I am a programmer employed by a company to develop a web app owned by that company. We allow users to log in with Twitter. We would like to allow users to log in with Facebook. For this we require tokens to plug in to OAuth 2.
The snag is that so far as I can determine, Facebook require that apps are owned by a Facebook user, and a that Facebook user uniquely identify a natural person. I don’t want to register using my existing Facebook ID; my work identity is not relevant to friends and family, and besides, I will not be an employee of the company indefinitely. I have not found any information yet to indicate I can hand the ownership of the app to another developer, though I assume such a process must logically be required. I could violate the Facebook terms and create a new ID to register the app with, or I could attempt to coach the CEO of the company (who is not a programmer) through the process of registering for an app. This will be complicated by the fact that I can’t even get past step 1 so I can’t rehearse the process.
So my programming question is, is there a way I have not yet discovered that Facebook allows companies to delegate the chore of registering an app? Failing that, has anyone published a route through Facebook’s developer’s maze to get the OAuth keys in the minimum of steps?
You can create the app using your facebook account, initially, then you can create a Facebook Group called something like "My App Admins" - then get anybody who is important in the company to join that Facebook Group (including yourself) Then in the app settings, set that group as an admin of the app. (you can also create seperate groups for insights users, developers and testers)
Anybody in that group will now be an administrator. That way the company can control access to the app by adding or removing people from that group.
It is not an ideal solution. Facebook want to be able to link application developer accounts to real people - this is a way of preventing spamming etc.
Hope this is helpful.
Related
I have a question about Graph Api from Facebook. We want to create tool to management accounts in facebook and groups releated with them.
Basic functionality of tool is possibility to add acounts to the system, and then add you can add multiple facebook accounts to each of them. Then, system get all posts from groups releated with facebook accounts.
I did research, and I know quite what is possible and what no, but many endpoints of API requires app review. My question is about this review - wheater app like that, when one user can add multiple facebook accouns and use data (like posts, comments) from them is allowed by facebook and will pass the review?
That depends on what exactly you mean by “accounts” …
Facebook pages? Sure, you can let your app user add as many of those as they like, for the purpose of managing them, reading feed data, etc.
User profiles? That would not really make sense, because every person is only allowed to have one personal profile on the platform to begin with. And adding other people’s profiles (by having them authorize your app, using their access tokens on behalf of someone else) is likely not going to fly in review either.
when one user can add multiple facebook accouns and use data (like posts, comments) from them is allowed by facebook
“Using data” is rather vague as well; what you can and can’t do with user data is outlined in the Platform Policy: https://developers.facebook.com/policy
I hope someone from facebook developer team can read this and resolve this in time for the event.
Basically we are students at Carnegie Mellon University participating in Emirates hackathon
emirateshackathon.com
For our proof of concept prototype that we are planning to build requires access to User_likes ,user_books ,user_events permissions for which aren't provided by default.
The problem is we don't have a website set up in place and facebook will not grant our app permission to access these user details.
Useful side note-Facebook is an official partner for the event.
Our facebook App ID is 764055100384482
Is there any clause to provide sandboxed access to all user permissions for academic projects?
Thank you
If you don´t get the permissions approved (which seems to be the case), there is only one more way: You have to add everyone who will use the App at least as Tester in the roles section. Although, without a website/server, there is no way at all. i mean, how do you even want to create a login for the user without any server?
My latest project has (had) a requirement for the user to invite their friends to their online service. I discovered that, apparently, as of April 2015 with the new v2.0+ Facebook Graph API, you cannot actually get a list of friends for the user, unless those friends are already subscribed members of your app.
The scenario:
My app is a web service that lets the user collaborate on research work in a private group online. The user needs to
look up their list of friends,
set permissions their friend will have in the group, and
send them an invitation both join the service, and the specific group. (using a unique, one-time use link tied to each recipient)
The user would (ideally) receive an invitation with a specific link for them to not just become a subscriber of said online app, but specifically to join the group they were invited to (i.e. not just a generic "hey, check out this app" type of invitation).
The expectation:
The user doesn't care whether their friend is already a member of "MyApp.com". They expect to simply look up their friends just like they do today from their phone when they connect it to Facebook (makes all contacts available, regardless of whether those friends connected their Facebook to their phone, respectively). Likewise, compare inviting members to your Google docs, for example: look up your contact, set permission, send invite - so easy. Users demand this UX simplicity today and do not distinguish or care whether they are dealing with email, Facebook, Twitter contacts, whatever.
The problem:
The entire point of a social network is to be, well, social. If the Graph API only lets my app access friends that are ALREADY users of my app, it completely defeats the entire purpose - it cuts my user off at the knees, kills UX, no more ability to actually contact their own friends. My understanding is Facebook made this change to prevent developers from spamming users, and I get that, I completely support that. HOWEVER, my company and my app are not the ones that are trying to invite friends for it's own purposes, it is the USER and THEIR OWN friends that THEY have the right to access and converse with for their purposes (or so you'd think). Beyond just friends list, even if I had that, I think there are additional hurdles and limitations with posting messages to friends, even private (not wall) messages, which again would be anti-social.
The Question:
Am I understanding Facebook limitations properly, and if so, what is the work-around? I'd be ok with such an API being locked down until you pass a review that proves you aren't spamming users, but I did not see such an option.
Facebook supposedly prioritizes users over developers, and these changes were made because if the user is not comfortable with privacy (don't spam my friends), then they wont be users any longer, and that obviously affects developers and Facebook. OK, but did they not realize that by locking it down this extreme just killed UX for the user in legitimate scenarios? And to my original point, not just a little, but paramount - the result quite literally is that on April 30, 2015, Facebook became anti-social. Surely this is not inline with their mission. Surely there is a better approach.
If your app is not a game (which I assume), the only viable option would be the Message Dialog as desribed at
https://developers.facebook.com/docs/apps/faq#friend_invite
If your app is not a game and has a mobile or web presence:
You can also use the Message Dialog on iOS and Android, or the Send Dialog on Web. These products let a person send a message directly to their friends containing a link to your app. This type of message is a great channel for communicating with a smaller number of people in a direct way. The Message Dialog and the Send Dialog both include a typeahead which lets the person easily select a number of friends to receive the invite.
You might also find App Invites useful but I beleive it's only for iOS and Android apps and might not exactly fit your use case:
https://developers.facebook.com/docs/app-invites
App Invites are a content-rich, personal way for people to invite
their Facebook friends to a mobile app.
I have a facebook user who is the owner of the company I work for. He has a single Facebook page, which is the "company page" on Facebook. He created a FB "app" with permissions "manage_pages" and "publish_actions". So the FB api can post to his FB Page, on his behalf, as the app.
Inside the company, we have a few hundred people that use an intranet-based software app. When the users engage in a certain function in the software, the code uses the Facebook API to post a message to the public company page using an access token of the FB account of the company owner. This system works great, but the app is not yet approved, so no one can actually see the posts on the FB page except the company owner.
The software is only available inside the company building, it's not reachable via the Internet. There would be serious intellectual property concerns with allowing an anonymous facebook employee into it. There would be security concerns about making this all public on the web. So I have to presume that FB will not be able to see the backend here - where the posts are created.
So because of this, I've run into problems getting the app reviewed because I have no way to let Facebook reviewers actually see the software where the user creates the post, as they requested.
Is this considered a non-starter setup by FB, or does FB have any contingency for this situation? Or do they expect every FB app to be used in a completely public environment? I'm just thinking surely I'm not the only person trying to use a FB app to post to a company page from a publicly-inaccessible place inside that company?
Thanks!
This was the answer to the problem, thank you CBroe: It is not a matter of approval that makes the app's postings viewable by everybody, but simply of the app still being in development mode.
The actual Facebook gui in the app dashboard doesn't say "development mode" on/off like it used to. It now says "do you want to make this app live to the public". I selected "yes" which made the app's postings viewable by everybody.
In my case, the original confusion stemmed from the fact that we didn't want to make the app live to the public, we only want our one company owner to use the app - so we naturally did not change that setting to "live".
We run a platform that acts as a one-stop warehouse of user's interactions with a brand, both through apps (campaigns etc) and through the pages run by the brand. So far, the linking up of facebook users across apps and page-posts was simple - since facebook passed you global facebook ids.
With v2.0 of Graph API, and the migration to app-scoped-id, a brand can still connect the app-scoped-id from various app-authentications through the /ids_for_business api call. When User's log into the app, they are considered authenticated and hence the mapping between app-scoped-ids works.
For posts pulled from the Facebook pages through the API, the "users" are considered non-authenticated, and hence the mappings through /ids_for_business call skip the app_scoped_id listed to page-post-pulling-apps.
Is there a solution to map such users into their app-scoped-ids issued to other apps under the same business account?
Alternatively, is there any other way to reliably map such users across apps and page posts?
Its not currently possible to map a user's ID across multiple apps where the user has not logged into each of the apps you're trying to map across.
The use case for the Business Mapping API it to identify the same use across the multiple apps your business owns - where the user has logged into those apps. For example, identifying which of your business's games the person plays.
The principle here is that a person's information is not aggregateable across apps unless the person has explicitly logged into those apps.