [token] with your OAuth token. Without the Authorization header, Google returns a 404 response. Keep in mind the link is not long lived, so you have to grab it quickly.
Related
I just got the access token with publish_stream, but when i access below url in browsers, Its not posting message in my wall; It just displays all the feed contents.
Wwhat is the problem, I just want to post a simple message in wall by just visiting a URL like below; Am i wrong somewhere?
https://graph.facebook.com/me/feed?access_token={REMOVED}&message=hello
Two things
That's a GET request, not a POST request - if you can't make a POST request via your code or SDK for some reason, you can simulate one by adding &method=post to the request
You included your access token in the question (now removed) - i strongly recommend changing your password on Facebook ASAP
I am using Spring Social to try to get a list of Facebook friends and their locations. From what I can see, Spring Social puts the access token into the HTTP request header as:
Authorization: OAuth AAAFDa6Gl4usBAJH4...
instead of appending it to the URL as an access_token parameter. As a result the request only returns the basic info, which does not include the location data. I can tell that the access token in the header is valid, because if I include it in a GET request manually the full dataset, including location, gets returned.
Has someone see this issue before and could let me know what the problem is?
You are correct that Spring Social puts the access token in the Authorization header like that (per draft 10 of the OAuth 2 specification). Now, this should probably be using the "Bearer" token format from more recent drafts, but I've been using Spring Social Facebook quite some bit over the past few days to do exactly as you are trying to do--fetch the user's friends--and it's been working fine.
Facebook's documentation seems to promote the access_token query parameter more heavily than the Authorization header, but their API supports either (always has). So, assuming that the token given is granted permission to view a user's friends, it should work.
In fact, I just double-confirmed this: First, I used the Spring Social Showcase (https://github.com/SpringSource/spring-social-samples/tree/master/spring-social-showcase), connected to Facebook, then clicked on the "Friends" list in the left-hand menu. It worked. I also obtained a valid access token, pointed my browser at https://graph.facebook.com/me/friends and used the Modify Headers plugin for my browser to set the Authorization header to "OAuth {my token}" and it also worked.
Have you, by any chance, tried this with the Spring Social Showcase (which is using Spring Social Facebook under the covers)? Wondering if you face the same problem there or not.
But thanks for asking about this, because it reminded me that I need to go ahead and update the header to use "Bearer" instead of "OAuth" (which I also confirmed as working).
I have the access token from the user, and I want to retrive the data from their profile. I am working on Unity3D c# therefore I can not use any SDK.
Is there a way of getting it trough a graph request?
I've already tried with
https://graph.facebook.com/me?access_token=00000000000000|AAAAAAAAAAAAAAA
but throws me an error like this..
"message": "An active access token must be used to query information about the current user.",
When I ask for permissions I ask the user to allow me the publish_stream and to access profile data.
How do I get an active access token? I just want the UserID.
Thanks for your answers, and sorry for my terrible english.
So I wanted ti get the User UserAgent Token the only thing that you must do is add that parameter to the Access URL in my case
https://graph.facebook.com/oauth/authorize?type=user_agent&client_id=000000000000000&redirect_uri=http://yourRedirectdomain.com&scope=user_photos,email,user_birthday,offline_access,plublish_stream
Facebook will redirect you to the redirect_uri URL, and the access token will be given in form of a hash. Extra Tip: Yo have to access the Hashed token vía Javascript,
var hash = document.location.hash;
var n=hash.split("=");
This is one method, Im sure there is a better one.
Thank everybody for the answers!
you're Graph Call / HTTP request looks about right.
I'm guessing, based on the error, that the access token has expired.
Normally, they last for about 1-2 hours since the last time they were used. (If i recall correctly). So, a user will start using a website, and the website can make graph calls with the access token while the user is actually using the website for that session, but the token will expire soon after that.
However, you can also ask Facebook for a longer lasting access_token, which will last for approximately 60 days.
Check here for some info :: http://developers.facebook.com/roadmap/offline-access-removal/
As it stands, trying to find this info through browsing the developer docs in Facebook is rather difficult, if not impossible. :-/
You can’t query the API for /me with an app access token, since the API has no way of knowing who “me” is supposed to be.
Only user access tokens contain the info which user id they apply to, and hence only those can be used to query /me successfully.
The JS API's FB.login method returns a response with a dictionary of user info, including the user id. That exists client-side in the JS api.
If this is going to be sent back to the server running the facebok canvas app, the server has to trust the user id hasn't been tampered with. As there is no signed checksum that comes back with the response, I can't see how this can be guaranteed.
I can see how you could take the user ID from the POST signed request and store that in a session, but that doesn't seem quite right. I'm sure there's a method for doing this securely that's less baroque than that.
Ideas?
You should use the Server-Side authentication for the server.
When the user loads your app and has yet to authenticate you send him to the auth dialog, when he returns you get a code which you then exchange against the facebook servers to get an access token back, you can then query the graph api for "/me" and get the user data, since you get it from the facebook servers you know it's ok.
In addition, when facebook POSTS to your canvas url you get a signed request which was signed using your app secret, after you decode it you can then check it against your secret key to verify it's authenticity.
In addition the signed request has the user id so you know that's secured as well.
I recommend using both the server side authentication and the client side one, you get different tokens (server is 60 days long, and the client is a few hours) and you can use them both.
I feel like every second question i ask here is relating to Facebook Connect - that says a lot about their API. Anyway, that's politics, i digress..
I'm trying to pull back user details from the Graph API for use in my application (which is an FBML external website - JavaScript SDK for authentication).
I have requested the following permissions from the user: (using the regular dialog)
publish_stream
email
This works, and allows me to post to the user's wall, and grab their email from the Graph API.
But when i do a HTTP GET Request to the following URL:
https://graph.facebook.com/uid?access_token=oat (where uid = the user id of the user i'm attempting to grab details for, and oat = the OAuth token i have).
All that comes back in the JSON is the User ID (which i already have, since im putting it in the URL), and the email.
Why can i not get things like first name, last name, locale, etc?
Am i using the wrong URL? Is my OAuth token wrong?
I'm getting the OAuth token from here:
https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=myappid&client_secret=myappsecret
UPDATE:
It looks like the issue is my OAuth token.
Because when i go to the docs: http://developers.facebook.com/docs/api
And use the sample OAuth Token for the user im trying to retrieve, it gets all the details.
Anyone know what is wrong with my OAuth token call?
So, i was using the wrong URL for the OAuth Exchange. It needed to be this:
https://graph.facebook.com/oauth/exchange_sessions?type=client_cred&client_id=myappid&client_secrete=myappsecret&sessions=userseshid
The URL that i WAS using was as per the doco, the above one that works is nowhere to be found.
I'm at the point with FBC that i no longer care about the how, if it works, be thankful that it does even that and move on.
EDIT:
Also, i was wondering why the Graph API calls would "stop" working for no reason.
The answer is i needed to compare the Session Key used to obtain the OAuth token, with the Session Key currently in the cookies. If they are different, i needed to get a new OAuth token.
The session key used for any OAuth token is part of the actual OAuth token:
aaa|bbbb|cccc
Where bbbb is the session key. So i just compare that before doing any Graph API calls.