Take for example
http://www.facebook.com/photo.php?v=10150130077340815&set=vb.22092443056&type=2&theater
If I try and access that object in the graph explorer
https://graph.facebook.com/10150130077340815
I get an OAuthException which says I need a user token.
But if I just go to the above URL on the FB website, I can see the video just fine!
HOW can I programatically access objects like that -- where I can see when on Facebook-the-site without being logged in, but can't get at them in code without an access token?
WHat incredibly simple thing am i missing here?
You need an access token to access objects owned by other other objects when using the graph api
You can verify this by going here and trying your query... it won't work.
Then, click on "Generate access token", try the same query (for 10150130077340815) and voila, you got starbucks stuff.
Get your access token and you should be able to do this. You might have to jump through some hoops getting it renewed if this has to be a completely thing.
Related
I want to generate a page access token with graph API 5.0 and don't know how to do.
I have an app, linked to a page which I am administrator, with all the permissions I need.
Everything works fine inside the graph API explorer.
The documentation says I need a user access token in order to get the page access token, using https://graph.facebook.com/v5.0/me/accounts?access_token=$user_access_token.
The problem is I don't know how to get it programmatically without having to confirm in the facebook popup. All I have now is the app access token, but this is an invalid parameter this endpoint.
Does somebody know where I'm wrong?
I have a CMS application which needs a little component that allows an editor to select a facebook page post to display.
I've been going around facebook API and I don't fully understand what is the proper way of doing it.
This would be a server call, I would prefer not to have an access token because I am not making the request on behalf of any user.
I've tried using access_token=app_id|app_secret, but apparently that request requires an user session. So I went to the graph explorer and copied my access token. That worked fine initially but then I learned that they expire. I could get a long live token, but apparently those also expire eventually.
So, what is the best way of doing this? I think that using someones facebook access token for this is risky. The token could be revoked at any point breaking the feature in production. Can I achieve this without an user access_token? if I cant, how is this token normally managed?
Update:
Well actually the app_id|app_secret works, just not in every case. I created several pages for testing purposes and it doesnt work in any of them. Then I tried accessing a post from some brand pages (unrelated to my project) and they work ok. So my problem is configuring the page.
When I tried to access the post using app_id|app_secret I get:
(#100) Requires user session
Posts are public in all cases
I already tried to assign a vanity url to the page, no change
I think it's not possible to use just an App Access Token to get the Page Posts. Unfortunately the docs are not very clear on this IMHO:
https://developers.facebook.com/docs/graph-api/reference/v2.2/page/feed/#readperms
An access token is required to view publicly shared posts.
A user access token is required to retrieve posts visible to that person.
A page access token is required to retrieve any other posts.
so I'm trying to follow the docs in FB about creating and publishing custom actions
https://developers.facebook.com/docs/opengraph/using-object-api/
so I have an app with proper publish_actions permissions, I have the app access token so I try to create an object from with something similar like
("33333333/objects/app-namespace:action", "POST", array("object" => "{"title":"Chicken Enchiladas","image":"http://upload.wikimedia...", "access_token" => "LONG APP ACCES TOKEN"))
the acces token is correct, the user ID is correct, the namespace and the action is correct, an the rest of the params are correct, like I said I follow the docs, but I keep getting
(#10) Application does not have permission for this action
I wonder why???, should I only use user access token instead of the app access token, the docs mention I can use both if I have proper permissions, thanks for any help!!
Make sure,
TOKEN is an "App Token" and NOT a User "Access Token". For example, on the Graph API Explorer there are two buttons to get tokens. One for "App Token" and one for User "Access Token". Make sure you use "App Token".
POST is to "app/objects" not "33333333/objects". You don't actually specify the app-id. It already knows that from the token.
That should fix ya.
Creating objects is distinct from creating actions and 'publish_actions' permission is about the latter.
I do not know which permission you'd need for creating objects, but another solution to this problem is to inline your objects inside the actions. I.e., you'd be posting against a URL of the form 'user_id/app_namespace:action_name' rather than 'user_id/objects/app_namespace:object_type_name', while everything else stays pretty much the same.
when I do a get request to
https://graph.facebook.com/[userid]
with the access_token i get all the basic info
but when I do
https://graph.facebook.com/me
with the same token i get an error message: An active access token must be used to query information about the current user
I have tried to under stand what can cause that.
I even tried to token that comes with the signed request
I'm on classic asp, with JSON library, I want the auto to be server side if possible. the FB.api("/me" is working but it is not what i really want to achive
I am pretty sure you donĀ“t have a user access token. Did you login the user? Of course you get the public data of every user with your first link, even without any access token. You can even put it directly in the browser and will get results. But for "/me" you have to authorize the user to your app.
See here: https://developers.facebook.com/docs/howtos/login/server-side-login/
It is the same problem as in the other thread for sure, just a different Programming language.
Remember: If the user did not accept at least the basic permissions in a dialog or redirect, he is not logged in and you will never know anything about him in the app (except for some specifics in tab apps, like language, like-status and stuff).
I'm working on a site that is trying to handle realtime feed updates from its users' Facebook accounts. I have the basic stuff in place: the app is subscribed to "feed", and the user's login asks for read_stream and offline_access (just in case) permissions. My test users have logged into FB and granted those permissions, and, when one of those users adds (or removes) a status update, the callback specified in my site's subscription is pinged. So far, all's well.
Now -- as I understand it -- my callback has to call up to Facebook to get the user's feed, so that the callback can do whatever it's going to do with it. That's where I'm having problems -- finding the right access token to retrieve the feed:
I've tried doing this with the app's access token. This token is able to retrieve friend information (also included in the app's subscription and user permissions), but it won't get me the feed.
I've tried all sorts of ways to get the user's access token from inside the callback, but nothing is working. I'm guessing this is because it's not "logged into Facebook" the way that a user in a browser can be, but whatever. Bottom line is I haven't found a way to get this token.
(BTW, if I cheat -- get an access token for the user from Graph API Explorer and hard-code it into the callback, the callback works properly. This is no real solution, of course, but it at least establishes that the rest of my code is working.)
So how does this work? Can the app access token be made to work somehow? Is there in fact a way for the callback to get an access token for an arbitrary authorized user? There's gotta be a way to do this, or there would be no point for realtime feed notifications. Any clues out there? This is SERIOUSLY kicking my butt... Thanks!
You might want to look into this. Instead of taking permission for offline access, facebook now gives short-lived access tokens (2 hours) when the user logs in. These can be exchanged with long-lived access tokens (2 months). Check out this article on how to go about it.
https://developers.facebook.com/roadmap/offline-access-removal/
I've found a solution, perhaps: When the user logs in, I snag their offline_access-enabled access token and save it in the app with the rest of the user's data. Then when I get notified of an update to that user's feed, I can pull the token from the database and pass it over to FB as the token part of the /feed... call. And, it works. There is no doubt some error handling to be done, but I am currently bouncing back and forth between thinking that (a) this is exactly the right way to handle this and (b) it's a terrible hack that is just asking for trouble. I guess I'll see which of these is the case...
Ask for offline_access (as you do) and store the access token. This is exactly why offline_access and access tokens are there, to make requests to facebook in the name of that user. (a) is the right way to go. (a) is the way I do it.
Good luck
When the user is authenticated via OAuth Facebook returns an access-token, but it is valid for few hours. The validity of this token comes with it as token-expiry.
However, this token can be exchanged with a new extended token which is valid for around 60 days. User the following code to get new-token:
URL url=new URL("https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id="+appId+"&client_secret="+clientSecretId+"&fb_exchange_token="+fb_exchange_token;
InputStream Istream=url.openConnection().getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(Istream));
String new_token= br.readLine();
Hope it helps!!