I'm getting the permissions of the user settings page of the application on myfacebook (publish_stream). Even if the user that permits has logged out how can i send something to is wall (as Formspring)
Per http://developers.facebook.com/docs/authentication/permissions/, after the user has logged out of your app/website, all you need to do is user an "App Access token" to post to that user's wall as long as you do still have publish_stream permissions for that user.
publish_stream
Enables your app to post content, comments, and likes to a user's
stream and to the streams of the user's friends. With this permission,
you can publish content to a user's feed at any time. However, please
note that Facebook recommends a user-initiated sharing model. Please
read the Platform Policies to ensure you understand how to properly
use this permission.
Related
I'm using the facebook sdk 2.7 to prompt the user to login in to their facebook account and then to be able to post to their wall from our website. This works fine but each time the user visits the website they need to login again.
I do retrieve the user access token when they login. Can I use this to enable the website to always be able to post to the users wall without them having to log in to facebook each time?
You would need to use an "Extended User Token" for that, it is valid for 60 days. Btw, you are not allowed to autopost and the message always must be 100% user generated. So make sure the user approves and writes every single post.
How to create Extended User Tokens is explained in the docs:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
I found the article very nice to introduction set extended permission required
(https://developers.facebook.com/docs/beta/authentication/#referrals)
but I go to Auth Dialog setting, the field required permission replaced users & friend permission. I can't see field required permission. please help me. thanks
You can set extended permissions required via your call to the show the login/authorize screen.
For Javascript SDK, it's the second parameter of FB.login(callback,scope).
For the Login social plugin it's the scope attribute.
For PHP SDK it will be
$params = array(
scope => 'read_stream, friends_likes',
redirect_uri => 'https://www.myapp.com/post_login_page'
);
$loginUrl = $facebook->getLoginUrl($params);
Per http://developers.facebook.com/docs/reference/api/permissions/ the extended permissions are:
read_friendlists Provides access to any friend lists the user created. All user's friends are provided as part of basic data, this extended permission grants access to the lists of friends a user has created, and should only be requested if your application utilizes lists of friends.
read_insights Provides read access to the Insights data for pages, applications, and domains the user owns.
read_mailbox Provides the ability to read from a user's Facebook Inbox.
read_requests Provides read access to the user's friend requests
read_stream Provides access to all the posts in the user's News Feed and enables your application to perform searches against the user's News Feed
xmpp_login Provides applications that integrate with Facebook Chat the ability to log in users.
ads_management Provides the ability to manage ads and call the Facebook Ads API on behalf of a user.
create_event Enables your application to create and modify events on the user's behalf
manage_friendlists Enables your app to create and edit the user's friend lists.
manage_notifications Enables your app to read notifications and mark them as read. This permission will be required to all access to notifications after October 22, 2011.
offline_access Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
publish_checkins Enables your app to perform checkins on behalf of the user.
publish_stream Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends. With this permission, you can publish content to a user's feed at any time, without requiring offline_access. However, please note that Facebook recommends a user-initiated sharing model.
rsvp_event Enables your application to RSVP to events on the user's behalf
sms Enables your application to send messages to the user and respond to messages from the user via text message
publish_actions Enables your application to publish user scores and achievements.
I don't think you can require extended permissions through that dialog, or by using the SDK as suggested above.
In previous versions of the PHP SDK the oauth dialog would return an error if the user did not approve all requested permissions -- this is no longer the case. As long as the user approves the basic permissions, any of the requested extended permissions can be unselected and the user is redirected without a warning or error. I hope that I'm wrong, but from reading the documentation and my own testing, I don't think I am.
From the same page of the documentation that you reference: https://developers.facebook.com/docs/beta/authentication/
"The updated Auth Dialog will display a set of user and friends permissions on the first dialog, and other extended permissions (if any) on a second dialog screen. User and friends permissions are non-revocable, while extended permissions can be revoked by clicking on the "X" next to each permission on the second dialog screen. Your app must be ready to handle each scenario (permissions granted, and revoked) properly."
IOW, if your app requires a specific permission your code must ensure that the user grants it.
I can login to Facebook within my application and can also retrieve the information of the Facebook account of my application users.
However, when I post a photo to my users' Facebook wall, it always return NULL. Why?
You need to prompt the user for publish_stream extended permission. Facebook has a post that walks you through this step by step.
I am wondering if it is possible to post to the wall of the Facebook app page created for using Facebook in iOS. Rather than use the user login to post to their own wall, I would like to post to the app's page with updates on open games. Is this possible to do?
Yes, it's possible. From http://developers.facebook.com/docs/reference/api/application/:
To perform the following operations as an Application Page, and not the current user, you must use the Application's Page access token, not the user access token commonly used for modifying Graph API objects nor the Application access token. This access token can be retrieved by issuing an HTTP GET to /USER_ID/accounts with the manage_pages permission. This will return a list of Pages (including Application profile pages) to which the user has administrative access, along with an access_token for each Page.
…
You can create a link, post or status message by issuing an HTTP POST request to the APP_ID/feed connection. To see more details please see links, posts, and status messages documentation.
To impersonate the Application when posting to the wall (i.e. post as the Application, and not the current user), you must use an Application Page access_token with the manage_pages and publish_stream permissions, as described under Application Access Tokens above.
So you first have to ask the API for an Application Page access token and then use this access token to post on the wall. The Facebook iOS SDK helps to construct the Graph API calls mentioned in the documentation cited above.
I am having problems with the facebook authorization process within my app.
I want to post something on the users facebook page with a dialog which is shown to the user first, and request the "publish_stream" permission.
If I do so the user is redirected every 2 hours to the request page where it says that the user has already allowed this app to do this, which is very annoying for the user....
So my question is what happens if I don't ask about permission to post on the wall, but still show the user the dialog which shows what is posted on his page? is this legal ? can I get any problems what so ever by doing this?
Cause posting on the users wall without asking permission, works just fine.
thanks for the help
The Facebook documentation states that if you prompt for publish_stream, you will be able to post on the users wall indefinitely, and thus you wouldn't also need offline_access.
publish_stream Enables your app to
post content, comments, and likes to a
user's stream and to the streams of
the user's friends. With this
permission, you can publish content to
a user's feed at any time, without
requiring offline_access. However,
please note that Facebook recommends a
user-initiated sharing model.
There is no legal issues there. However users will be pi**ed off.
But when you request a token with offline_access and then use that token for publish_stream, your token will not expire.