I'm doing an IOS app with facebook SSO. Upon user granted facebook permission to the app, the app will receive an access token. The app will then make an API call to the backend with ONLY the access token.
So is the backend possible to retrieve basic user information with ONLY access token while the user's facebook id is unknown?
Looking forward to an answer. thank u=)
Yes, once you have a user access token /me can be used as a placeholder for the current user's user ID
so /me/friends returns the access token user's friends, etc
It's a bug that has been recorded and fixed by Facebook. Update your base_facebook.php to versions 3.2.2.
You can track the bug here: https://developers.facebook.com/bugs/238039849657148
Related
I want to play around with pynder but in order to do so, I need a facebook access token.
I've googled around, and made a facebook developer profile. I have an app Id and app secret. How can I go about getting what I need to create a session in pynder?
Facebook is using OAUTH2. Basicly you have to redirect the user to facebook. He authorizes your app. Facebook redirects back to your site with a &code= Parameter.
You call an facebook endpoint an exchange the code to an access_token.
https://developers.facebook.com/docs/facebook-login/access-tokens
You can grab an access token out of https://developers.facebook.com/tools/explorer/
You should be able to change to your app and generate a token.
I have started on developing a server side application that requires integration with facebook. My needs is an access token that will not expire, but unfortunately facebook has removed the offline_access feature and replaced with a long-live user access token that will last only 60 days.
I realise that there is an Application Access Token that will not expire. When I use it instead of the User Access Token to fetch the feed, I get must less information.
I have read from other sources that as long as relevant permissions are delegated, such as read_stream is given, using the application access token should allow the server-side application to access the users information that accepted the facebook application.
Am I mistaken ? Can anyone help to clarify ? Thanks
Thanks
Excerpt from: https://developers.facebook.com/docs/opengraph/using-app-tokens/
While an App Access Token is largely for the purposes of publishing information back to Facebook on behalf of the user, there is a limited set of information that can be retrieved from Facebook using an App Access Token.
Basic Profile Info of a User (ID, Name, Username, Gender)
A User’s Friends and their IDs
Permissions granted by the User to your App
So there is a limited set of info you can get using an app access token. So you probably don't want to use it to get the user's feed.
I created an APP on Facebook and using graph API explorer, I selected my app from app drop down box, requested access token with manage_pages, offline_access and publish_stream permissions.
Using this access token, I was successfully able to post message on page using restfb APIs but when I log out, it starts throwing The session is invalid error.
I read on few posts that offline_access is deprecated. Could someone tell me how to obtain permanent access token?
Thanks
Looking at the docs at: https://developers.facebook.com/roadmap/offline-access-removal/ this is no longer possible.
Desktop applications will not be able to extend the life of an
existing access_token and the user must login to facebook once the
token has expired.
Otherwise, it is possible to request an access token with a longer expiration. Here are the directions: https://developers.facebook.com/roadmap/offline-access-removal/#extend_token
What kind of Access Token do you need? There are three kinds, User AT, App AT and Page AT.
If you want User AT, it seems you are out of luck. I don't think it's possible anymore. You can only get to 60 days. However, if you need Page AT, you can get a permanent one. The difference is, Page Access Token only has access to a single facebook page.
Basically you need to get User Access Token first, with manage_pages permission. When you have one, you have to look at /{pageId}?fields=access_token for your page's id in Graph API.
For more info look at: facebook: permanent Page Access Token?
you will not get any permanent access token as Facebook developer blog explains. you will be given 60 days long lived access token. Before the expiration Facebook will notify you about the expiry and then you can renew it or you can build your own custom control to get the notification on token expiration which you can fetch from Facebook API.
I am sending a POST request to /FACEBOOK_ID/photos?access_toke=APP_ACCESS_TOKEN. I already have publish_stream permission. My goal is to post a photo into the user's photo album of my Application (Facebook creates an album for that app).
The result is:
{"error":{"message":"A user access token is required to request this resource.","type":"OAuthException","code":102}}
OK, so I tried to use the user_access_token instead of my app's access token. But it says that it has "expired"?
I can't do either! What can I do? Ideally, I want to use the app's access token for all cases. That's because I can't just bring the user to the Facebook "allow" dialog everytime...
Posting a status update works fine (I use the app's access token), but it's only when I do photos that I run into this problem.
Note: I will give 500 bounty to whoever can answer this for me ASAP.
Thanks!
When you obtain the user's access token, request the offline_access permission to obtain a user access token that doesn't expire. Store the token & use it in the POST to /.../photos.
Note that this is only a short-term fix as Facebook are removing the offline_access permission on May 1 2012. After that applications will have to call a new FB api to extend the life of an existing access token.
I wonder is it possible to access user's wall info without passing his/her access token?
for example, I will just pass my app secret token and app id. and FB user already allows to access his/her info from my app. Facebook does the checking and matching of my app and my app's user by just using my app secret token and app id.
Because I found some topics similar to that.
http://forum.developers.facebook.net/viewtopic.php?pid=9172
When I check Rest FB doc,it says like that.
http://restfb.com/javadoc/index.html
public DefaultFacebookClient()
Creates a Facebook Graph API client with no access token.
Without an access token, you can view and search public graph data but can't do much else.
I doubt that it will work or not without access token.
can everyone share me ideas or any possible similar approaches ?
Thanks.
You will need to ask the users to authorize your app for offline access. You will be able to access the user's wall even if the user is offline, but you still need the access token. It is part of Facebook's security measures.
There are two types of access tokens:
Session based: expires in a short term, are used when the user will be logged to FB every time you need to perform an operation.
Offline access: do not expire and allow the app to perform operations for the user in any moment. This requires the offline_access permission when the app is authorized.
Check here: http://developers.facebook.com/docs/authentication/ for the oauth mechanism and here: http://developers.facebook.com/docs/authentication/permissions/ for the permissions list.
The REST API is deprecated and it is strongly suggested that you don't use it anymore. Furthermore, from this October you will be allowed to use only the Oauth2 authentication (see When is Facebook turning off their session based auth?)
Without token you can only access public information.
Public data
From RestFB homepage :
// It's also possible to create a client that can only access
// publicly-visible data - no access token required.
FacebookClient publicOnlyFacebookClient = new DefaultFacebookClient();
If the user does not protect his posts, then you can access everything without token. But most of user do protect their data and then you need a valid user access token to read the data.
Private data
When you say "FB user already allows to access his/her info from my app" it means that the user has clicked on "Allow app" in the web browser and at that moment here Facebook will give you a token. You can after use that token with RestFB :
FacebookClient facebookClient = new DefaultFacebookClient(USER_ACCESS_TOKEN);
User user = facebookClient.fetchObject("me", User.class);
out.println("User name: " + user.getName());
By default, the token will expire a few hours later. If you ask for the offline_access permission, the token will be valid for ever (as long as the user does not remove the permission for your app in his settings). You should store that token in your database to be able to use it when you need.
Get the user token
You cannot get the user token with RestFB. On the RestFB homepage, you can read :
Non-goals: [...] Providing a mechanism for obtaining session keys or OAuth access tokens
Because you need a browser to do so : the user has to authenticate and authorize your app on Facebook website (the popup that shows).
What you can do is to have a PHP page on which your users have to go to authorize your app. You can read this stackoverflow answer that explains how to use the Facebook PHP SDK to do so.
Hope that helps !