I am sending a POST request to /FACEBOOK_ID/photos?access_toke=APP_ACCESS_TOKEN. I already have publish_stream permission. My goal is to post a photo into the user's photo album of my Application (Facebook creates an album for that app).
The result is:
{"error":{"message":"A user access token is required to request this resource.","type":"OAuthException","code":102}}
OK, so I tried to use the user_access_token instead of my app's access token. But it says that it has "expired"?
I can't do either! What can I do? Ideally, I want to use the app's access token for all cases. That's because I can't just bring the user to the Facebook "allow" dialog everytime...
Posting a status update works fine (I use the app's access token), but it's only when I do photos that I run into this problem.
Note: I will give 500 bounty to whoever can answer this for me ASAP.
Thanks!
When you obtain the user's access token, request the offline_access permission to obtain a user access token that doesn't expire. Store the token & use it in the POST to /.../photos.
Note that this is only a short-term fix as Facebook are removing the offline_access permission on May 1 2012. After that applications will have to call a new FB api to extend the life of an existing access token.
Related
I have a Node.js server running a social network site and I also have a facebook page for that site. For certain actions performed by users on my site, I want to post details on the facebook page of my app.
I referred to Thuzi facebook node sdk here on how to post to facebook wall. However, it requires app id, app secret and a temporary access token. App id and app secret are constant so I can put them somewhere in my config file and use from there. But how do I get the access token without any interaction from front-end ? All posts will be published by our app only and that too on our own page. I just want this to be triggered by the end user's actions. Any help ?
I am using Sails.js framework btw.
You would need to use an Extended Page Token for that, you only need to create it once and it will stay valid forever. And you will post "as Page" with a Page Token. How to get an Extended Page Token:
Create an App
Use the Graph API Explorer to generate a User Access Token (by authorizing the App with the manage_pages and publish_actions permission)
Extend the User Access Token (valid for 60 days)
Request an Extended Page Token by calling /me/accounts
Store that Extended Page Token on your server and use it for posting on the Page wall.
Here are some additional resources, explaining everything in detail:
https://developers.facebook.com/docs/facebook-login/access-tokens/
https://developers.facebook.com/docs/graph-api/reference/v2.1/page/feed
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/extended-page-access-tokens-curl/
I am also digging more in to this nowdays As I am working on a node module for this.
Till now I got to know that we can create a temporary access_token and we can than extend that token upto max 60 days.
For this after getting temporary token you need to make a call to this url to get a access token with 60 days validity.
https://graph.facebook.com/oauth/access_token?client_id=&client_secret=&grant_type=fb_exchange_token&fb_exchange_token=
I have read some introduction about Facebook's access token on http://www.devils-heaven.com/facebook-access-tokens/
What I want to ask is that can the page access token of Facebook be used as a permanent token if I just want to post something on the wall like user access token?
First of all don't ever follow the third-party documentation for the facebook integration. They have the official documentation pls follow that. For access tokens read here.
What I want to ask is that can the page access token of Facebook be used as a permanent token if I just want to post something on the wall like user access token?
Its actually a vague question. It depends on what kind of posting you want to do. For eg:
If you want to post on a user's wall- there's nothing that a page access token can do
If you want to post a user's group/event etc. wall, again page access token has nothing to do with it.
If you want to post on a page, then yes you have to use the page access token in order to post on behalf of page itself.
Page access tokens are used in Graph API calls to manage Facebook Pages. To generate a page access token, an admin of the page must grant an extended permission called manage_pages. Once this permission has been granted, you can retrieve the page access token using the following Graph API request:
GET /{user-id}/accounts
You can also extend a page access token that will never expire. See here how to do that!
Why can some folks access their facebook photos/albums by using the following endpoint:
www.facebook.com/facebookID/albums
But, when I try to access MY albums in this manner I get an error prompting me to use an access_token.
www.facebook.com/facebookID/albums?access_token=GFDGTRDSVGRDWVSGRDESVGRDSVGDFRSGRDSGDRSGRD....
It (obviously) works fine when I use a token but, I'd like to be able to allow access without a token... any ideas?
Accessing photos is privileged you require an access token from either photos or friends_photos to make the request successfully.
The reason some people may be able to access albums or photos without the token appended to the url is because it was previously requested and is currently stored.
You should always provide an access token in these requests.
see: https://developers.facebook.com/docs/reference/api/album/
for reference it states:
To read an Album you need
- Any valid access token if it is public and belongs to a Page
- The user_photos permission if it belongs to a User The friends_photos
- permission if it belongs to a User's friend
I'm doing an IOS app with facebook SSO. Upon user granted facebook permission to the app, the app will receive an access token. The app will then make an API call to the backend with ONLY the access token.
So is the backend possible to retrieve basic user information with ONLY access token while the user's facebook id is unknown?
Looking forward to an answer. thank u=)
Yes, once you have a user access token /me can be used as a placeholder for the current user's user ID
so /me/friends returns the access token user's friends, etc
It's a bug that has been recorded and fixed by Facebook. Update your base_facebook.php to versions 3.2.2.
You can track the bug here: https://developers.facebook.com/bugs/238039849657148
I created an APP on Facebook and using graph API explorer, I selected my app from app drop down box, requested access token with manage_pages, offline_access and publish_stream permissions.
Using this access token, I was successfully able to post message on page using restfb APIs but when I log out, it starts throwing The session is invalid error.
I read on few posts that offline_access is deprecated. Could someone tell me how to obtain permanent access token?
Thanks
Looking at the docs at: https://developers.facebook.com/roadmap/offline-access-removal/ this is no longer possible.
Desktop applications will not be able to extend the life of an
existing access_token and the user must login to facebook once the
token has expired.
Otherwise, it is possible to request an access token with a longer expiration. Here are the directions: https://developers.facebook.com/roadmap/offline-access-removal/#extend_token
What kind of Access Token do you need? There are three kinds, User AT, App AT and Page AT.
If you want User AT, it seems you are out of luck. I don't think it's possible anymore. You can only get to 60 days. However, if you need Page AT, you can get a permanent one. The difference is, Page Access Token only has access to a single facebook page.
Basically you need to get User Access Token first, with manage_pages permission. When you have one, you have to look at /{pageId}?fields=access_token for your page's id in Graph API.
For more info look at: facebook: permanent Page Access Token?
you will not get any permanent access token as Facebook developer blog explains. you will be given 60 days long lived access token. Before the expiration Facebook will notify you about the expiry and then you can renew it or you can build your own custom control to get the notification on token expiration which you can fetch from Facebook API.