I've searched stackoverflow all day long to find an answer without luck, so here we go.
I'm trying to fetch data from the stream table like this:
FQL: SELECT post_id, message, created_time FROM stream WHERE source_id = 131559313586863
URL: https://graph.facebook.com/fql?q=SELECT+post_id%2C+message%2C+created_time+FROM+stream+WHERE+source_id+%3D+131559313586863&access_token=10669xxxxx74470|PF-7GSdBx0Nxxxxxkdi1KwSQG-w
But I get a 400 Bad Request as response with the error message: "An access token is required to request this resource.".
I'm fetching an application access token with this url: https://graph.facebook.com/oauth/access_token?client_id=FACEBOOK_APP_ID&client_secret=FACEBOOK_APP_SECRET&grant_type=client_credentials
Facebook state in this blog post that "You will need to pass a valid app or user access token to access this functionality.". Functionality refers to /feed and /posts (the stream table). Futhermore this wiki tells the same story about using the stream table, "From June 3 2011 a token is required to query this table. You can use any application or user token to make the query.".
Does anyone see my hopefully obvious flaw?
Please note:
The profile in the FQL query is public.
I need this to run userless though a cronjob. No user interaction is possible.
The request works if I replace the app access token with my own user token from https://developers.facebook.com/tools/explorer
Are you sure your app isn't set as 'desktop/native' in the app settings? if so, the app access token can't be used
Works fine for me – once I put in a valid access token and use HTTPS.
Related
I was able to fetch facebook events through my code until couple of days back and it used to return me proper JSON data with all the requested fields.
Suddenly i am trying to do it today again and i get only id value and nothing else. Any idea what went wrong.
http://graph.facebook.com/userid?limit=20&fields=events.fields(description,end_time,location,name,ticket_uri,venue)&access_token=access_token
is the request url format i am using.
You must use https:// when passing an access token.
Possibly, your access token don't let you fetch those details since you have not authorized your app to fetch user_events. You can check the access token here.
So, you have to check whether the user have authorized your app for this action or not before making this query. You can also fetch the permissions that user has granted at any time using-
/me/permissions
I've found in documentation that it is possible to use appId and appSecret pair as access_token in the format "appId|appSecret".
The problem, when I'm using this technique with graph API, I don't receive the full information, only some of the fields (permissions are set in the app settings). When I'm trying to use it with FQL I get "A user access token is required to request this resource." exception.
Could somebody route me on the right track how to perform API requests?
My application is running on the server-side, that's why I've chosen these method.
E.g.
When I run GET request on https://graph.facebook.com/me/friends?fields=name&access_token="app_id|app_secret" I get correct response. But when I run https://graph.facebook.com/me/friends?fields=name,notes&access_token="app_id|app_secret" the query returns only friends id's and names. It's worth to mention, that I user has granted access to "notes" for that application.
I think this because this kind of access token can replace the app token, but not the user token.
And with the app token, you can:
This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.
It means that with this kind of token, you don't have any special permission, so your request cannot work.
What you could do is send the user access_token to your server and then use this token to perform the API request.
I am trying to get the post of a Facebook Page throw iOS API and I can't do it without login before (without access token). Is there any kind of solution to make this? Does anyone know it?
The App report me the follow error:
An access token is required to request this resource.
UPDATE
I generate one access token with this structure: APPID|APPSECRET and give it an expiration date. With this, I can access to the public data of my Page :)
Thanks,
David
Graph API Documentation seys:
posts [..] any valid access_token or user access_token
More informations you can find there http://developers.facebook.com/docs/reference/api/page/
Here is live example http://developers.facebook.com/tools/explorer/?method=GET&path=19292868552%2Fposts
+1 well... facebook data is all about "user", therefore you always need valid access_token
there are few exceptions though,
for example, you can display user profile picture without token,
see example;
https://graph.facebook.com/100001789213579/picture?type=large
Is it possible to decrypt Facebook's new OAuth 2.0 access_token ?
I need to somehow get user_id and app_id from the access_token.
PS:
I need to get the user_id and app_id ONLY from the access_token as Facebook Linter used to do.
As others have already pointed out, the access_token is a unique random string, so it cannot be decrypted as such. Also, we all know that the user_id and app_id are prerequesites to generate the token in the first place.
However, let's assume you stored your token(s) in a database and lost the associated user_id and app_id. In that case, it is a valid question on how to retrieve them having only the token at hand. If your token is still valid, this is possible. If it is expired, you're out of luck.
To retrieve the user_id, make a call to:
https://graph.facebook.com/me?fields=id&access_token=xxx
To retrieve the app_id, make a call to:
https://graph.facebook.com/app?fields=id&access_token=xxx
In both cases, the associated id's will be part of the JSON response, regardless of the access_token being an encrypted or unencrypted one.
Let's illustrate this with an example. Let's assume Mark Zuckerberg uses the Graph API Explorer to generate an access_token. Calling the /me endpoint gives you:
{
"id": "68310606562"
}
and calling the /app endpoint gives you:
{
"id": "145634995501895"
}
The ids you were looking for are part of the response.
Please note that this does not work with the access_token shown on https://developers.facebook.com/apps (not sure if this is a Facebook mistake or intentional). Please use the access_token that your app receives via OAuth.
If the access token is in the encrypted format, there's no programmatic way to determine the User ID and App ID.
I struggle to think of a legitimate way you could have come across an access token without already having those two pieces of information since presumably you know your own App ID and the User ID you stored the access token against.
Nevertheless, assuming there's a legitimate use-case for this:
a call to /me?fields=id will return the user ID and/or you can use the debug tool at https://developers.facebook.com/tools/debug to debug the other properties of the access token
Generally you use the access_token to access other data from your application. So for example, your application would authenticate the user then use the access token to access other functions in FB's API, such as the graph:
https://graph.facebook.com/me?access_token=<access_token>
There is no public way of decrypting an access token to get the user id and app id. This is also very likely a massive breach of Facebook policy.
To get an access token in the first place you have to have access to the user and the app id anyway so you shouldn't need to do this. If you don't actually have access to the user or the app id then my guess would be you probably shouldn't even have their access token and have probably obtained it 'illegally'...
This is actually a very simple task, if you look closely at the access token itself. It consists of 3 segments, separated by a pipe character, |:
APP_ID|SOME_STUFF.NUMBER-USERID|SOME_MORE_STUFF
I'm not sure what SOME_STUFF, NUMBER, and SOME_MORE_STUFF are; presumably timestamps, signatures, or other encoded data that facebook uses to keep track of the access_token's validity and so on.
Unless you've obtained the acces_token in question by fowl means, I don't see a problem with being able to access the APP_ID and USER_ID from them (and neither does Facebook, apparently). So all I'll say on that is be responsible :)
The other thing to keep in mind is that this isn't a standard or anything, and is subject to change. So, watch out for that, too.
you don't have to decrypt accesstoken
As far as AppID is concerned,you should get it from facebook whn you make an app there,its your id to connect to facebook.
facebook sends the userId along with accesstoken..
just check your cookies in browser or in oauth case check entire string returned when request for acess token.
Are you sure you're talking about the Access Token here and not the signed request?
When you're Facebook Application is loaded you have a signed request object, which has the information I believe you are looking for (however if the user has not authorized your application their user ID will not be in the signed request, Facebook security)
The only way currently available is to use to Facebook Access Token Lint Tool.
You can consider to automate the process.
If anyone is familiar with the fql query, why am I getting this error for the next query:
https://api.facebook.com/method/fql.query?query=SELECT%20post_id,%20actor_id,%20target_id,%20message%20FROM%20stream%20WHERE%20source_id%20=%20302056140380%20AND%20updated_time%20%3E%201111111
This is the page:https://www.facebook.com/Inna?sk=wall
All I want to do is to retrive the last posts from Inna's wall.
Thank you very much;
You need to provide a valid access_token with the FQL request even though the data is public. You can test it here. You won't need to have any permissions granted to access the feed, but you will need to provide the token.
You will need an access_token of type "Any Valid" as defined here. In short, it means that you can use any access_token that hasn't expired. One easy to obtain access_token is an app access token which you can obtain by going to:
https://graph.facebook.com/oauth/access_tokenclient_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials
You will find YOUR_APP_ID and YOUR_APP_SECRET under your created apps page (or you can create one there if you don't have one).
When you provide the app id and secret to the oauth, you will receive an access_token which you can use for the request until the token expires.