Ive searched high and low for an answer to this on here but havent been able to find anything. Please answer if you can, its appreciated.
The Setup:
Im learning how to work with the PHP Facebook API SDK by using one of the examples as a base. Im new to working with APIs so Im a little confused and have been having a problem trying to list a users groups.
The Question:
Ive got the app made. Ive got the proper permissions and extended permissions. I am able to get the users name and basic info.
I think my problem comes with the access token required to access the extended permission needed to get a users groups. Im not sure if Im sending it to the API correctly.
This is what Ive got:
<?
if($user_id) {
// We have a user ID, so probably a logged in user.
// If not, we'll get an exception, which we handle below.
try {
$access_token = $facebook->getAccessToken();
$user_profile = $facebook->api('/me','GET');
$user_groups = $facebook->api('/me/groups','GET', array( 'access_token=' => $access_token ));
echo "Name: " . $user_profile['name'];
echo "<br />";
echo "Groups: " . $user_groups['name'];
} catch(FacebookApiException $e) {
// If the user is logged out, you can have a
// user ID even though the access token is invalid.
// In this case, we'll get an exception, so we'll
// just ask the user to login again here.
$args['scope'] = 'user_groups,user_likes';
$login_url = $facebook->getLoginUrl($args);
echo 'Please login.';
error_log($e->getType());
error_log($e->getMessage());
}
} else {
// No user, print a link for the user to login
$args['scope'] = 'user_likes,user_groups';
$login_url = $facebook->getLoginUrl($args);
echo 'Please login.';
}
?>
Any help is appreciated.
Thanks.
I'm not exactly sure, but here are a few points:
There's no reasons to manually add the access token when using a facebook sdk, those will add the access token for you. Should be:
$user_groups = $facebook->api('/me/groups','GET');
The format of the json encoded result for the "/me/groups" is completely different than of the "/me".
Where the result for "/me" is just a set of key/value data, the result for "/me/groups" is wrapped inside a "data" parameter which is an array of objects.
As it states in the User Object documentation (under the groups connection):
An array of objects containing the version(old-0 or new Group-1),
name, id, administrator (if user is the administrator of the Group)
and bookmark_order(at what place in the list of group bookmarks on the
homepage, the group shows up for the user).
When in doubt about how facebook responses to different queries, use the Graph Explorer tool with which you can test the different queries and see the responses that facebook returns.
For example the result for /me and the result for /me/groups
Related
Hy,
I'm need to get a user's friends (Name, unique ID, profile pic). Graph api v2.0 does not allow that if I'm know it well. Is there any workaround, or solution, to get the necessary data?
I'm working with PHP SDK.
Thanks, Dave.
It's no longer possible to get all friends of a certain user with Graph API v2.0. Furthermore, all friend-related permissions have been removed.
See retrieve full list of friends using facebook API
Yes, you can get the list of your friends, but your friends first need to access your app, and grant permission first. You may ask permission with the following code ->
$params = array( 'scope' => 'public_profile, user_friends');
$login_url = $facebook->getLoginUrl($params);
echo 'Please login.';
And then this to print your list ->
$fr = $facebook->api('/me/friends','GET');
foreach ($fr['data'] as $value) {
echo "<pre>";
echo "Friend Name: ";
print_r($value['name']);
echo "<br />";
}
Please note, this is when you use the SDK v3
I'm trying to find the ID of the user visiting my page tab (without having to make him authentify before using the page)
I've tried several methods:
$requete_fb = $facebook->api('/me');
$me = $facebook->api('me', array('fields' => 'username'));
$request = $facebook->getSignedRequest();
$uid = $facebook->getUser();
But all of them did not work (getUser returns me 0, the others PhP errors.)
So how can I do that? I'm not trying to break the TOS, I'm trying to fetch basic information (the locale).
Any other way to do it?
It is not possible to get a user_id without the user's permission:
The user_id and oauth_token will only be passed if the
user has authorized your app.
However the locale is available in the user object. Please see Signed Request for more information.
I know there are many Q&A on here about this but I can't seem to make sense of them because they don't show full code examples or are for doing something different than what I'm trying to do.
I have a simple facebook welcome-test tab. Not a canvas app. I want to be able to get the users id but have to make it prompt them for access to that info before it will show up in the signed request.
So what I'm looking for is a code example for a simple welcome tab. I don't need a login page or anything like that since this will be in the fan content page so they will have to be logged in already. I just want that dialog box to popup asking them for permission so I can get the userid.
Thanks
Edit:
I wanted to add that I just figured out my problem but it's not really an answer to this question. I figured out how to get the user id without asking the user for permission to access their profile. It was as easy as adding this code to the page and it works in a tab and canvas app the same way. getUser() by its self returns 0 but since the user is already logged in to be seeing this content, when getUser() returns 0, then the code simply gets the user id from the API method. Now that I finally figured this out it seems simple.
$session = $facebook->getUser();
if (!$session) {
$url = $facebook->getLoginUrl(array(
'canvas' => 1,
'fbconnect' => 0
));
echo "<script type='text/javascript'>top.location.href = '$url';</script>";
} else {
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
$updated = date("l, F j, Y", strtotime($me['updated_time']));
echo "Hello " . $me['name'] . "<br />";
echo "You last updated your profile on " . $updated;
} catch (FacebookApiException $e) {
echo "Error:" . print_r($e, true);
}
}
I'd still like to know if there is a way to make the extended permissions dialog show for a tab app so it will be good to see solutions for php sdk.
you need to prompt them for allowing your application to pull data on the user
this can be done using the JS SDK's function FB.login(). you can have more details in the facebook documentation : http://developers.facebook.com/docs/reference/javascript/FB.login/
notice that the popup can be opened only on mouseclick or keyup events - otherwise popup blockers will block it.
you will also have to set a domain and site url to the application in the developers site, and init the facebook js library (the loading paragraph in - http://developers.facebook.com/docs/reference/javascript/)
<div onclick="login();">click here to login</div>
<script type="text/javascript">
function afterLogin(){
alert("user logged");
}
function login(){
FB.getLoginStatus(function(response){
if(response.status=="connected")
{
afterLogin();
} else {
FB.login(function(response){
if(response.status=="connected")
{
afterLogin();
}
});
}
});
}
</script>
I don't think facebook allows this... Facebook does not want a user's tab to be able to detect who is looking at it, and possibly displaying information to a user's friends that isn't displayed to the user.
I can be wrong :)
I sign in with FB fine if I directly create a page at domain.com/someurl.php
The moment I copy the same code (inc html) into a view file with codeigniter and go to domain.com/login/someurl.html it doesn't work. By it doesn't work I mean, I get an exception if i try to access /me after signing into facebook.
The message reads "An active access token must be used to query information about the current user"...
In my controller i have my index function and all it does is load the view with the facebook login code.
I thought I may be doing something wrong but I copied the sample.php from the facebook sdk and paste it into the view file and the same thing happens. If i copy the sample code into the file at someurl.php it then works as expected...given the situation I suspected it may be something to do with codeigniter and possibly some config option I have that causes that behaviour...
I've been looking up the error for a while now and have found a few resources:
http://benbiddington.wordpress.com/2010/04/23/facebook-graph-api-getting-access-tokens/
Facebook access_token invalid?
Facebook authentication issue
https://github.com/facebook/php-sdk/wiki/AccessToken
but none of the suggested fixes have worked.
Right from the sample:
// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
'appId' => 'APPID',
'secret' => 'SHHHH',
));
// Get User ID
$user = $facebook->getUser();
// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
It doesn't work in the view and I'm stumped as to why or why none of the fixes or "precautions" such as not using type or ensuring the redirect url is the same etc, work.
EDIT:
I'm trying to avoid using domain.com/somefile.php and instead use a view file like every other page...
The issue has cropped up in other places such as the Elliot Houghin fb/CI library.
I found a solution documented in a tutorial here:
http://www.dannyherran.com/2011/02/facebook-php-sdk-and-codeigniter-for-basic-user-authentication/
The problem could be cause from one of several issues pointed out on a an issue on Elliot's github repo. I tried many of the suggested "fixes" but the one that seemed to help was not using the facebook instance as a class property. After trying the tutorial at the above link I tried a fresh install of CI again and created a facebook instance inside the function, the API calls with the FB SDK then worked and had no problems so far.
Bug report with suggested fixes #
https://github.com/elliothaughin/codeigniter-facebook/issues/5
My site utilizes lifetime access tokens (offline_access). However, if the user changes his/her password, the access token gets reset. Is there a method to check if the current access token is valid before making calls to the Graph API? Thanks for your time.
Offline, without sending anything to facebook - I don't think so. The easiest way is probably to send a request to:
https://graph.facebook.com/me?access_token=...
Facebook also supports subscriptions for real-time updates, but I am not sure how to apply them to this situation.
If you want to know the token expiry time you can pass a open graph url using appid and token as below it will work .
https://graph.facebook.com/oauth/access_token_info?client_id=APPID&access_token=xxxxxxxxx
Basically, FB wants you to poll for it, or to detect the case and redirect the user to get a reauth to occur. Annoying, but official:
(Old, out of date link. See below) https://developers.facebook.com/blog/post/500/
Edit: Facebook changed their link structure without redirects. Not surprised.
https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
You can check the token using the token debug service , take a look here
https://graph.facebook.com/debug_token?input_token=INPUT_TOKEN&access_token=ACCESS_TOKEN
https://developers.facebook.com/docs/howtos/login/debugging-access-tokens/
The real time updates would allow you to solve this problem, but it would be pretty complicated. Basically, you can subscribe to updates that will tell you 1) if the user removed the app or 2) if the user removed permissions. You could use this to store the current permissions of the faceboook user. This way, if the user removed your app you would know that the access token is expired.
Real time updates is actually facebooks recommended way of handling permissions. Many apps make api calls every time a page is loaded to check for permissions. This tends to be slow and unreliable.
I went through these posts, bud I found very good solutions like this:
GET graph.facebook.com/debug_token?
input_token={token-to-inspect}
&access_token={app_id}|{app_secret}
Response from this request provides you everything you need:
your app ID - this verifies that token is from your application
application name - which can be also checked
expires_at - token expiration time
is_valid - boolean for check up
user_id - which you can also compare and check
Just note that "|" sign must be there as a letter
//When user access token expires user must be logged in and renew the access token him self.it is a Facebook policy
//you can overcome this by sending email to users who have expired access token.
//create a table of successful sending to monitor sending process
//if any failure happened with the user an email is sent to him to ask him to activate there account again.with a link to your subscription page.
//and here is the code should be written on that page.
$app_id = "YOUR_APP_ID";
$app_secret = "YOUR_APP_SECRET";
$my_url = "YOUR_POST_LOGIN_URL";
// known valid access token stored in a database
$access_token = "YOUR_STORED_ACCESS_TOKEN";
$code = $_REQUEST["code"];
// If we get a code, it means that we have re-authed the user
//and can get a valid access_token.
if (isset($code)) {
$token_url="https://graph.facebook.com/oauth/access_token?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret
. "&code=" . $code . "&display=popup";
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token'];
}
// Attempt to query the graph:
$graph_url = "https://graph.facebook.com/me?"
. "access_token=" . $access_token;
$response = curl_get_file_contents($graph_url);
$decoded_response = json_decode($response);
//Check for errors
if ($decoded_response->error) {
// check to see if this is an oAuth error:
if ($decoded_response->error->type== "OAuthException") {
// Retrieving a valid access token.
$dialog_url= "https://www.facebook.com/dialog/oauth?"
. "client_id=" . $app_id
. "&redirect_uri=" . urlencode($my_url);
echo("<script> top.location.href='" . $dialog_url
. "'</script>");
}
else {
echo "other error has happened";
}
}
else {
// success
echo("success" . $decoded_response->name);
echo($access_token);
}
// note this wrapper function exists in order to circumvent PHP's
//strict obeying of HTTP error codes. In this case, Facebook
//returns error code 400 which PHP obeys and wipes out
//the response.
function curl_get_file_contents($URL) {
$c = curl_init();
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_URL, $URL);
$contents = curl_exec($c);
$err = curl_getinfo($c,CURLINFO_HTTP_CODE);
curl_close($c);
if ($contents) return $contents;
else return FALSE;
}
Offline - it is not possible
Ask that user has given permission or not:
https://graph.facebook.com/{facebook-id}/permissions?access_token={access-token}
If access token is invalid then it will give error:
{
error:{
message:"The access token could not be decrypted",
type:"OAuthException",
code:190
}
}
Otherwise it will give list of permission that user has given:
data:[
{
installed:1,
...... permission list.........
bookmarked:1
}
]
Updating this as things have changed since OP:
You can debug access tokens here: https://developers.facebook.com/tools/debug/accesstoken?version=v2.5&q={access_token}
Otto's answer of the facebook post seems to be the official response on this question, however it uses straight PHP instead of the SDK and also uses JS to resolve the issue instead of PHP. If you are using PHP to check for a valid session you often need a PHP method of ensuring a valid session in order to continue.
The following code checks for the me object with the graph API. If an exception is thrown it destroys* the current Facebook session.
try{
$facebook->api('/me');
}
catch( FacebookApiException $e ){
$facebook->destroySession();
}
This forces later graph calls to instantiate a new Facebook session. This at least gives you access to public data so that you can render pages do not require FB user permissions:
$facebook->api('/userName');
To reobtain user permission access the user will need to login to your app (this is distinct from being logged into Facebook itself). You can do this with JS or with PHP:
$facebook->getLoginUrl();
*Note the destroySession() call is not in a tagged release of the PHP SDK yet. Use the master branch or patch it in.