So I have an app that needs to access public info, but needs an auth token. Specifically, I want to get the comments from public pages, and that requires an access token. Ideally, I'd like some sort of "global" auth token, since I'm not trying to access anything that isn't public anyway. Is there any way to have an app-level auth token?
Yes, you can authenticate as an application instead of using the user.
http://developers.facebook.com/docs/authentication/applications/
Related
I understand that i can fetch web services client token through the url
https://www.yourmoodle.com/login/token.php?username=USERNAME&password=PASSWORD&service=SERVICESHORTNAME
and it works. I am getting a token and private token.
but i do not see a refreshtoken url. I can see the expiry date through moodle admin account.
Does anyone how to refresh moodle token?
what is the use of private token?
Thanks
It looks like there's no inbuilt functionality to refresh a token like the OAuth 2 spec. You would need to call the login/token.php again if your API call fails.
Unfortunately the login/token.php file only returns the token and may return the private token (Private token, only transmitted to https sites and non-admin users.). From the client's perspective there's no way to know when the token will expire.
References:
https://github.com/moodle/moodle/blob/master/login/token.php
https://github.com/moodle/moodle/blob/master/lib/externallib.php#L1034
Assuming I satisfy the criteria to scrape FB legally which type of Access Token do I use when issuing the requests?
User Access Token
App Access Token
Page Access Token
Client Token
I'm using a typically configuration to scrape, a server running a daemon in cron. Ideally, it'd be un-associated with my personal FB account. I'm just trying to get information about user-specified public page's public events: location, title, description, start_time and end_time.
If I want to make the daemon not-specific to my personal account, or a page I need a client token, or an app token? But, unlike the app token the client token doesn't require OAuth? Which is what I want. The daemon will run on a secure server, so the secret won't be discoverable. Is that correct? Is the Client Access Token the best for my use case?
If you are scraping public pages with no interest in user data or information, all you need is the app access token. This will give you access to any publicly available info such as pages, events etc.
The easiest way to use an app access token is to append the App ID and App Secret as follows: app_id|app_secret
You can then use to access a public page, e.g.:
https://graph.facebook.com/page_id/events?access_token=app_id|app_secret
There is also no need to ever refresh or update the app access token unless you reset the app secret.
A good way to learn what data you can access with which token(s) and permissions is Facebook's graph explorer tool: https://developers.facebook.com/tools/explorer/
As far as which token to use, https://developers.facebook.com/docs/graph-api/reference/event/ suggests:
Any access token can be used to retrieve events with privacy set to OPEN.
A user access token with user_events permission can be used to retrieve any events that are visible to that person.
An app or page token can be used to retrieve any events that were created by that app or page.
Can we access news-feed, posts and other public information of public celebrity profiles (some of them can we verified too)
like1 and like2
without having access token using spring social or other better way.
You can use an App Token or User Token, for example: https://developers.facebook.com/tools/explorer/?method=GET&path=BeingSalmanKhan%2Ffeed&version=v2.4
It is not possible without a Token.
I use the following code:
$access_token = $object->getAccessToken();
This method sometimes generated an access token (118-char string)
and sometimes it's a 49-character string with a pipe symbol which does not work properly.
Can I use same access token to post feed with different user id?
Why do access tokens not work properly in safari with iframe & non iframe?
Is there any link do access token documentation?
Firs of all there are two type of tokens that are generated by Facebook
Application without User
When there is no user using the application the application uses what is known as "App Access Token". The app access token can be represented as
<APP ID>|<APP Secret>
This token can retrieve all the public domain information for different Objects in Facebook, like it can be used to retrieve basic information about a User with specific ID, likes on a Public Page, Public Posts on a Page.
Application with User
When User authorizes the application Facebook generates a "User Access Token" which is the access token with longer length. You can't use User Access Token of one user to do the actions on behalf of another User and if you try the action will be done as the User for whom the token was generated for(If you are not Using Extended Access Token it will also expire).
There is issue in setting the Cookies within an iframe in the safari due to which there is some issues in the application working.
For further clarification on Access Token check this documentation
I'm new to the Facebook Graph API!
I want to display the 5 latest news feed items from my public Facebook page. I understand you can do that through https://graph.facebook.com/cocacola/feed/?limit=5, but it requires an access token, however, https://graph.facebook.com/cocacola doesn't.
When these access tokens are generated through Facebook's Graph API Explorer, what permissions are given for the token? Just the information already displayed in the above link?
So would it be safe to use the access token via cURL's PHP? I only need read access. Would it be insecure to display the access token in the source code? I'm confused as to why the latter link doesn't need an access token while the /feed/ does, even though it's a public facebook page.
when you use your app in a website there is a parameter that defines how much access you have from the user, u can set up params like, email, photo_stream, friend_stream, etc. when the user accepts the conditions, the generated AUTH TOKEN has permisions from that scope.