I'm running into a situation where requesting a list of permissions that a user has granted to a canvas application intermittently returns an empty array.
The graph request would look something like this:
https://graph.facebook.com/[uid]?access_token=[token]&fields=permissions
Typically, a normal response would look something like this:
"permissions": {
"data": [
{
"installed": 1,
"email": 1,
"bookmarked": 1,
"publish_actions": 1
}
]
}
Occasionally though the response looks like this:
"permissions": {
"data": [
]
}
The code equates this situation to the user having not granted any permissions and restarts the auth flow. The problem appears to be intermittent, because the users eventually make their way into the application and if I manually retry some of the failed requests I find in logs the permissions are returned as expected.
Looking at the User API docs (http://developers.facebook.com/docs/reference/api/user/), it looks like permissions that are not granted are excluded. It's not clear from the documentation what happens when no permissions are granted. One would assume an empty map, which would render a response something like:
"data": [
{
}
]
However, even if the response is an empty array, the point in the code where this request is made should not be reachable without accepting a least some permissions.
This leaves me with a few questions that I'm hoping someone with relevant knowledge can answer:
Are there any circumstances under which the permissions granted by the user to the application are not available via the Graph API?
Are there any circumstances under which a canvas application can be authorized by the user without granting any permissions? (cancelling the auth dialog results in a request with additional query string params, which is handled differently)
Are there any circumstances under which a user can revoke initially-granted permissions without de-authorizing the application?
Edit:
Based on the discussion below I would like to clarify that my app requires the email permission, which does not appear to be revocable. The app has always required the email permission, so there shouldn't be a case of an older install without that permission.
Nope, not to my knowledge.
That situation is called basic permissions, where no additional permissions are specified in the scope parameter during login
Yes, the app user can revoke certain permissions. Go to (http://www.facebook.com/settings?tab=applications) and click edit on one of the apps (for example Groupon or Music or YouTube) and you can see there's certain permissions that can be removed by the user at any time. So it is good your app reads the permissions it still has available to it. It might save you some wasted graph calls to objects/actions you're no longer able to get.
Related
I have an access token with the manage_pages scope. Using this token, I call the endpoint specified here (GET /{page-id}/photos?type=uploaded).
The result is for some reason lacking all attributes except id and created_time. This is a part of the response:
"data": [
{
"created_time": "2018-10-30T18:12:31+0000",
"id": "1172525292900120"
},
{
"created_time": "2018-10-30T18:10:08+0000",
"id": "1172524459566870"
}
]
The docs says that data should contain "A list of Photo nodes". Looking at the photo node docs, it seems they have exactly what you'd expect.
My app does not have the permission Page Public Content Access yet. But according to their App Review section, it isn't needed for accessing my own page's content. And then again, I wouldn't even be able to get a list of photos if I didn't have access to the page.
While you are testing your app and before you submit it for review, your app can only access content on a Page for which the following is true: The person who holds the admin role for the Page also holds an admin, developer, or tester role on the app.
Why am I missing some attributes in the Photo nodes?
I had to specify which fields to retrieve like this: GET /{page-id}/photos?type=uploaded&fields=images.
I'm using the Graph API Explorer and have given permissions for user_posts, user_likes & user_events.
me/posts and me/likes return non-empty data, but me/events returns this:
{
"data": [
]
}
I do have ongoing and upcoming events (interested) and they are visible on my Facebook profile.
Any idea what's going wrong? Or is it a Facebook bug?
https://developers.facebook.com/blog/post/2018/04/04/facebook-api-platform-product-changes
Testing of our more robust process starts today and the new process
should resume in a few weeks, but apps currently accessing Events and
Groups APIs will lose access today.
This may also be interesting for you: https://developers.facebook.com/docs/graph-api/changelog/breaking-changes#events-4-4
I would like to find the id (app-scoped) for someone who has posted a comment on a public page.
For example, I get a list of recent posts/comments on the NY Times page via:
v2.11/nytimes/feed?fields=comments.limit(10){message,created_time,from},name,message,from&limit=2
The data returned looks like this:
"comments": {
"data": [
{
"message": "Wouldn’t know. Not paying $13/mo for this.",
"created_time": "2017-12-10T05:57:18+0000",
"id": "10151412260164999_10151414049324999"
}
],
There is no from field. The same is also true if I attempt to view the comment directly using it's id with
v2.11/10151412260164999_10151414049324999?fields=from,message,created_time
I have tried using the Facebook Graph API Explorer, using both my User Token, as well as an App Token.
Since v2.11 of the Graph API, you need a Page Token to get user data of comments: https://developers.facebook.com/docs/graph-api/changelog/version2.11#gapi-90
User information will not be included in GET responses for any objects owned by (on) a Page unless the request is made with a Page access token. This affects all nodes and edges that return data for objects owned by a Page.
In other words: You can only get user information if you manage the Page.
Edit: Since the latests update in the Graph API, you have to get the App reviewed and you must go through Business Verification or Individual Verification. (thanx #Guiman04)
Please check whether you are using the accessToken for the page you are trying to get data from, i had same issue, and was resolved by using the correct accessToken for the page.
This question already has answers here:
Facebook Graph API v2.0+ - /me/friends returns empty, or only friends who also use my application
(8 answers)
Closed 6 years ago.
I'm building a Rails backend for an iOS app. The backend needs to interface with Facebook to grab and use each user's Facebook friends.
But the Facebook 'friends' request is returning empty.
I'm essentially making the following request:
curl https://graph.facebook.com/[FILTERED_USER_ID_FOR_APP]?fields=friends&access_token=[FILTERED]&debug=all
I've looked at a ton of StackOverflow posts about this (this one, and this one, and this one, and more), but haven't found an identical problem or a solution that fits.
I seem to have set permissions correctly. Both on the Rails app and when the user authenticates through the iPhone app, I've set user_friends to be one of the permissions, and, in fact, when someone registers now, it asks them to OK the user friends permission.
But when I actually request their friends, I get a response telling me that there are many friends, but not returning any of them. The below response is for a user who definitely has friends on the app.
{
"data":[],
"summary": {
"total_count": 419
},
"__debug__": {
"messages": [
{
"link": "https:\/\/developers.facebook.com\/docs\/apps\/versions\/",
"message": "No API version was specified. This request defaulted to version v2.7.","type":"warning"
},
{
"link": "https:\/\/developers.facebook.com\/docs\/apps\/changelog#v2_0",
"message": "Only friends who installed this app are returned in API v2.0 and higher. total_count in summary represents the total number of friends, including those who haven't installed the app.",
"type": "info"
}
]
}
}
What's perplexing to me is that a) The App ID/User ID/Access Tokens seem right, because I can get basic profile info, and b) I do not get an error telling me that the request doesn't have the proper permissions. If I make a similar request without permissions on the explorer, it returns a relevant debug note:
{
"message": "The field 'friends' is only accessible on the User object after the user grants the 'user_friends' permission.",
"type": "warning"
}
If I make it with the right permissions in the explorer, it returns a list of friends (in the data array).
So it doesn't seem to be a permissions issue, but the request is returning an empty friends list. Any ideas?
With Igy's help (pointed to this answer), I found the specific answer to my issue, which seems worth adding here.
The problem was that the new 2.0+ API version only returns friends:
Who are on the app
Who have agreed to the user_friends permissions themselves.
1 was all figured out, but because I'm still testing the app out, and nobody had yet accepted permissions, my test user was the only person who had accepted permissions. Nobody else had accepted user_friends, so nobody showed up as a friend of the test user. Getting a friend of the test user to add the permissions fixed the problem, adding that friend to the list of friends returned.
I'm currently working on a facebook app which captures wall posts for a specified user, page or group, after a user has authorized the app I quote the access_token that is returned to call the method
https://graph.facebook.com//feed?access_token=
this works fine for pages and groups as we only need a valid token, however for users the results are different depending on the relationship between the user who authorized the app the user whose posts are being captured.
For example if there is no relationship between the two users some posts are not returned even though they are public and displayed when you view the profile of the user, however if they are friends more posts are returned.
Can someone please explain this behaviour? And is it possible to obtain all posts using this method?
Yes, per the permissions listed at https://developers.facebook.com/docs/reference/api/permissions the results of the call are different depending upon the relationship.
However when things are public and you use an access token that doesn't belong to the user, then no results are returned. I cannot remember a time when this wasn't this way. For some odd reason (by design or omission on Facebook's part) using the graph API to get at public posts using a user access token just doesn't want to work.
For example, You can see some public items here
http://www.facebook.com/zuck
http://graph.facebook.com/zuck
However, you cannot seem to get any feed from here without an access token
https://graph.facebook.com/zuck/feed
{
"error": {
"message": "An access token is required to request this resource.",
"type": "OAuthException"
}
}
Let's try adding an user access token that does not belong to zuck or a friend of zuck. https://graph.facebook.com/zuck/feed?access_token={UserAccessToken}
And here's what we get:
{
"data": [
]
}
What about an app access token? Let's try
https://graph.facebook.com/zuck/feed?access_token={AppAccessToken}
{
"error": {
"message": "Invalid OAuth access token signature.",
"type": "OAuthException"
}
}
So as you can see, it's difficult to get things via the graph that are not in alignment with your access token.
I manage to get most of the feeds from user's wall post. Although this is a old post, I hope someone can manage to get what they want from my answer.
Before getting the access token(to get the feeds), you need to add multiple correct Read Permissions "keys".
For example, you will have to add "read_stream", and "user_status" (which I found that these are the most important permission "key" to generate the correct access token, to retrieve one's so-called "public" feeds).
You can add more into generating the access token, in either you want the permission to GET, or POST, or BOTH.
Source is here: https://developers.facebook.com/docs/howtos/ios-6/#nativeauthdialog
One thing that I found is, the way to get the feeds result from user's "Home/About" page and Facebook Page (which is created for people to like (not add friends)) are different. The key is mentioned above, "read_stream", and "user_status". So it's better that you add both of the permissions in order to generate the access token to get everything in feeds.
Graph API doesn't return posts to the App if is not authorized to read user feed, even if posts are public.
Source: https://developers.facebook.com/bugs/290004301178437/
According to the latest api ,
FB.api("/me/feed","get",function(response) {//callback})
should do and also work well .
It is working now but facebook may change it in future.