From the documentation it seems that the user should always authorize the Facebook application even to access basic permissions.
However, sites like Rotten Tomatoes and Clicker.com auto-authorize the logged facebook user without showing the authorization dialog. If you visit one of those sites for the first time they will be able to access your public data without you authorizing it. If I go to the Apps on my facebook settings, an entry will appear showing that I gave access to those applications (but I DID NOT).
How can this be possible? Is it related to the "Instant Personalization" feature for selected partners?
Thanks
Well, I was doing some research and yes, it's all about Instant Personalization.
From Facebook:
We've partnered with a few websites to provide you with great,
personalized experiences the moment you arrive, such as immediately
playing the music you like or displaying friends' reviews. To tailor
your experience, these partners only access public information (like
your name and profile picture) and other information you've made
public.
From one of its partners:
Clicker.com
So -at the time I'm writing this- unless you're a partner of Facebook, you'll have to show the old OAuth dialog.
Hope it helps!
Related
I have a facebook user who is the owner of the company I work for. He has a single Facebook page, which is the "company page" on Facebook. He created a FB "app" with permissions "manage_pages" and "publish_actions". So the FB api can post to his FB Page, on his behalf, as the app.
Inside the company, we have a few hundred people that use an intranet-based software app. When the users engage in a certain function in the software, the code uses the Facebook API to post a message to the public company page using an access token of the FB account of the company owner. This system works great, but the app is not yet approved, so no one can actually see the posts on the FB page except the company owner.
The software is only available inside the company building, it's not reachable via the Internet. There would be serious intellectual property concerns with allowing an anonymous facebook employee into it. There would be security concerns about making this all public on the web. So I have to presume that FB will not be able to see the backend here - where the posts are created.
So because of this, I've run into problems getting the app reviewed because I have no way to let Facebook reviewers actually see the software where the user creates the post, as they requested.
Is this considered a non-starter setup by FB, or does FB have any contingency for this situation? Or do they expect every FB app to be used in a completely public environment? I'm just thinking surely I'm not the only person trying to use a FB app to post to a company page from a publicly-inaccessible place inside that company?
Thanks!
This was the answer to the problem, thank you CBroe: It is not a matter of approval that makes the app's postings viewable by everybody, but simply of the app still being in development mode.
The actual Facebook gui in the app dashboard doesn't say "development mode" on/off like it used to. It now says "do you want to make this app live to the public". I selected "yes" which made the app's postings viewable by everybody.
In my case, the original confusion stemmed from the fact that we didn't want to make the app live to the public, we only want our one company owner to use the app - so we naturally did not change that setting to "live".
I'm working on a Facebook app that requires a few basic permissions (email, birthday, etc) as well as publish_actions (so I can create stories about user interaction).
When I ask for these permissions, the end user is presented with one screen for the basic permissions and yet another for the publish_actions permission.
However, when I looked at the following app from Amazon:
http://www.amazon.co.uk/gp/socialmedia/promotions/SprngSweep
When I click on the enter button, I am redirected to Facebook to ask for permissions (as expected), however, they have all their permissions one page (Amazon would like to access your public profile, friend list, email address, birthday, photos, videos, personal description, likes and your friends' birthdays and likes. Amazon would like to post on your behalf. Amazon would like to access your data at any time.)
I can't add a picture due to lack of rep
The url that I'm redirect to is this:
https://www.facebook.com/dialog/oauth?client_id=164734381262&redirect_uri=https%3A%2F%2Fwww.amazon.co.uk%2Fgp%2Fsocialmedia%2Ffbr%2Fconnect-handler.html%2Fref%3Dfbr_hn_SprngSweep%3Fie%3DUTF8%26appName%3DAmazon%26externalApp%3DKindle%26onSuccess%3D%252Fgp%252Fsocialmedia%252Fpromotions%252FSprngSweep%253Fie%253DUTF8%2526sm-sweeps_submit%253D1%2526sm-sweeps_submit.x%253D66%2526sm-sweeps_submit.y%253D20%2526sweepsConnect%253D1%2526sweepsEligibility%253D1%26ref%3DSprngSweep%26token%3D6CBF36BD25311891B2F205333EFA3AA78E561AB9&scope=
While attempting to investigate this myself, I noticed that they aren't even passing a value for scope in the url.
How the hell are they doing this?
Most likely they are using an old API (FB changed the behavior over there recently, read their blogs please) or they are using hidden features which FB created for them (as this has an impact on there advertising revenue obviously, and even these guys are "coin operated").
The "two pager" is normal, FB API and FB advertising API quit the same. I wouldn't worry.
I just created last week an App and I've read that offline access doesn't work with newly created apps.(I haven't found any tutorial on the web. I am really new to facebook apps)
with this new change in facebook, I don't know how to use the current thing.
I badly need this feature because I don't want the user keeps logging-in in facebook everytime he visits and posts a status in my site as well in his facebook wall. I just want the user to be stayed connected and be able to post on his wall automatically thru my site once he authorized my app.
Thank you.
There are very clear and simple instructions on the following documentation to explain what you need to do to switch to long-life access tokens:
https://developers.facebook.com/roadmap/offline-access-removal/
Also, from your description, it sounds like you are spamming and breaking Facebook Platform Policies. Users will hate any app that automatically posts on their behalf, so I recommend you do not do that, as either people will stop using your app or they'll report it and it'll get banned.
This is my first post in this facebook's stackoverflow forum. My background is on wireless baseband prototyping on FPGA platform and do not have any prior experience with facebook development. Now i have a chance to work on social network related development work and i'm quite excited. Anyway above is just my background introduction.
Here i want to create a virtual Facebook user. Imagine you are interacting with your refrigerator on Facebook. This is the kind of concept we want to show.
Following are the functionality i would like to have at my virtual's facebook account..
1) recognize real friend check-in and messages posted on his/her wall.
2) ability to write messages on real friend's wall.
3) recognize messages posted on virtual account's wall.
4) ability to write message on virtual account wall.
How can the virtual account be equipped with such functionalities? Can i achieve by writing a facebook application? Please advise the direction i should look at.
Cheers,
Phone Naing
The facebook api lets you query their graph but it requires an access token to do that.
There are 3 main token types: User, Page and App.
Your app would be able to get an app token easily but it's limited to public data only, like data of public pages.
For a page and user tokens you'll need the actual user to interact with your app in order to get the token.
You can get the friends check-ins, feed, images, events and so on by asking for the right permissions from the user (there are user permissions and friends permissions).
You can also post to friends wall with the "publish_stream" permission.
For "recognizing" posted items on a user wall you can either recheck the user feed every once and a while and compare what you had and what you get or use the Real-time Updates.
With all of that said, I seriously doubt that you'll manage to pull something like that with the current limitations of the facebook api.
Let's start with the fact that facebook does not like profiles to be "vritual", they want the profiles to be of real people.
Of course that there are plenty of virtual profiles but they can remove them (and sometimes do).
Even if you do have these virtual profiles, since they are virtual they won't interact with your application using facebook, that is won't be logged in to facebook via their channels (web interface, android or iOS, etc).
Because of that you won't be able to get a user access token which you need for all of the information you want.
Since the deprecation of the offline_access permission there's no way to have a token which is valid for a user for more than about 2 months, which means that for each "virtual user" you'll need to log him in to facebook and then interact with your app to get a new token.
You can create a page instead of a virtual profile, which will also be fine with facebook.
But here again, you need a user to actually interact with facebook and your app to get a valid page access token, and even if you get that, it's not enough for the data you want to ask for.
To put it all together:
I think it can't be done.
I've done a little searching and was wondering if there is a way to link a users account in our web app with their social media accounts they choose to link (facebook, twitter, etc). i.e. when they log into our web app they are auto logged into facebook, twitter, etc?
I see facebook has an api to login to our web app using their facebook book account but I want it to work the other way around, I want them logged into facebook when they log into their account via our web app.
Thanks,
Ryan
It is definitely possible-from your question I assume you would like to pull data and make actions on behalf of a user? If so, you will need the offline_access permission as well as all the other permissions you will need (check out the list here to see exactly which ones you require). Then, you can trigger a script on your server that tell facebook as soon as the user is logged in to your site, to log in your application as the user as well.
NOTE: You might be going about this in the wrong way. I would advise that you specify a bit more details on what exactly you need the user to be logged in for, and I can (probably) provide you with a decent answer.
EDIT: In response to your question in the comment, Ryan, here is my answer:
You need to divide this problem into 2 different situations-one: your company wants you to write all the code from scratch and don't use what facebook has to offer, in which case you should create a custom login script that enables your users to use their facebook account as the Actual user account in your web app. This is the best solution in my opinion, and is supported by the ever-so-awesome Jeff Atwood. Here's a link to how to do just this, and a tutorial about this also.
Or your company is comfortable with using Facebook's Social Plugins.
Then you should focus on Like Button & Comments : These social plugins are the best way to enable people to create social experiences if they're already logged in.