i am trying to catch the posts of a certain page using the open graph of facebook using https://graph.facebook.com/175119619168907/posts?access_token=access_token.
i was wondering do i have to create a new token for each user that goies to my page then he needs to add my app to his app lists? or can i create a token that does not expire and which i can use for all the users taht logs in? there is no security issue here since the user can only read posts and not write/comment.
I found out the solution that you have to create an app token using the following url:
GET https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&client_secret=YOUR_APP_SECRET
&grant_type=client_credentials
this token will not expire
Related
I have a Node.js server running a social network site and I also have a facebook page for that site. For certain actions performed by users on my site, I want to post details on the facebook page of my app.
I referred to Thuzi facebook node sdk here on how to post to facebook wall. However, it requires app id, app secret and a temporary access token. App id and app secret are constant so I can put them somewhere in my config file and use from there. But how do I get the access token without any interaction from front-end ? All posts will be published by our app only and that too on our own page. I just want this to be triggered by the end user's actions. Any help ?
I am using Sails.js framework btw.
You would need to use an Extended Page Token for that, you only need to create it once and it will stay valid forever. And you will post "as Page" with a Page Token. How to get an Extended Page Token:
Create an App
Use the Graph API Explorer to generate a User Access Token (by authorizing the App with the manage_pages and publish_actions permission)
Extend the User Access Token (valid for 60 days)
Request an Extended Page Token by calling /me/accounts
Store that Extended Page Token on your server and use it for posting on the Page wall.
Here are some additional resources, explaining everything in detail:
https://developers.facebook.com/docs/facebook-login/access-tokens/
https://developers.facebook.com/docs/graph-api/reference/v2.1/page/feed
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
I am also digging more in to this nowdays As I am working on a node module for this.
Till now I got to know that we can create a temporary access_token and we can than extend that token upto max 60 days.
For this after getting temporary token you need to make a call to this url to get a access token with 60 days validity.
https://graph.facebook.com/oauth/access_token?client_id=&client_secret=&grant_type=fb_exchange_token&fb_exchange_token=
I am having problems generating long lived Access Token to update Facebook page from my desktop application.
I created a Facebook App associated with my Facebook user and stored it's app id and secret.
I created a facebook page associated with my Facebook user account.
I can create a short lived (60 minutes) access token for my app.
My desktop application is able to post to my Facebook page using the short lived access token. However, this only lasts 60 seconds and is therefore impractical.
I have been trying to generate a long lived access token using the guidance here:
Request a Page Access Token in C# SDK
However I receive an error:
"The access token does not belong to application XXXXXXXXXXXXXXX"
When I try enter my short lived access token in the debug tool the box, it confirms that the access token is mine BUT it shows a different app id.
Where does this different app id come from? I only have one Facebook app defined.
I think I might be missing a fundamental point here.
Many thanks for any help you can give.
Go back to the Graph API Explorer where you generated the token.
Make sure that you selected your app from the drop-down at the top where it says "Application[?]"
If you don't it defaults to 'Graph API Explorer' and that will be of no use to you. Once you get the token made for the correct app, try again using this URL:
(replace NNNN with the correct data)
https://graph.facebook.com/oauth/access_token?client_id=NNNN&client_secret=NNNN&grant_type=fb_exchange_token&fb_exchange_token=NNNN
Steps are:
Generate app token with the following Graph API call:
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
Exchange received token for a long-lived token (60 days) with the following Graph API call:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
that will give you long-lived token associated with your app. If you want to post on the page AS THE PAGE, then you need to get Page access token - see here for more details: https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens
Authenticate the user and request the manage_pages permission
Get the list of pages the user manages from (1): https://graph.facebook.com/me/accounts?access_token=USER_ACCESS_TOKEN
Parse the list and get the token - and use it to post to the feed.
you will do (1) in graph API explorer - and you will get user token. Then insert that token into URL in (2) - and you will see all your pages and corresponding token. Take the one you need and use it in your C# code to upload images.
I am trying to access a public FB community page and display the images on web page, example-http://www.codeofaninja.com/2011/06/display-facebook-photos-to-your-website.html
My site is being developed in java, so I am looking for a core java solution to do something like this.
My site does not prompt for the user to login via Facebook or authenticate. I am simply trying to display all the images from my own album on my website.
I have created an FB app, and then created a community page on which I have my pictures.
I am struggling to I authenticate from the backend code of my with my app or page. My app has user_photos permission and the App Type (Apps->Your APP->Advanced->App type) is Web.
Here are the things I tried using graph API:
1) Get access token
https://graph.facebook.com/oauth/access_token?client_id=ABC&client_secret=XYZ&grant_type=client_credentials
2) Then use access token to get access to the page and its albums, but the above gives me app access_token. As mentioned on Graph API documentation for Page it requires a page acess_token, but I am not understanding how do I get the page_access_token via an app access_token with a backend application.
After Page access token is retrieved I can use the following call to retrieve all photos.
https://graph.facebook.com/PAGE_ID/photos?access_token=<page_access_token>
You can make the following Graph API call To get the page access tokens for all the Pages a particular user admin.
https://graph.facebook.com/user_id/accounts?access_token=<user_acess_token>
the app access token that you're retrieving from
https://graph.facebook.com/oauth/access_token?client_id=ABC&client_secret=XYZ&grant_type=client_credentials
can be used to access the public data on a page - you don't need a specific 'page' access token.
this page https://developers.facebook.com/tools/explorer/ is handy for testing things out - plug in the app access token and the page url to try it out
but I am not understanding how do I get the page_access_token via an app access_token with a backend application.
Not at all …
To get a page access token, you have to have a user access token with manage_pages permission first.
(If you get a long-lived user access token, and use that to get the page access token, then the latter will not expire by default.)
Main Question:
(since offline_access permission) is deprecating; how long will an access token created by hitting the below url with app's ID and secret last?
https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=XXXX&client_secret=YYYY
last? It seems a simple question but I have not been able to find a definitive answer here or on developers.facebook.com
Secondary Question
I want to pull my facebook pages's feed into my website (either via jquery plugin or rolling me own), but both using something like:
https://graph.facebook.com/100002282383158/feed?method=GET&metadata=true&format=json&callback=___GraphExplorerAsyncCallback___&access_token=XXX
basically I'm using an appID and secret created via an fb app that I made just so I can generate an access token and pull my feed into my website (see first question), without requiering the user to authenticate with fb. Is there a better way to do this than making the above call and creating an app to get a token? (the web server that I have to use can not use php)
notes:
in this post in the comments it says "Offline access has now been deprecated, but you are allowed to extend an access token to last for 60 days." but I have not found any doc to back that up or a way for me to set that time; and i'd hate to go live wondering if my token will expire at some unknown time
Facebook Page Access Tokens - Do these expire?
After the offline_access permission is removed, tokens will last 60 days.
I'm using an app access token, and they (apparently) do not expire (unless you mess with your password or app secret)
"App access tokens do not expire unless you refresh you app's App
Secret. You do this in your app's settings."
https://developers.facebook.com/docs/authentication/applications/
you can get token for user that last 60 days by hiting fallowing url
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
As I understand it, this is the basic process for new Facebook iframe canvas apps using the OAuth2 API in a nutshell:
Redirect to (or have user click link to) app's authorization URL
User authorizes and is redirected to your callback URL
Callback uses "code" parameter to get a access token
Access token is used with Graph API to pull or push information
The problem is that access tokens expire relatively quickly and need to be "refreshed", so my questions are 1) how do you detect that the token has expired aside from trying to use it and simply getting an error? and 2) what is the best practice for obtaining a new token?
Currently, I just detect that there was an error trying to get the user's information with their access token, then redirect to the authorization URL again -- since they already authorized the app a blank page flashes by and they are redirected back to my app callback where I get a fresh token. It's so clunky I can't believe this is the proper method.
The only way to tell if a cookie is valid is to use it and catch the error if it is expired. There is no polling method or anything to check if a token is valid.
To get a new token, simply redirect the user to the authentication page again. Because they have already authorized your app they will instantly be redirected back to your app and you will have a new token. They won't be prompted to allow since they have already done that.
In short, there are no tricks to this. You are already doing it correctly.
Recently, facebook has made some changes to access tokens which allows them to be refreshed periodically.
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
For more details, check here: https://developers.facebook.com/docs/roadmap/completed-changes/offline-access-removal
//you just need more step because the access token you are getting will expire in 1 hour
//you can overcome this in step 5
1-Redirect to (or have user click link to) app's authorization URL
2-User authorizes and is redirected to your callback URL
3-Callback uses "code" parameter to get a access token
4-Access token is used with Graph API to pull or push information
5-exchange short-lived access token you just got with 60 day access token
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=EXISTING_ACCESS_TOKEN
6-after 60 day the user must login again to your app and the steps from 1-5 will be repeated.
--the real problem you will face is how to make the user visit your app page again
Facebook has removed the feature of refresh the access token on the "behalf of" mode. The best and easy way is to redirect the user to facebook login page to re-oauth the app.
Find facbook doc here
if user has already authorized your application and access token expired. you can redirect user to authentication page again. but oauth dialog doestn't show because user already authorized your application. he will redirect to redirect_url parameter you used.