I have a Facebook Application in order to manage comments on my web page, allowing for moderation, etc.
I also have a Facebook Page, for the same brand.
Is there anyway of having an Administrator list that is shared between these two objects? So that I can add and remove users from one and they would get/lose access to the other?
There's no way to do this automatically, but you can:
Have a trusted user (admin of the page and app) grant manage_pages permission to [your/an] app
Get the page access token for managing the page - see "Page Login" on this document
Retrieve a list of the other page admins from /PAGE_ID/admins
Use the App Access Token to add those users as developers/admins/etc of the App by posting to the Application's 'Roles' connection
Those users will receive (and must accept) a request to become an admin/developer/etc of the app
Caveat: the users you try to add to the app must be verified accounts (via SMS or credit card) or they can't be ad admin or developer of the app
I'm NOT sure about this, but I never saw such thing available. Probably you'll have to integrate an application to your page that works on this
Related
I am creating an app that only a specific list of users will use, and I need Instagram Public Content Access permission (and some other permissions) for them (I have my Instagram Business Account all set up and connected with Facebook page).
On https://developers.facebook.com/docs/facebook-login/review/examples/#screencast there is stated:
You do not need to submit your app if it will only be used by you or
by a reduced number of people. Any account listed in the Roles tab in
your App Dashboard, such as admins, developers and testers, can access
all permissions and generate a user or page access token.
So I just want to make sure, that it is completely fine in my case to keep my app in development mode and let my users use it like this (so I don't need to submit my app for review as long as all the users are going to have their role assigned in my app), and that these permissions are not intended just for a limited time period or only for testing/development purposes.
Thank you for any answer.
What you quoted there, is applicable to permissions your app is going to ask its users to grant to it.
Instagram Public Content Access is not a permission, it is a feature. You need to get it reviewed, if you want your app to be able to access content that the users of your app do not have admin access to.
https://developers.facebook.com/docs/apps/review/feature/#reference-INSTAGRAM_PUBLIC_CONTENT_ACCESS
I have one Facebook App that I only use to authenticate users on a website, get their names and profile pictures.
I also have a Facebook Page related to that same website.
My personal profile is administrator of both the App and the Page. Also the Page is registered as "App Page" in the advanced settings of the App.
I want to publish on the Page from a server using the Graph API and the credentials of the App without the need to ask for extended permissions such as manage_pages or publish_pages from my users because I don't need them (see point 1). I don't want to publish on their page, only on mine.
How do I make my App "administrator" of my Page so that no additional permission is required for the App to publish on behalve of the Page?
I know a quick and dirty solution would be to create another App that would be just used as a gateway between my profile and the Page (I would be the only user of the App, granting all the required permissions). But I would like to avoid having two different Apps.
If you want to publish "as Page" on your Page, you need to authorize your Facebook account with manage_pages and publish_pages and get a Page Token. That is the only way.
You can use an Extended Page Token and store it:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
I've written a web application which uses Facebook as the main way to authenticate users and collect information. On the home page, there is one button 'Sign in with Facebook', which allows users to sign in to the app.
Is there any way to restrict which users can use the Facebook app, and thus log into my web app, or do I have to handle this separately/manually? My first idea was to add them as 'test users', because my app is still in beta phase, and thus not publicly accessible. But I'm not sure (and I can't find anywhere) how much test users are allowed per app (as this could be up to 1000 users over time).
You have to handle it manually. A good way to restrict access is to deny access in general, store authorized users and activate their access in a backend. You canĀ“t just get their ID before authorization, because the ID is App Scoped.
Facebook is blocked by my company firewall but I want to develop an app where in employees can click a link we send it to their email and provide access to their facebook account and update. Firewall blocks facebook.com so I cannot have users type their username and password on facebook.com url. Can I have users type in their username and passowrd on internal website using which the app will login and get access?
it goes against the purpose of oauth to take the user's password and use it to log in as that user. oauth is designed so that the user will never have to disclose their password to your app but still be able to provide your app with some of their own facebook data. this way, only the facebook data which the user chooses to share will be available to your app. also the user may choose to allow your app to publish on their behalf, see here for the details.
my suggestion would be to get the users to authenticate your app from outside the work network (where the facbook.com url is available). this way you can still post on their behalf and your app can get certain information from their profile to relay on to them without you ever needing to know their password.
My website has accounts that are often accessed by multiple users. For example, a company might create an account under a generic company email address, and have different interns, etc update it.
We also have normal users that are the only people accessing their account.
We know we could make registering / signing in so much easier and more effective by utilizing various third party services like Facebook, Twitter, OpenID, etc, but we can't think of how to handle those services when multiple people want to create / sign into a single account.
How do we know which users authenticated with FB/Twitter should be allowed to access the company account on our website?
Facebook doesn't let you sign in as a Page yet, right?
You can let the users log in with their normal company account, and then give them a facebook Connect button. The only important thing you need to keep for facebook connect is their facebook id. I would add a new table, or a new entry in the users table with all the ids that have connected to that account. There would be no difference between single user and multiple user accounts, only in the number of ids connected to that account.
I use a sql table with two values, user_id and remote_id, and every time a user connects you add an entry. The same can be done with other open ids and twitter, the same able can be used.
Technically, no you can not log in as a page. But, once you get an install from a user, you can easily tell which page they are administrators of. If you create your company organizational unit around the entity of a page (or allow users to do this) then you could allow your users to log in with their Facebook accounts and once you have their Facebook session, you can access the /me/accounts graph endpoint and look at the pages they're administrators of and cross reference that with your company->Facebook Page definitions.
You could allow Facebook Page Administrators to invite users who do not have access to their Facebook Page. Once the lesser-privileged (intern) user gets to their invite URL endpoint, they could click a Facebook connect button to link their FB account with the Company/Page that the Administrator invited them to. This way, the Administrator wouldn't have to add a bunch of users to their Facebook Page as Administrators (thereby keeping their page more secure).