In my app a user grants my application extended permission and I get the access token and store it as its a long lived access token.
This user is shown a list of their friends and they select one.
I store their name and fbuid in my database.
Now on a day in the future I want to send a message to this friend's wall.
Is this possible?
If not what other options are there to send a link to the friend in Facebook when the initial user is offline?
* Update
I was able to do this with the long lived access token and offline access as follows:
access_token = "AAACvmqy1nYoBAAZCk*************dZAMjsLxKxR7DaZBE0NxY8ZBGBW1q2mzsB9TDT0RvgeQcDdnyFJNAYRf0icnhlbikZD"
appID = '19307***********'
message = "Happy Birthday from your friends."
name = "Click here for your Birthday Surprise"
redirect_uri = URI.parse('http://localhost:3000/facebook/')
link = "https://www.facebook.com/dialog/oauth?client_id=#{appID}&redirect_uri=#{redirect_uri}"
caption = "Your friends have created a surprise for you. Click the link to see what it is."
picture = 'http://www.birthdaywall.net/logo-mail.png'
userID = '100002*********'
uri = URI.parse("https://graph.facebook.com/#{userID}/feed")
req = Net::HTTP::Post.new(uri.path)
result = req.set_form_data({:access_token => access_token , :message => message, :app_id => appID, :name => name, :link => link, :caption => caption, :picture => picture, })
sock = Net::HTTP.new(uri.host, 443)
sock.use_ssl = true
sock.start do |http|
response = http.request(req)
end
I don't know if this is the best way but it works for me so I am using it. If anyone has a better way I would be very happy to know about it.
I guess you have the publish_stream permission already. You also need the offline_access extended permission to make your access token live long:
Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when they are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
See here: https://developers.facebook.com/docs/reference/api/permissions/
Related
I am trying to do something like this. Lets say a user used FB Connect for registration in our site, so I can get the "uid" of facebook and I can store in DB. Now what I want each time that user will visit a store details page or item details page I will post that store/item image with link, photo, description etc to FB timeline.
Something like this:
$post_id = $facebook->api('/me/feed/', 'post', array(
'message' => $products_name, // item name
'link' => 'http://www.blabla.com/item/myshoes', // item url
'picture' => $fb_img_src, // item image
'caption' => $products_name, // item name for caption
'description' => $products_description // item description
));
} catch (FacebookApiException $e) {
$user = null;
}
This process works fine if user logged in to FB by using our FB app. But as I said I want to post if they not even logged in by using their facebook "uid".
Is it possible to authenticate that user depending on facebook "uid"?
Thanks in advance! Any clue/help will be appreciated!
I strongly believe that posting anything to user's Facebook without their's consent or even their action will surely and quickly encourage them to leave your site forever. Do not do this.
Anyway - to answer your question:
Yes, it is possible to get access to user's Facebook and "do stuff", especially when a user is logged in both on Facebook and on your site. You just need to obtain user's access token (read about it in the docs), and make sure the users grants your app all aproppriate permissions. There are also access tokens that can be used offline (user is not even online), but I'm not going to discuss it here.
One way to obtains user's access token is to redirect the user to FB login url providing your APP_ID (as described in FB developers docs). FB will then redirect the user to your Fb-login URL with access code/access token, which enables you to do something like posting to users timeline.
Of course actions that you can take are limited according to permissions said user has granted for your app. And I have to remind you - it's a thin ice you're stepping on.
I am using the OAuthWebSecurity with MVC to allow users of my website to login using Facebook's oAuth. Everything works fine, and I have a test user authenticating fine.
My question is based on the details Facebook can provide. I am currently returning the user details using the following...
AuthenticationResult result = OAuthWebSecurity.VerifyAuthentication();
This will give the follwing details:
UserName (email)
ProviderUserId
I also get a ExternalData object which has:
UserName
Name
Gender
Do you know if it's possible to get further data, maybe DoB, photo etc?
Pardon me for not framing me the full answer. I am just supplying a link. Please check
http://blue-and-orange.net/articles/facebook/displaying-facebook-user-data-in-aspnet-mvc-4/
Everything is explained here.
For setting permission you can go through this documentation
https://developers.facebook.com/docs/facebook-login/permissions/
if you were to request a user's email address, but never asked them for the 'email' permission, you would receive an OAuth error as show below.
try {
var client = new FacebookClient("my_access_token");
dynamic result = client.Get("me/email");
var email = (string)result.email;
}
catch (FacebookOAuthException) {
// The access token expired or the user
// has not granted your app 'email' permission.
// Handle this by redirecting the user to the
// Facebook authenticate and ask for email permission.
}
I created facebook app that is requesting aditional permissions read_stream and publish_stream.
After user accepts app and allows app to read posts when I try to get posts with fql query I get empty results.
Here is code
$appAccessToken = APP_ID|APP_SECRET
$fql = 'SELECT post_id, type, likes, source_id, created_time, privacy, comments FROM stream WHERE source_id = xxxxxxxxxxxxx';
$param = array(
'method' => 'fql.query',
'query' => $fql,
'callback' => '',
"access_token" => $appAccessToken
);
$fqlResult = $facebook->api($param);
and results are empty array
Array
(
)
I can get results for active user using user_access_token ("access_token" = $facebook->getAccessToken();) or even without access token in fql query.
The problem is that I need access to all user posts that are using app not only for active user. What would be the best way to read stream for offline users?
You could request a long lived access token
https://developers.facebook.com/roadmap/offline-access-removal/
but you cannot use an app access token to read a private user stream. You can only use a users access_token to read their stream as it is a user permission and so requires their access token to validate they have authenticated your app with that permission. In fact if you look at the docs for the stream table, it mentions you can only read it for the current session user (it's the sentence above the 1st 2 bullet points)
https://developers.facebook.com/docs/reference/fql/stream/
An app access token should be able to read public posts by a user though.
I'm not sure what the implications are on storing the long lived access token so you will have to do your research to make sure you don't violate any TOS.
I am trying to work out how to post to a Facebook page wall, when using my app as a different Facebook User (who is not the Page Administrator).
I get a range of error messages while testing:
Exception: 200: The user hasn't authorized the application to perform this action
The page administrator has visited the app and accepted the following permissions: publish_stream, manage_pages, offline_access
Here is the code I plan to use:
// Insert Page Administrators ID here
// This user is not the same user that is currently logged in and using the app
// This user is the page administrator who has authorised:
// - manage_pages
// - offline_access
// - publish_stream
$user_id = '123456789';
// Insert Page ID here
$page_id = '123456789';
$accounts = $facebook->api('/'.$user_id.'/accounts');
foreach($accounts['data'] as $account)
{
if($account['id'] == $page_id)
{
$page_access_token = $account['access_token'];
echo "<p>Page Access Token: $page_access_token</p>";
}
}
// publish to the wall on your page
try
{
$result = $facebook->api(array( "uid" => $page_id,
"method" => "stream.publish",
"access_token" => $page_access_token,
"message" => $message, ));
}
catch (FacebookApiException $e)
{
error_log('FB Error: Could not post on Page Wall. Page ID: ' . $page_id);
error_log('FB Error Message: ' . $e);
}
Note: There may be PHP errors in the code above, as I just spliced it on the fly, but its not so much the PHP errors I need correcting, but more my logically understanding of how I am meant to go about this process.
PROBLEM:
I can't access the $user_id/accounts information without an active user access token for the Page Administrator.
The end result that I'm trying to achieve is:
1.) A normal FB user goes to the app and submits a form
2.) The app posts a message on a FB Page wall, which is not owned by the FB user, but has previously been authorized by the Page Administrator with the following permissions manage_pages, publish_stream and offline_access
Q1. Since the Page Administrator has accepted the appropriate permissions, why can't I just generate an active user access token, without the actual Page Administrator user logging into the website?
Q2. Is there a way I can get the equivalent of /$user_id/accounts for the Page Administrator user_id, when logged into Facebook as a different user (which is why I do not use /me/accounts)?
Q3. Please confirm that my understanding of needing the page access token to post to the page wall is correct (or do I need the user access_token for the Page Administrator - see Q1)?
Q4. Anyone have a handy resource on what each type of access_token can actually access?
If you need any more information, please let me know.
I've spent the last few days working on this and I'm stuck.
Thanks!
You can ask the page admin for manage_pages along with offline_access. I do this in my production app to be able to post scheduled postings onto the pages' walls.
Nope. Not possible. That's what asking permissions is all about. And why not everyone gets to administer everyone else's pages. Could you image if you could administer anyone's page without them granting you access?!?
To post to the page as the page, you need a page access token. To post to page's wall as a user, you need a user access token.
Yes, please see: https://developers.facebook.com/docs/reference/api/permissions and https://developers.facebook.com/docs/authentication/
If you have further questions about any one of these, please start a new question. It's not really fair to users of stackoverflow to be hit with 4 questions in one and then to be asked followup questions to each of those.
I have done in Django:
Step to get Page_access_token:
facebook_page_id=360729583957969
graph = GraphAPI(request.facebook.user.oauth_token.token)
page_access_token=graph.get(facebook_page_id+'?fields=access_token')
This way you can get Page access token.
You can check this thing on Fb GraphAPIexplorer:
http://developers.facebook.com/tools/explorer
GET URL: fb_page_id?fields=access_token
for example: 360729583957969?fields=access_token
that will give you page_access_token
I'm using the php sdk v3.0.1.
I am trying to get offline access from users.
When my app requests permission from the user, it does so for the currently logged in user. I'd like to first check if a facebook account is logged in, and if so display a message. for example:
User "John Doe" is currently logged in.
then I'd have a link to "log out" or a link to continue to the permission page.
I was trying this but it always returns 0:
$facebook = new Facebook(array(
'appId' => 'XXX',
'secret' => 'YYYYYYYYY',
));
// Get User ID
$user = $facebook->getUser();
if($user)...
else...
the if statement always fails and then when the else is procesed and I send them to the login page, it requests permission for the currently logged in user (which I don't want).
I've searched extensively and can't find an answer. :-/ Any help or suggestions would be appreciated. I'm completely new to the facebook api.
Basically you would like authentication and permission requests to be separate. Correct me if I'm wrong about that. So you can just send users through a plain authentication step:
$loginUrl = $facebook->getLoginUrl();
and then later send them through again with the proper permissions.
$arg['req_perms'] = "[permissions here]";
$loginUrl = $facebook->getLoginUrl($arg);
This will get you a separate login and permission request step.