Is there a way to get a user's facebook user id from their login email address?
I want an API call where I can provide joe#example.com and get facebook user id 342255534.
I'll use that id to call http://graph.facebook.com/342255534/picture?type=large
The closest thing I've found is https://graph.facebook.com/search?q=EMAILADDRESS&type=user&access_token=ACCESSTOKEN, but that requires an access token, which I'm hoping to avoid.
I know this isn't how it's supposed to work, but is there a way to get a generic access token?
You can use your own access_token for the application, and change it to a long-lived access token so you can make the API call in a cron. The only issue is that you will have to login to the app every so often to update the access token.
UPDATE: The User Search API is now deprecated, so you cannot search using email addresses. But name based searches still work.
You can create an app and get an access token for that app. Instructions are here: https://developers.facebook.com/docs/authentication/applications/
Unfortunately, a search for a user_id by email only works with a user access token.
You don't need to be friends with a user to get their id by email address.
Related
I am using FB js SDK to allow logging in on my platform. A user permits the needed access and I save his ID in my DB. The data is sent to my server via AJAX. Since the login is with FB, I can identify the user only by his ID.
Now, lets say I know someones FB ID and I know he has an account on my platform. In runtime, I can place his ID in the auth request and obtain a legit session of that user. How could that be avoided?
First of all, those are App Scoped IDs, it is very unlikely that someone would know the ID of a user who authorized your App, because it´s not the "real" ID.
That being said, you can (and should) send the User Token to the server and confirm the ID by calling the /me endpoint with that Token. You should also use appsecret_proof for API calls, more information can be found in the docs: https://developers.facebook.com/docs/graph-api/securing-requests
Can we get email of event member on Facebook even via Facebook api,
Is there any way to do it,i tried using graph tool but did not get email address.
Elaborating on what #JaysonLane said, this won't be possible as a user needs to explicitly grant you access to read their email address and you would need a valid access_token for each individual user to get access to it
https://developers.facebook.com/docs/reference/api/event/
https://developers.facebook.com/docs/reference/login/email-permissions/
I'm trying to implement facebook connect to my website, and i have couple questions.
1: Is it possible to register user in my website using his current facebook email/password.
Let's say user clicks on link Register via facebook and then he have to give me permisions to access his password, email, etc... and after that is done i put that info in my own database and he will be able to login with that account any time he wants without needing to give me permisions any time in the future.
2: If that kind of registration is not possible, what's other solution would be the best for me? Because i need to somehow keep track of that user who logged in with facebook, because he can upload photos, send messages etc.
Anyways, i'm quite new with facebook and similar things, so i'm really lost here, hope some one can help me :)
EDIT Thank you all for wonderful answers it helped me a lot, now all that's left is to read documentation :)
Yes it is, it is possible to get the information of the user. But it is rather complicated, when you have never dealt with it.
First you need to send the user to the following link:
https://m.facebook.com/dialog/oauth?client_id=your-client-id&redirect_uri=xxx&scope=listof-information-you-want
Facebook will then return your client to the uri specified, if the user rejected it will give a reason. If it is not you will get an code in urlencoded format.
This code is needed for the following step, the request of the access token:
https://graph.facebook.com/oauth/access_token?redirect_uri=xxx&client_id=xxx&client_secret=xxx&code=xxxx
This will give back an access token, if the authorization didn't fail.
After that you can ask for the information you want:
https://graph.facebook.com/me?method=GET&metadata=true&format=json&access_token=access_token
This will include a facebook uid, which is unique for all users. Store it and you can discern between a register and login.
This is roughly the process for any oauth2 application.
Facebook will not ask repeatedly for permissions after the user granted them to you. So you can store the access token and reuse it for backend stuff and also use the same procedure you use for register for login.
You can never access the user's password from Facebook even with his/her permission, so the user will always have to authenticate via Facebook and have Facebook pass you the user id of the logged in user once authentication succeeds. You can store all kinds of other data locally, but not enough to authenticate the user yourself.
Once the user is authenticated, you'll have access to the user's Facebook user id via the API, which should be enough to connect all kinds of information to that specific user.
Facebook does not provide access to accounts when passwords are taken from your controls. It provides it own canvas for login information. Therefore you cannot use your first approach to store passwords in your databases. Check this out.
You can however store email addresses once user logins into his account using the facebook sdks. Check this out link for the example of C# SDK sample code.
You can use the Facebook APIs to fetch user email-id, photos, friendslist and other information and then play around accordingly.
You don't get access to the users password - only email if you ask for it.
Best way would be to have a table of users and their Facebook account id's.
If you want to allow users to sign up without Facebook then have a nullable field for their password and facebook id, and also have a field for username - which you could populate from Facebook if they register via that route.
I am working on facebook application in java, and i succeed to retrive the access_token.
Now i want to pull for example the user feed but i dont have the user id https://graph.facebook.com/userid(or me)/likes?access_token=...
Yes, I know user id could be replaced by 'me', but my app is a web app, user just input his user name and password in our frame, not facebook OAuth Dialog which is for user authentication and app authorization, so I think facebook should do not know who is me, so I need user uid. In previous implementation, I could use user email and password to get user id and session key by Facebook Rest API, but how could I get it by Graph API by user name and password?Is there a way to do that?
The Graph API uses OAuth 2.0 for authorisation.
One of the main goals of OAuth is that the user's credentials don't have to be handed out to the 3rd party applications.
So, it's not possible to get the user id and session key using the Graph API with just the users email & password (unless you logged them in manually yourself).
My question is very simple
On this page: http://www.facebook.com/axefan?sk=app_116526158422952
How did they do to show the names of the connected user, without asking permission? I thought it was not possible to have UID of a member without going through auth?
You don't need an access token to get the name of something in Facebook. You just need the id of whatever it is you are checking (Person, page, event, etc).
For example, you can check these without appending any access token to the URL:
http://graph.facebook.com/595869823?fields=id,name
http://graph.facebook.com/292378408255?fields=id,name