I have setup the facebook javascript sdk to initialize a friend invite dialog to send requests to friends. Clicking on the invite in Facebook, brings the user back to the site.
The query string has any and all request_ids that have not been handled (deleted).
I am following the documenation listed at the FB developers site here which states:
JavaScript SDK:
FB.api(requestId, 'delete', function(response) {
When they are returned to my site, the querystring has a request_ids parameter:
example: www.mysite.com/somepage?request_ids=0493834050
my Javascript code looks like this:
FB.api(requestIds[i], 'delete', function (response) {
console.log(response);
});
But the error I get is:
ERROR
code: 104
message: "An access token is required to request this resource."
type: "OAuthException"
All I want to do is delete the request ID. before I was even running the above code, the querystring was building up with every submitted request. It does appear they have been removed, because the querystring is reduced down to a single request id. But I am still uncertain it has been handled properly.
NOTE I am not using the Graph version - as I have not setup Graph on the app settings in Facebook.
I have the Facebook C# sdk - if someone has an easy way to do this here. I have tried the following with the same results.
var fbClient = new FacebookClient(accessToken)
fbClient.Delete(requestId);
I don’t see what’s possibly unclear about the error message – you need a valid access token to be able to delete requests, but by the looks of it you don’t have one.
So you’ll either have to have the user connect to your app in order to get an active access token for him; or you have to do it using your own app access token (but that’d have to be done server-side then, because you don’t want to transfer your app access token to the client side).
Related
When linking with the Instagram Basic Display, our app asks for the user_profile and user_media scopes. When linking, the user can de-select the user_media scope, which defeats the purpose of linking with our app.
I'd like to validate that the user has granted the user_media permissions, but can't figure out a good way to do it.
The Facebook Access Token Debugger is able to display the scopes that were granted when I paste in an IG Basic token.
I've tried using the /debug_token endpoint from the Graph API. It lets me debug Facebook and IG Graph tokens, but not IG Basic:
GET /debug_token?input_token=<token-to-debug>&access_token=<app-access-token>
The "app-access-token" I'm supplying is my Instagram Basic Display app's ID and secret combined together like this: app-id|app-secret
When I do this I get an error saying:
Error validating application. Cannot get application info due to a system error.
The only thing I can think of doing is to try accessing the user's IG media and detecting if it fails w/a permissions error. I'd like to avoid doing this if there is a better way :)
I ended up verifying this with an api request that tries to fetch the last media posted by the user:
(Ruby)
def validate_permissions
params = { access_token: token, fields: ['id'], limit: 1 }
get('https://graph.instagram.com/me/media', params)
end
The get method in this class has an error handler for when the HTTP status >= 400. In the error handler, if the HTTP status is a 403 and the error has a "code" of 190 then we can conclude the user has not granted the permission.
The error message in this scenario is:
Application does not have permission for this action (access user media)
I am running queries against Facebook Graph API to fetch OG meta information about URLs. Using a Facebook APP token, I can request most URLs and get their corresponding meta data back. But I have run into two issues that I can't find a solution for. I have one domain that refuses to pull any meta information using an APP token. Instead I get back an error 100 (Unsupported post request). But when I make the same request using a User Access Token, it works correctly. The second issue I found is that when a URL has any kind of OG error, Facebook is still scraping it, but will return a 100 error instead of returning the meta details (with both the app token and the user access token). I've even tried running the query without the scrape parameter, to no avail.
Normal Request That Returns Meta Fields of URL:
POST:
https://graph.facebook.com/v2.9/
{
"id": "http://viralcrunch.com/articles/22325/these-guys-invented-the-anti-smart-phone-and-it-will-blow-your-mind",
"scrape": "true"
}
Request That Returns 100 Unsupported post request Error W/ App Token
POST:
https://graph.facebook.com/v2.9/
{
"id": "http://turnthispage.com/dads-totally-winning-fatherhood/",
"scrape": "true"
}
Request That Returns 100 Invalid Object Error W/ Any Token
POST:
https://graph.facebook.com/v2.9/
{
"id": "http://www.thesportster.com/basketball/top-20-nba-players-who-live-life-to-the-fullest/",
"scrape": "true"
}
The second URL seems to be associated with an app id of an app that has some kind of access restrictions set; so I guess it is the same here as if you tried to access information about a Facebook Page that has access restrictions set - you can not query any details about those using the app access token, you need to use a user access token for a user that is allowed to see the content, or a page access token for that page.
And that you get an error response for the third one seems only natural. After all, this is a tool intended to debug and scrape the Open Graph objects you are in control of, so if the OG meta data is not in order it should return an error.
I'm tearing my hair out here.
We've got a web app that is hosted on a bunch of different domains and we have a facebook login on the page. This works just peachy. Most of them run of our root domain eg newsite.ourplatform.com and we reuse the same facebook app and add a new domain in.
We've had a request to set up a new site on a different url. In the past, this hasn't really been a problem. We set up a new facebook app, add the appid to out config and voila, facebook login working. (we don't do this so often, so I've potentially broken it)
This time around. I've set up a new app id and plugged it in, but whenever I call the facebook login, it authenticates me, but I get a useless response from facebook.
eg. On a working site I call
FB.api("/me/", function(response){console.log(JSON.stringify(response));});
and get response
"{id":"12345678910","email":"my#email.com","first_name":"My Name","gender":"male","last_name":"Myname","link":"https://www.facebook.com/app_scoped_user_id/12345678910/","locale":"en_GB","name":"My Name","timezone":10,"updated_time":"2014-01-19T10:44:20+0000","verified":true}
but on the broken site I do the same call and get a response
{"name":"MyName","id":"12345678910"}
Which is sort of good, but I need their email. As far as I can tell, I'm not asking for any permissions beyond email,public_profile and user_friends
Because of the way the app setup works, we have different apps running 2.1, 2.2 and 2.4 and this new one on 2.4 doesn't work. I'm not sure if that's a red herring or if I've got a misconfigured facebook app.
(edit - removed the sites affected to protect the innocent)
As #CBroe said you really need to checkout the v2.4 changelog for the API. In version 2.4 of the API Facebook introduced 'declarative fields'. This means that when you make a base request, like to /me you will only get a small amount of info back, e.g. 'name' and 'id'.
You have two options to get more fields:
Option One
FB.api('/me?fields=first_name,last_name,gender', function(response) {
console.log(response)
});
Option Two
FB.api('/me', function(response) {
console.log(response)
}, {'fields': 'first_name, last_name, gender'})
This will return a response that looks like the following:
{"first_name":"First", "last_name":"Last", "gender":"gender", "id":"ID"}
The key in the request above is specifying the fields URL parameter in your request and is documented in the link #CBroe linked and I have linked above.
I created and APP on the Facebook.
Now I am trying to post a comment on the user's timeline using the Graph API but I cannot undestand what I need to do.
I already authorized the Application (I authorized this permissions: 'user_status,publish_stream,user_photos,email').
If I look on my profile -> privacy I can see that the APP can:
This app can: Post on your behalf
This app may post on your behalf, including status updates, photos and more.
Last data access:
Basic InformationToday
See details · Learn more
Posts on your behalf:
Who can see posts this app makes for you on your Facebook timeline?
Public
Notifications:
When to notify you?
The app sends you a notification
So this part seems OK.
On my application I do the following to try to post somenthing on my timeline (I need to post it when I am off line).
1) GET : https://graph.facebook.com/oauth/access_token?client_id=APPID&client_secret=*APP_SECRET*&grant_type=client_credentials
RESPONSE:
access_token = 422828347771671|UdQELQIf0N7krF4JUo7VwtPLTkk
2) GET: https://graph.facebook.com/search?q=myemail&type=user
RESPONSE:
_"error":_{
______"message":_"A_user_access_token_is_required_to_request_this_resource_",
______"type":_"OAuthException",
______"code":_102
___}
But reading the documentation (https://developers.facebook.com/docs/reference/api/#searching) it seems that this request does not need any kind of access token.
I also tried to add the access token, but the result is still the same.
3) I know my facebookid so I tried to use it directly:
POST: https://graph.facebook.com/100001139132403/feed
ARGUMENT:
access_token=422828347771671|UdQELQIf0N7krF4JUo7VwtPLTkk,
message=Hello
RESPONSE:
"error": {
"message": "(#200) This API call requires a valid app_id.",
"type": "OAuthException",
"code": 200
}
}
So I tried to add client_id=APPID and app_id=APPID, I tried to put one, the other and also both arguments as GET or POST but nothing changed.
I checked the APPId ad it is correct.
Do someone have any idea?
Thank you!
You cant simply generate a user access_token by querying to a URL. What you did gives the App access token and as the error say, you are trying to do something, that needs user access_token.
Refer and implement this : https://developers.facebook.com/docs/howtos/login/server-side-login/
And use that access_token for the rest of the processes.
As stated in the Facebook Oauth Documentation, in order to use the Client Side Flow with a Desktop App, the special return_uri https://www.facebook.com/connect/login_success.html is required.
Opening a new tab from Chrome to the url
https://www.facebook.com/dialog/oauth?client_id=MYAPPID&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token
works as expected, I am redirected to the login_success page with an access_token parameter containing the token. I can request data from the Graph API using simple GET requests (e.g., with jQuery):
$.getJSON("https://graph.facebook.com/me", {access_token : token}, function (d)
{
.. process returned data
});
My question is, can I continue to use the Javascript SDK without using the SDK's internal authorization methods.
FB.getLoginStatus returns an error that my Connect/Canvas URI isn't correct. How am I supposed to check the token status without that method [apart from a manual GET and response matching]?
FB.login obviously fails with the following error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri
(url does not match domain url in the app's config), as there seems to be no way to internally specify the return_uri above.
Is there a way to still rely on the Javascript SDK (especially events) while accessing a token externally? Am I supposed to override the access token?
Yes, you can use it for the normal events (i.e. someone clicked a like button) like so:
<div id="fb-root"></div>
<script type="text/javascript" src="http://connect.facebook.net/en_US/all.js#xfbml=1" id="facebook-jssdk"></script>
<script type="text/javascript">
FB.Event.subscribe('edge.create',
function(response) {
console.log(response);
}
);
</script>
Unfortunately for regular API calls you can't use the Facebook JS SDK from within your extensions. You'll have to roll your own API wrapper for that.
An easy way to see if the access token is valid, is to make a graph API call to /me?fields=id with the access token you have saved. That will be fast and you can use the response to see if the access token is still valid. Best practice for extensions is to request the permission offline_access.
Also, I would recommend having the redirect URI be on a domain you own. That way if other extensions are doing the same, your scripts won't interfere. Accessing the token will be the same.