So, Facebook has 2 types of access tokens: Application and User access token.
Is it possible to use the Application access token for open graph?
Facebook has more than two types of access tokens, there are at least 3 since you forgot to mention the Page Access Token.
According to the App Access Token documentation:
Authenticating as an Application allows your application to obtain an
App Access Token. This is useful to make requests to the Graph API to
modify the parameters of your app, create and manage test users, or
read your application's insights for example.
As you can see, it depends what it is you want to ask the fb graph.
If you want for example to get the feed of a public page then an app token will suffice, on the other hand if you want to get the feed of a user then you'll have to use a user token.
When you browser through the Graph API documentation, for every object you get a list of fields and connections, and the 3rd column of the tables is titled as Permissions, in that cell you'll have info of what access token is needed if any.
I.e., if you check out the User object you can see:
id: No access_token required
updated_time: Requires access_token
installed: Requires app access_token
Hope this clarifies things for you.
Related
We are using Graph API for accessing public feed from our own Facebook Page.
What is the best way to obtain Access Token, so the requests are not dependant on one person's (my) User Access Token?
So after I leave the project, someone else can use the same token, without it being associated with me, but with the Page or a company instead?
Page Tokens are always tied to a specific user, because you need a User Token to generate a Page Token. For a non-restricted Page, you can just use an App Access Token though. It has no relation to any user.
More information about Tokens and how to generate them:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
I'm new to the Facebook Graph API!
I want to display the 5 latest news feed items from my public Facebook page. I understand you can do that through https://graph.facebook.com/cocacola/feed/?limit=5, but it requires an access token, however, https://graph.facebook.com/cocacola doesn't.
When these access tokens are generated through Facebook's Graph API Explorer, what permissions are given for the token? Just the information already displayed in the above link?
So would it be safe to use the access token via cURL's PHP? I only need read access. Would it be insecure to display the access token in the source code? I'm confused as to why the latter link doesn't need an access token while the /feed/ does, even though it's a public facebook page.
when you use your app in a website there is a parameter that defines how much access you have from the user, u can set up params like, email, photo_stream, friend_stream, etc. when the user accepts the conditions, the generated AUTH TOKEN has permisions from that scope.
Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.
I am creating a web application that is trying to use "public" Facebook content.
It is not your traditional "Facebook Application" because I'm not actually signing up Facebook users to use it, but the users will be all server-side.
I've come to a point in which I am having to use an "access_token" for certain "public" pieces of content and I have been able to generate a app access_token but this does not work for the public data I'm interested in accessing.
access_token's created via
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=client_credentials
do not work for
https://graph.facebook.com/chickfila/notes?access_token=CODE_FROM_ABOVE
which is publicly accessable w/o login here...
http://www.facebook.com/ChickfilA?sk=notes
Any way to give an app itself a user-level access_token?
I had a very similar problem with publicly available event data. What I had to do was to create an offline access token for the admin of the application.
So, log in with your admin and open the following URL (replace APP ID with your ID and eventually you need more permissions, but read_stream and offline_access should do the trick):
https://graph.facebook.com/oauth/authorize?client_id=APPID&scope=offline_access,read_stream&redirect_uri=http://www.facebook.com/connect/login_success.html
This will give you a code, that you will paste in the following URL (with your APP ID and SECRET):
https://graph.facebook.com/oauth/access_token?client_id=APPID&redirect_uri=http://www.facebook.com/connect/login_success.html&client_secret=SECRET&code=CODE
This will give you an access token that should work forever (or until you change your password).
Recently I used the access token freely available from the Facebook Graph Explorer which will let you browse different graph resources and will let you specify what permissions you need. For this you can tell it you want offline_access and that token can be used to pull this information whenever it is needed without worrying about your token expiring.
Create an user just for your app and let the user authorize your app and get the access token and use it for this kind of data fetching. Some manual work but as long as you have some user authorized access token you should be able get the public contents.
On the documentation page for Facebook Graph API there are a lot of example links such as https://graph.facebook.com/me/likes?access_token=SOME_AT
Could anyone explain how the access_token for these links are generated?
All I've read in the documentation were about getting access_token only for applications, but on that page everyone could get an access_token without one.
You can use the graph API to get public information. People set privacy settings on facebook, so to prevent social freaks from stalking you, they(fb) created Autorisation.What I believe is that on the documentation, they are generating the access token using the Developers App. You can generate this Access token by making an application and asking a user to Authorise your application to access his data using OAUTH dialogs. Usually people reading at developer.facebook.com have enabled the Developers app so it easily opens your information.
The Graph API as such allows you to
easily access all public information
about an object. For example,
https://graph.facebook.com/btaylor
(Bret Taylor) returns all the public
information about Bret. For example a
user's first name, last name and
profile picture are publicly
available.
To get additional information about a
user, you must first get their
permission. At a high level, you need
to get an access token for the
Facebook user. After you obtain the
access token for the user, you can
perform authorized requests on behalf
of that user by including the access
token in your Graph API requests:
The access_token in these links are generated using your Facebook identity and an application ID (presumable associated to "developers.facebook.com"). If you go to the same page with another Facebook account, you will see different access tokens.