I've an application that only asks for "user_about_me". Now I want to ask for new permission (publish_stream) but the response object returns "connected" if the user ignores the new permission. Because I want to post to the user's wall I'll get an error when posting to the user's wall "The user hasn't authorized the application to perform this action".
How can I do this?
I'm using Javascript SDK.
Basically you have to handle all the possibilities for user permissions/authorization when a user logs in. Here is a simplified working example from some FB integration I have done:
FB.Event.subscribe('auth.login', function(response) {
if(response.status === 'connected'){
FB.api('/me/permissions', function(resp) {
if(resp.data[0].publish_stream){
//User has permissions and authorization
}
else{
//User has not enabled publish stream, ask them to enable permission
}
}
}
If they have the permissions, I show them their avatar/username and some other options. If not, I present a link that asks them for the required permissions when clicked.
Related
in our apps we have the option to share activity on Facebook after which the users get a small reward. In recent days this feature has stopped working for some of our users because we didn't get "post_id" from your side which we need to determine if the user should get a reward.
We found out that this happens when the user hasn't given us the "publish_actions" right. Therefore we have added a check for this right and we try to request it this way:
FB.api('/me/permissions/publish_actions', function(response) {
// pokud mame pravo na zverejneni obsahu hned postujeme
if (response.data && response.data[0] && response.data[0]['status'] === 'granted') {
postShareReport();
} else {
// pokud nemame, tak si zkusime vyzadat pravo
FB.login(function(response) {
if (response.authResponse) {
// pokud nam ho dal, tak postujeme
if(response.authResponse.grantedScopes && response.authResponse.grantedScopes.indexOf('publish_actions') !== -1) {
postShareReport();
}
}
}, {scope: "email,publish_actions",return_scopes: true, auth_type: 'rerequest'});
}
});
However, here we encountered another problem. The publish_actions right is not requested from some users even though they haven't given us this right. The login process does go through, however. The user doesn't receive the window with the option to give us this right.
Thank you
Kind regards
Most permissions need to get reviewed by Facebook: https://developers.facebook.com/docs/facebook-login/review
Without review, publish_actions only works for users with a role in the App. Ohter users don´t get asked for the permission in the authorization process.
Btw, not getting a Post ID or information if the user really shared something is intentional, because rewarding the user in any way for sharing is not allowed. You need to read the platform policy before creating any App, that rule is in there since years:
Only incentivize a person to log into your app, enter a promotion on
your app’s Page, or check-in at a place. Don’t incentivize other
actions.
Source: https://developers.facebook.com/policy/
I have created a custom story to be posted on facebook timeline when user clicks on a share button.
While i was logged into facebook, I could successfully post on timeline using the following code
function postLike() {
FB.api(
'https://graph.facebook.com/me/og_pricepan:compared',
'post',
{ product: objectToLike,
privacy: { 'value': 'SELF'}
},
function (response) {
if (!response) {
alert('Error occurred.');
} else if (response.error) {
document.getElementById('result').innerHTML =
'Error: ' + response.error.message;
} else {
document.getElementById('result').innerHTML =
'<a href=\"https://www.facebook.com/me/activity/' +
response.id + '\">' +
'Story created. ID is ' +
response.id + '</a>';
}
}
);
Now, when the user is not logged into facebook, I get the following error:
Error: An active access token must be used to query information about the current user.
Shouldn't the login window get open by itself asking the user to login into facebook or I need to do something on my end to handle this situation?
Also, do i need to submit my application for review before users can create custom stories from my website to their timeline?
Shouldn't the login window get open by itself asking the user to login into facebook or I need to do something on my end to handle this situation?
No. You need to explicitly login the user by following the Facebook Login Flow to request an access token
Also, do i need to submit my application for review before users can create custom stories from my website to their timeline?
Yes and No. No, because it's not like you will have someone from Facebook Support Team going through your app to make sure your app ticks all the boxes. Yes, because you will need to register your app with Facebook. So, technically all you need to do is register with Facebook as a developer and register your app in order to get an app secret and API key. You can have your app in "Sandbox mode", create test users and test your integration with Facebook before you publish it live. There's few requirements you need to meet before publishing it, such as providing set of logos of a specific size, etc. Here's a blog explaining part of the process, but really, the process is very straight-forward and you should be able to get through easily by yourself.
Now, the error you are getting says it all. There's no user logged in to facebook. The endpoint you are trying to post to, requires a active valid access token, if it doesn't exist then there's no context, no user authenticated and you need to explicitly authenticate the user by invoking the login dialog...
FB.login(function(response) {
if (response.authResponse) {
// The person logged into your app
} else {
// The person cancelled the login dialog
}
});
If you need to know whether a user is logged in or not, you can follow to simple approaches:
1.By invoking the FB.getLoginStatus function
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
var uid = response.authResponse.userID;
var accessToken = response.authResponse.accessToken;
}
else if (response.status === 'not_authorized') {
// the user is logged in to Facebook,
// but has not authenticated your app
}
else {
// the user isn't logged in to Facebook.
}
});
2.Or, by subscribing to the auth.authResponseChange event when initializing the framework and setting the status option to true
There's a full-legged tutorial on Facebook Developers Site for Javascript SDK explaining both approaches.
Hope it makes sense
Perhaps I am going about this the wrong way but I have a website that allows facebook login.
If the user has already registered on my website
and is logged into facebook but not logged into my site
when visiting the login page i check for their facebook login status and get response.status === 'connected' via-
FB.Event.subscribe('auth.authResponseChange', function (response)
{
if (response.status === 'connected')
{
var s = JSON.stringify(response.authResponse);
LogMeIn(s, function(response)
{
HandleAjaxError(response, function(msg)
{
window.location = '/_/';
});
});
}
}
I then want to pass their authResponse object to the server and confirm that this userid works with this token before I log them in as this user
I have read to simply grab the json contents of -
https://graph.facebook.com/{userID}?access_token={accessToken}
and if it does not return an error then it is good! But when testing this method I noticed that the same access_token worked for two different user ids (meaning it did not return an error for the userid that was not logged in on my computer). Instead it returned the facebook user object with name , location etc.
This really surprised me, as I expected the access_token to work only with a single user id.
In an effort to prevent someone from simply changing the user id before continuing the script I need to authenticate via server side. What is a way to accomplish this?
Proof, go to these links to see profile information
My profile-
https://graph.facebook.com/1233822590?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Another userid with same access_token-
https://graph.facebook.com/100000116781159?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Nothing to be surprised. You can fetch the basic details of any user of the facebook using the access token of any user of the facebook.. So this isnt really good way to validate the token. Moreover, that confirmation of token part isnt required.
If you want the authorization through server side go through.this link
I am logging users into a web site via facebook's Javascript SDK. After the user clicks the "log in through fb" button, I would like to generate different responses depending on whether the user click "ok" or "cancel" in facebook's confirmation. Here is the code I use when they click the fb button.
$("#fb").click(function() {
FB.login(function(response){
FB.api('/me',function(response){
// I believe the test to see if they are logged in or not should go here
});//FB.api
},{scope:'publish_actions, email, user_likes, user_location'});
});
Any advice is appreciated. Thanks!
According to facebook's documentation:
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
// the user is logged in and has authenticated your
// app, and response.authResponse supplies
// the user's ID, a valid access token, a signed
// request, and the time the access token
// and signed request each expire
alert('a');
} else if (response.status === 'not_authorized') {
// the user is logged in to Facebook,
// but has not authenticated your app
alert('b');
} else {
// the user isn't logged in to Facebook.
alert('c');
}
});
It worked for me. Hope it helps someone else.
How can i add properties (related to the user data access) to a facebook application dialog? for example not only access his basic information, but also to access other personal properties?
When you ask a user to authorize your application it includes all the basic user data, plus public data the user shares.
If you want any other permissions you need to ask for them while authenticating the user or later on when you need them.
In order to ask for them in the auth process use this tutorial: Server-Side Authentication and the OAuth Dialog tutorial.
If you want to ask for more permissions after the user has already authorized your app you can do it in a very simple way using the js sdk:
FB.login(function(response) {
if (response.authResponse) {
console.log("user logged in, auth response: ", response.authResponse);
FB.api("/me/permissions", function(res) {
console.log("permissions: ", res);
});
}
else {
console.log("User cancelled login or did not fully authorize.");
}
}, { scope: "email,publish_stream" });