So there's an app, let's say it's an app that is capable of delivering relevant news based on the user's choice done the first time he runs the app. Is there a way to post the news to the user's wall without having the user to be online and ideally as the app?
So on his/hers timeline it would look like this (edited image, not a real post from some app, it's just so you get what I mean):
When I use $facebook->api('/me', 'post'), it just creates a post as the user, which is not what I want and does not allow me to post when the user is not logged in.
You can use the server side authentication to get a long lived access token (60 days) which you can then use until the token times out. Then you'll need to have the user reengage with your app to get a new token.
You can get the same thing by using the client side authentication and then extending the token on the server side.
Another options which should work for you is to get an app access token (which does not expire) and ask the user for the publish_stream permission, then:
App access tokens can also be used to publish content to Facebook on
behalf of a user who has granted a publishing permission to your
application.
Related
In my web app, I need to post on users facebook feed while they are offline. I already store long lived access tokens for the users. But these tokens also expire after 60 days.
The FB docs mention that it is necessary to redirect users to the login flow to get a renewed access token.
I was thinking of checking the facebook session validity of user, whenever they login to my app and to give them the option of re-authenticating facebook in case their access token has expired.
However this will involve user interaction if the user is not currently logged in to his facebook account.
Are there any alternative solutions to look at. Also, how do sites like Quora manage posting to user's wall, without needing to re-authenticate facebook after every 60 days.
PS - I am using the latest facebook php sdk.
Simple Answer: It is not possible to extend the Access Token on the server. It would make the whole concept void.
Earlier there was a permission called "offline access", but they changed it to an extended token with maximum 60 days to avoid those things. You should NEVER post anything on the wall of the user without his authorization, for every single post. You are not allowed to autofill/prefill the message parameter anyway (see Facebook terms), it always must be 100% user generated.
About Quora: i donĀ“t know what exactly they are doing, but i assume they refresh the Access Token whenever the user goes to their website.
I'm trying to figure out a core concept in FB that even after reading a lot of FB documentation, couldn't understand.
Let's say I'm building an app (that will reside in a tab), in which I want to see the last post of a user. I want to do this approximately one month after the user approved my app, without him using the app again.
I assume I will need to use a long-lived expiration token that will be saved to my DB.
A month after I will run a procedure that will use this token and check the user posts.
Is this correct?
What about a situation in which the user logged out? The token is no longer valid.. does this mean I will never be able to access user posts unless he will access my app?
Isn't this a bit weird (since he already approved my app)?
Not necessarily.
Firstly, you need the read_stream permission from the user when they authenticate your app. Then, because you are intending to use Facebook as the app, rather than as the user, you need to authenticate as an app, which is a simple process:
In order to get an access token for the app, all you need to do is use the following URL:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials
Because these tokens are time-limited, it may be easier to request a token each time you use the Graph API, rather than storing it in a database and waiting for it to expire.
Then, all you need to do is use the following request:
https://graph.facebook.com/USER_ID/feed?access_token=YOUR_ACCESS_TOKEN
The upside to this is that it does not matter whether or not the user is logged into Facebook.
See here for more details:
https://developers.facebook.com/docs/authentication/applications/
I need to implement a system to retrieve information from a user of facebook independently of the user being logged into facebook.
I have user access token in my database but every time the user needs to login on facebook.
My question is how the authentication of Hootsuite (hootsuite.com) works because there it is not necessary.Just logging in the Hootsuite is possible to recover all data from facebook.
What you are talking about (If I understand you correctly) is a breech of privacy in the eyes of Facebook. A user has to be interacting with an application in order for it to retrieve information about the user.
Facebook's API access works by means of an access_token that is specific to the user and the application that requested it. access_token's have a limited time frame that they are valid, after that the application would have to request a new one or request an extension on that token. In either case, the user would have to be interacting with the application, and therefore logged into Facebook, when such a request is made.
I'm unfamiliar with the website you referred to but it is not in the scope of this site to reverse engineer some one else's application.
I have an application which uses offline_access to get permanent access to different pages.
Users can install this application and add it to pages, where they are admins.
With an external Backend they can administrate their app and let it post different things (Competitions, ...).
So they don't have to stay logged in to Facebook.
Now... there is the problem...
On May 1st the offline_access permission will be removed and the customers have to get a new Token for their Pages every 60 days.
Since now I'm using the offline_access feature for our customers to get non-expiring Page-Tokens.
Is there any workaround for that?
Often it's just a Facebook sub-account of the customers to run the app. So it's possible that they don't login for 60+ days = the access token will expire and the application won't work.
redirect them to a link of your app in facebook when their access token expired like this
http://apps.facebook.com/xxx/reaccess.php?ref=REF_URL
Get new access_token & redirect user back to your app's original page again
i dont think you be needed to ask them again for permissions
Remind the user to re-authorize access before the expiration of the token. Do this by sending them an app-to-user request and and an email (because app-to-user requests don't generate a notification). In the email include a link directly to a web page which instantly pops up the authorization dialog (and do something similar with the app-to-user request).
I am using the facebook graph api to integrate some facebook functionality for users into a project i am working on. Its very early stages and I am just getting to grips with the Facebook API but it appears that every time a user logs on to my site they will also have to log into Facebook. On the first time they also have to authenticate my application.
I am a little surprised that they have to actually log into Facebook each time they want to use any Facebook features from inside my app.
Isn't there a way to authenticate once, then I can store a token and this would allow me to access Facebook on their behalf in the future (until they de-authorize) without them having to log into Facebook each and every time?
This just seems very cumbersome.
Request the user for offline_access permissions using the scope argument in the authorization request
http://developers.facebook.com/docs/authentication/#requesting-extended-permissions
You can use the session key returned, save it and use it until it expires (this usually is very long) or until the user revokes access to your application
Here is the full list of extended permissions your application can ask for http://developers.facebook.com/docs/authentication/permissions