In one of our FB app on mobile, we want to store the FB Access Token on to backend to be able to:
extend the access token to long lived
use them to do certain tasks on behalf of user from our backend server
Is it possible to do these using app tokens obtained using fb js sdk?
Thanks,
Janar
Related
I have a Web API developed with ASP.Net Core. I also have a client app developed with Next.js and it uses NextAuth.js to handle the authentication.
In the UI, when a user is authenticated, I have access to the access token from Facebook.
My question is how can I use this access token to authenticate the requests sent to the back-end API.
This is the back-end code used to register the Facebook authentication scheme (it is all standard):
builder.Services.AddAuthentication()
.AddFacebook(
facebookOptions =>
{
facebookOptions.AppId = "<my_app_id>";
facebookOptions.AppSecret = "<my_app_secret>";
});
I want to construct a Postman request that can authenticate my user using a specific access token but I do not know where to put this access token and whether this is possible at all.
Just sending the request like this (without any modifications) results in visualizing the Facebook login page.
Your Asp.NetCore project integrates Facebook login. After logging in, the token you get can only access protected resources in the current project, such as: [Authorize].
If you want to access Facebook's resources, you need to write your own code to get the token and then access the resources.
1. How to Get Facebook Access Token in a couple of minutes: 2020 guide
2. How to get current user access token from Facebook SDK in C#? Not the App access token
After you get facebook access_token, then you can access Facebook's resources.
I have never stored Facebook access token of users, but now I need them so I can start publishing on thier behalf.
Is there a way through Facebook's app management interface, to retrieve all the access tokens of users ?
Thanks
No, there is not.
You can only generate user access tokens by having users visit your app/website again – if you embed the JS SDK, it will give you an access token automatically; otherwise (server-side) you will have to send them through the login flow again to generate one.
We are building a foursquare connected app, using Facebook for login. In this scenario, is there a way for our servers to see foursquare access token specific to our app, so that we can associate that token with the user account validated against facebook?
It is not possible to get a list of all access tokens for your app. When a user authorizes your app with Foursquare, you should store their OAuth access token so you can make requests on their behalf. You will follow a similar process to authenticate with Facebook. Your app will need to maintain the association between their Foursquare token and their Facebook token.
If you have lost the Foursquare access token, you can send the user to foursquare.com/oauth2/authenticate, as on this page (https://developer.foursquare.com/overview/auth), and your app will receive another OAuth token for the user, as you did when they originally authorized the app.
Assuming it is possible to transfer the Facebook API access token from some web app to my mobile app (via physical storage or network), will my mobile app be able to use that token as a regularly acquired token (as if the mobile app itself requested the token from Facebook)?
Is this procedure allowed in the Facebook API's terms of service?
Will the mobile app be able to cache that transferred token and use it as its own?
Basically, what I want is for the user to do Facebook Login and authenticate on one machine, and use the acquired token on a different one (e.g mobile app).
Is there a better way of doing this?
You can set your mobile app to go through facebook's oauth steps onload and if the user has already authenticated the app, he will get logged in right away, since you'll get an access token at this point of time, save that in the mobile app.
Automatic login triggers are now being used on both stackoverflow and quora. (if you sign up here through facebook, when you visit the site, you'll get signed in again - same for quora).
Also, access tokens grant access to a particular 'facebook app'. If your mobile app uses the same app id, then you can certainly reuse the same access token on the mobile device.
yep, we can reuse it. I got an access token from mobile app then it's applicable on web browser.
I have a Facebook app and I can retrieve the App Token by calling
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&client_secret=YOUR_APP_SECRET
&grant_type=client_credentials
as specified on the Authenticating as an App page. I see this app token is also available in the Access Token Tool page along with a User Token for the app. I need the User Token in order to do a /USER_ID/accounts on users that have already approved my app with the manage_pages permissions.
Basically I wish to post to a users Facebook page when they submit an article to my app. Some users are in locations where Facebook is blocked, thus I can't use the regular Javascript SDK.
Edit 1: I understand the concept of user access tokens and retrieving them via the SDK with the OAuth redirect. My question is in regards to the User Token for an app as seen in the Access Token Tool page, not a user access token (which requires client access to Facebook)
In order to get a user token without using the javascript SDK, you need to authenticate the user using the OAuth dialog redirect. Essentially, you prompt the user to fetch a code from Facebook that you can exchange for an access token. At this point you should store the access token and re-use it for all requests that require authentication. Keep in mind though that you will need to detect when the token is expired or invalidated, and if so you will need to re-issue the authentication redirect & token exchange process.