I have a website in which i use the Facebook API to let users 'invite' their friends to my site. These friends will get an App invite on their Facebook and once they click and accept it, it opens a page of my site in side an iFrame (within Facebook).
That's all fine, but i would like to add a refer id to the URL. So i can tell from who they got the invitation.
Is it possible to add (dynamic) parameters to the canvas URL??
I haven't been able to find out how to do this.
(I'm using the JS library).
I am able to pass multiple params to my canvas page. Not quite sure why this is not working for you or for #JonCanning. I am able to successfully redirect to https://apps.facebook.com/MY-APP?param1=x¶m2=y¶m3=z and retrieve them within the code loaded in the iframe.
You cannot manipulate request urls if you use apprequests for invites though, so not sure how you plan to manipulate the request url. Is this a wall post mechanism?
But, if you are using apprequests for invites - you can pass an optional "data" param. This can be arbitrary JSON or a simple string. When a recipient clicks thru the invite, you will be provided a "request_id" param in the request redirector from Facebook. e.g. http:YOUR-INVITE-REDIRECT-URL?request_ids=REQUEST_ID. If multiple invites from the same app were sent to the user, you will get the request_ids as a comma separated list. You can make a call back to the facebook graph api endpoint for requests and get back all the info for the requests - including the "data" param you passed. This might work better for you since you have embedded all data in the request itself.
More info on dialogs here : https://developers.facebook.com/docs/reference/dialogs/requests/
A single parameter passed into your apps url is passed onto the iframe
http://apps.facebook.com/app_name/?param=hello
To add to #iyerrag's answer, to grab the data param from within your canvas handler, you have to call back into the facebook graph API. The call takes one of the request_ids passed in the http query and also an access token. I was able to use our app's access token (generated something like this Creating App Token).
The returned JSON document contains the value you passed in the data param in key 'data'.
Here's the gist, in Python:
requestIDStr = self.request.get('request_ids','')
requestIDs = requestIDStr.split(',')
requestID = requestIDs[0]
if requestID:
url = """https://graph.facebook.com/{}?access_token={}""".format(requestID, fbAccessToken)
try:
response = urllib2.urlopen(url)
responseDoc = response.read()
jsonResponse = json.loads(responseDoc)
dataParam = jsonResponse['data']
except Exception as e: logging.warning('unable to retrieve data param: {}'.format(e) )
Related
Consider this example for authentication from PHP at https://developers.soundcloud.com/docs/api/guide#authentication seem to suggest you can pass a redirect url as a parameter when you flow a user throught the authentication process:
require_once 'Services/Soundcloud.php';
// create client object with app credentials
$client = new Services_Soundcloud(
'CLIENT_ID', 'CLIENT_SECRET', 'REDIRECT_URL');
// redirect user to authorize URL
header("Location: " . $client->getAuthorizeUrl());
Note the 'REDIRECT_URL' argument in the call to the constructor.
That seems to suggest I can pass an arbitrary redirect url as a parameter, just like you can do with Twitter (the API is quite similar).
However, if I pass an url that does not match the unique redirect url configured for the application, I get an error when the user is redirected to my url:
error=redirect_uri_mismatch&error_description=The+redirection+URI+provided+does+not+match+a+pre-registered+value.
So, what is that parameter supposed to be for, if the only valid value is the redirect url configured for the application?
And how are you supposed to handle authentication if the user can only be redirected to a single fixed url after authentication?? That makes the API completely unusable. When you have a user login into any API (e.g. Twitter or Facebook), you need them to be returned to the page from which they clicked the link to log in, and it is a ridiculous restriction that that url be unique. No other social network api that I've ever seen has this restriction.
Is SoundCloud API really so flawed or am I missing something?
I got an answer from Glen Scott, the author of the php-soundcloud library (a pretty decent wrapper around this terrible API) who provides a workaround. It's painful as it involves an additional redirect but it's all the API allows.
https://github.com/mptre/php-soundcloud/issues/36
I quote:
The API does not allow an arbitrary URL. As you noted, this is unlike
most other oAuth-backed social network API's. The workaround I can
recommend is using the state parameter to pass back your return URL.
You can do this when generating the authorization URL like this:
$client->getAuthorizeUrl(
array(
'state' => 'http://example.com/return'
) You'll get the state parameter added to the static redirect URL. For example, if you set your redirect URL to
http://example.com/callback then SoundCloud will redirect an
authenticated user to
http://example.com/callback?state=http://example.com/return
Your callback script will need to look for the state GET parameter,
and redirect using it.
I'm developing a web app that uses FB data for some FB posts. I have a bunch of post ids and am fetching the data related to them using batched requests. Then am showing a summary of each post (number of comments, shares, likes) and link to the actual FB page (https://www.facebook.com/). But clicking on the link shows a 404 page on FB!!
Example, the node_id, '69983322463_10152179775342464' will return data in the graph explorer. But when you access https://www.facebook.com/69983322463_10152179775342464 it returns 404!
In case my question is not clear:
GET https://graph.facebook.com/69983322463_10152179775342464?access_token={a valid access token} returns data.
But GET https://www.facebook.com/69983322463_10152179775342464 (with or without an access_token param) returns a 404
Is there some field in the API response that signifies that the page does not exist anymore?
Thanks,
mano
This is because not every post is public. Only publicly available posts can be accessed directly.
For rest you need a valid access token to GET its details. When you tried the post id in graph api explorer it showed the result since an access token was applied.
So, you simply use a valid access token, may be any app access token (app_id|app_secret)- that never expires, and make the /GET request.
Eg: \GET /69983322463_10152179775342464?access_token={app-access-token}
I'm using FB.login on the JS client and want to verify the user's identity on the server. So, the client gets a signedRequest from facebook and sends it to the server. The server splits on the period, and decodes the second part of the signedRequest into a json object.
What should I be using for "code" when I send my server-side request to
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&client_secret=YOUR_APP_SECRET
&code=CODE_GENERATED_BY_FACEBOOK
My decoded json looks something like:
{"algorithm":"HMAC-SHA256","code":"2.AQCPA_yfx4JHpufjP.3600.1335646800.1-5702286|l11asGeDQTMo3MrMx3SC0PksALj6g","issued_at":1335642445,"user_id":"5232286"}
Is that the code I need? Does it need to be B64 encoded? If this isn't the code, what code should I use?
_
What I've tried:
The request I'm trying to use is:
https://graph.facebook.com/oauth/access_token?client_id=295410083869479&redirect_uri=https://squaredme.appspot.com/facebookredirect&client_secret=44f1TOPSECRETbb8e&code=2.AQCPA_yfx4JHpufjP.3600.1335646800.1-5702286|l11asGeDQTMo3MrMx3SC0PksALj6g
but this returns the error:
{"error":{"message":"Error validating verification code.","type":"OAuthException","code":100}}
I can't tell if this is because I'm using a bad code, or what. Noteably, this is running on my local dev server, and squaredme.appspot.com definitely does NOT resolve to my IP. I don't know if facebook checks that or what - I'm assuming I'd get a better error message. Thanks for any direction!
You are trying to somehow combine the two flows together and that's why things don't work well.
When facebook POSTs into the iframe with your app url and a signed request there are two options, the easy one being that the user is already authenticated and then the signed request will have all the necessary data (including a signed request), then you just load the canvas page and use the JS SDK to get an access token there as well, but in this case there's no need to use the FB.login (since it opens a popup and will automatically close it), you can use the FB.getLoginStatus method which won't annoy the user.
If the user is not authenticated then the sign request will be missing the things you need to use the graph api.
You then redirect the user to the auth dialog, and since you are loaded in an iframe you'll need to return a html response which redirects the parent window using javascript, like:
top.location.href = "AUTH_DIALOG_URL";
When the use is done (accepted or rejected the app) he will be redirected to the "redirect_uri" you added as a parameter to the auth dialog.
If the user accepted your app then you'll be getting the "code" parameter in the query string.
You then take the code, exchange it with an access token as you posted in your question, and then redirect the user back to "apps.facebook.com/YOUR_APP".
When the page then loads the user is already authenticated and you'll be getting a full signed request.
I hope this clarifies things for you, recheck the Server-Side flow it pretty much covers it all.
I also had some trouble with that, then I found the solution here in StackOverflow.
There are two kinds of "code" provided by facebook. One comes inside the signedRequest in the cookie generated by the client-side flow. The Facebook's JS SDK handles this codes and get a access token without telling us anything.
The other type of code comes attached as a query to your redirect URI (http://www.yoururl.com/index.php?code=AAAgyiaus...), when you navigate to OAuth URL (server-side flow). With this code, you go to a Token URL and get your access token.
When you are using the server-side flow, you need to indicate a redirect URI both in the OAuth URL AND in the Token URL, and they have to be exactly the same, so a missing slash or a query string can be a lot of problem.
The codes are different from each other. When you use the both things together, appears to be impossible to get a access token using the code that was inside the cookie's signedRequest.
BUT, it is not. The magic is: the code from signedRequest is associated with NO URI, so as long as the redirect_uri is a mandatory field, all you have to do is to pass it blank when you navigate to the Token URL.
So the final solution is: grab the signedRequest from the cookie, parse it in your server to obtain the code, then read the Token URL:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=&client_secret=YOUR_APP_SECRET
&code=CODE_INSIDE_THE_SIGNED_REQUEST
It looks like a hack, so I don't know how long it's gonna work, but it's working right now.
I'm tring to authenticate with facebook using the following request:
https://www.facebook.com/dialog/oauth?client_id=MYAPPID&redirect_uri=http://localhost:3000/oauth/callback.html&scope=email
The response is the following:
http://localhost:3000/oauth/callback.html?code=AQA6VzXu_In9_GIiqu-GFEo6d8sA4jM5L6rLQWtL9g2aMo2Ju5h9j_uCcqR-w7cYifyi0IYsOHtOk5S_jKBBlgQatybYDHOfSs2EpA3H3NHQIDIaKmC-9kje9_QQbhPd0Ge1pP-52OR7iOQWc_R8D-YapXcArTAmpIHLBHatOSHB0x3lFv4DVUECfb1IdYIZlVM#_=_
The problem is that I'm unable to retrieve an access token from this code. It should normally have a dot delimiter (".") whereas this has none, that's why I'm unable to decode it.
Any ideas on what I'm doing wrong?
You shouldn'T be able to decode it, it's not a signed_request.
You need to send a request to
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
client_secret=YOUR_APP_SECRET&code=THE_CODE_YOU_RECEIVED
in order to get an access token
There is a difference between CODE and TOKEN, both are very widely confused.
Client-side login (Javascript + HTML)
If you want to use javascript only (work with HTML only) as it is probably your case you should add &response_type=token to your first request.
Also, I don't think you actually need to split and work with the token but give the JS api to do it for you.
Server-side login (PHP)
You know have a user that a accessed your page with the CODE.
Now you must access, with your server-side script, this url and it will return the access_token.
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
client_secret=YOUR_APP_SECRET&code=CODE
If your callback was a PHP you could just filegetcontents along with json_decode but I recommend using the official Facebook SDK.
Highly recommended doc page -
http://developers.facebook.com/docs/authentication/
What are the post parameters i need to pass to the facebook login page?
To login to Facebook via http requests you can do this:
make a post request to this url:
https://login.facebook.com/login.php
make sure you have the following header set:
Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F
and use these post parameters:
locale=en_US&email=email#site.com&pass=password&persistent=1
(make sure to set your own email and pass
Facebook doesn't use this method anymore. They even removed all references to it from their docs. Google cache still has them here if you really need those (not sure if that link works for you).
New way of authorization is described here.