Facebook c# sdk get user id from signed request - facebook

I have a minor problem in facebook c# sdk
I just want to get the facebook user id without asking for permissions , just from the signed request. Up to now i have written the code below:
var current = new DefaultFacebookApplication { AppId ="***", AppSecret = "***" };
dynamic signedRequest = FacebookSignedRequest.Parse(current, Request);
var UserId = (string)signedRequest.Data.user.id;
My first question is :is that is possible? Is it possible to get the user id without oauth?
Secondly , if it is possible is the (string)signedRequest.Data.user.id statement correct?;

You cannot get the Facebook user id from the signed_request unless they've authenticated your app. It is a privacy issue.

Related

Facebook: Can't publish on user feed in test mode

I have developed a Facebook app in test mod and I want to publish on the test user's wall.
this is the link where the user register and accept the permissions:
https://www.facebook.com/dialog/oauth?type=user_agent&client_id=MY_APP_ID&display=popup&redirect_uri=THE_URL&scope=email%2Cpublish_actions
After that I am getting an some sort of a token, using this token I am doing the following request to the graph:
/oauth/access_token?client_id=MY_APP_ID&client_secret=MY_APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=".$token
the token coming back is now being used by me to get the user's details from the graph:
/me/?$user_access_token&fields=name,age_range,id,email,gender,currency,locale,timezone"
I am getting in result all the fields listed above. (one strange thing, the id coming back is not the test user's public id, the other field are correct...)
when I want to post so someones wall I am running this int the graph:
/oauth/access_token?client_id=MY_APP_ID&client_secret=MY_SECRET&grant_type=client_credentials
the token coming back will be used here:
$token = self::getAccessToken($app_id,$app_secret);
$post_array = array();
$post_array['access_token'] = $token;
$post_array['message'] = urlencode($message);
$post_array['link'] = urlencode($link);
$res = self::post("https://graph.facebook.com/".$user_id."/feed?",$post_array);// the user id might be wrong?
and I am getting the following error:
{"error":{"message":"(#200) Permissions error","type":"OAuthException","code":200,"fbtrace_id":"EO5WvMfYYgC"}}
What can it be?
the fact that I am in test mod?
or maybe the user's ID i got back is wrong?
Thanks
The ID is correct, you only get an "App Scoped ID". You are not supposed to use the global/public ID anymore, and you should use /me/feed for posting, not /user-id/feed. You can only post on the wall of the authorized user anyway.

Error in getting active access token from FB

I am having the following code to access FB graph API.
var fb1 = new FacebookClient();
dynamic result = fb1.Get( "oauth/access_token", new
{
client_id = "523408...",
client_secret = "25bd19645....",
grant_type = "client_credentials");
}
var apptoken = result.access_token;
FacebookClient fb = new FacebookClient(apptoken);
dynamic FriendList = fb.Get("me");
string t = FriendList.ToString();
Console.WriteLine(t);
Console.ReadKey();
}
But when I execute it, it is giving this error "(OAuthException - #2500) An active access token must be used to query information about the current user."
Can somebody please tell me how to get active access token using C# code?
The "User" generates the Access Token, not the server.
This page gives you a way to do it thru Facebook CSharp SDK:
I personally use Facebook JavaScript SDK for the Login and pass the Access Token to the server to make calls.
http://facebooksdk.net/docs/web/permissions/
This page gives you information about different authentication workflows:
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.0
https://developers.facebook.com/docs/facebook-login/access-tokens/
Hope it helps.
I think access token and user (me) they're not the same person. Check Access token and user. I think we all have this problem.

facebook renew access token

I am building desktop application which should commit some stuffs from file system to Facebook.
Application should not give user login form at all.
C#, VS2010 are used.
I have for Facebook App:
client app id
client secret id
token (which is extended, so it is valid for next 60days).
Idea is to somehow renew the access_token, since Facebook doesn't give permanent access_token (offline_token).
So I have tried this:
var fb = new FacebookClient();
dynamic results = fb.Get("oauth/access_token",
new
{
client_id = "aap_id",
client_secret = "secret_id",
grant_type = "fb_exchange_token",
fb_exchange_token = "existing_token"
});
String newToken = results.access_token;
With this code I get newToken, which is different from existing.
My Question:
If this code is run, lets say day before it is expired, will the new token be valid for new 60 days or not?
Or should again be requested extended token?
Thanks,
Ljiljana.

Facebook SDK Login URL Exposing the Client Secret?

I'm currently building a website where I'll offer the users a link to share a photo on Facebook, whereby the application would:
Provide the user with a link to request permissions from Facebook
Redirect back to the website with the access code from the user's acceptance of the permissions
Server-side post the photo to the user's photos
To generate the link for the first step, I'm doing this:
var fb = new FacebookClient();
var options = new
{
client_id = "MY_APP_ID",
client_secret = "MY_APP_SECRET",
redirect_uri = string.Format("http://localhost:51182/Home/FacebookShare?path={0}", Server.UrlEncode(path)),
response_type = "code",
scope = "publish_stream"
};
var loginUrl = fb.GetLoginUrl(options);
Then this loginUrl value is added to my MVC ViewModel and used in a link in the View.
However, I've noticed that the loginUrl contains the client_secret value in clear text. Isn't this a bad thing? Shouldn't users not be able to see the client_secret? Did I go about this the wrong way?
The fb.GetLoginUrl method is rather simple, in that it just adds anything you give it inside the options object as parameters to the URL created.
So take
client_secret = "MY_APP_SECRET",
out of your options object, and it should not show up in the login URL any more.

Facebook status update with PHP

My requirement was to update members status from my site, i am also thinking about displaying their friends photos and their last status update.
I have looked all over the docs and cant decide which works for my need. RESTful API, JavaScript API, FQL, XFBML, FBML, FBJS ?? whcin one works best? or best way?
It should be like, when they first go to the page,there will be nothing but a login option. when they click on it, a pop up should appear and when they are authorized, we display a text area to post update. Here, i wanted to show their friends pics too
when they came back later, they should able to post right away, must not ask for login again.
Can some one help me with the code?? I dont expect you to write everything, get the friends pic and their last update into a PHP array would be nice.
Many thanks
If u need to update users data stored at ur database so u will use the facebook API to check user signed in and get his data. i have an ifram application at facebook and i am using C# code (asp.net application) and when the user request the application i authenticate that he is signed in to facebook and check if he is already exist in my database? if not so i get his information(by using facebook API) and add the user in my data base and each time he visits the application i update his information.
With respect to his friends i get all facebook ids of the user friends and then loop these IDs and get the pic of each ID.
Download Facebook Developer Toolkit that enables u communicate with facebook and use facebook API to get user information.
hope that is will help u
Visit my application in facebook and u will see these features at the following link :
http://apps.facebook.com/hanggame/
Getting the session Key :
protected void Page_Load(object sender, EventArgs e)
{
//Facebook code for integration with facebook users:
_fbService.ApplicationKey = "Application Key";
_fbService.Secret = "Secret Key";
_fbService.IsDesktopApplication = false;
string sessionKey = (string)Session["Facebook_session_key"];
if (Session["Facebook_userId"] != null)
userId = (long)Session["Facebook_userId"];
// When the user uses the Facebook login page, the redirect back here will will have the auth_token in the query params
string authToken = Request.QueryString["auth_token"];
if (!String.IsNullOrEmpty(sessionKey))
{
_fbService.SessionKey = sessionKey;
_fbService.uid = userId;
}
else if (!String.IsNullOrEmpty(authToken))
{
_fbService.CreateSession(authToken);
Session["Facebook_session_key"] = _fbService.SessionKey;
Session["Facebook_userId"] = _fbService.uid;
Session["Facebook_session_expires"] = _fbService.SessionExpires;
}
else
{
Response.Redirect(#"http://www.Facebook.com/login.php?api_key=" + _fbService.ApplicationKey + #"&v=1.0");
}
userId = _fbService.uid;
//End of Facebook code
}