Interesting problem I'm having right now.
Signing in an App gives a access token looking something like this:
AAACwFsGcSr4BAOGUTwfuZAWuUcwZC0rJ7noZCKMqhBI7ivDCsIGqduGIZCus5PRaS6KuREqxLmhfvZAZAkz5WCpFfANtUpYHgZD
This access token can't access users PUBLIC information, while one issued by Facebook on developers.facebook.com - CAN.
You can easily test this by logging to your facebook and going to this link: http://developers.facebook.com/docs/reference/api/
You'll see that Facebook automatically generates access token on DEMO urls like this one:
https://graph.facebook.com/me/music
?access_token=2227470867|2.AQCvlA_ZaJ2MfRR0.3600.1318266000.0-100001572415177|2FeweU6ZvOQS9OCF5ZBV58_PtPg
If you would change /ME/ to any user which has his MUSIC posted as public, you WILL be able to access that data with Graph API.
Now try to get an access token to your APP and call the same Graph API method with generated access token, the returned data is empty JSON object.
Whats’ the difference between these access tokens? How to obtain access token, that I could get public information using Graph API?
I was thinking that logging in your APP is the highest possible access token and the only higher token is token with specified permissions...
Any guidelines would be great :)
http://developers.facebook.com/docs/reference/api/permissions/
I believe the difference is that you can specify additional permissions in a scope parameter,
so if you wanted to read a user's feed you would have to specify read_stream. I was trying to accomplish this with an access token from a server-side authentication flow in ruby, but the access token only allowed to me to navigate accross a certain portion of graph.facebook.com/user_id/feed? requests. If you get any insights or comes across a solution shoot it my way too, if you can.
Related
I know how to get short-term user access token then extend it to long-term access token (facebook) when i have my own app id and app secret. But now I want to get and extend the access token provided by Graph Api Explorer. How can I do it ?
If we do it manually, we get an access token from Graph Api Explorer but its short term and will expires in about 1 hours, how can I make it a long-term access token?
This is not possible. To extend the Access Tokens, you must utilize an app_id as well as an app_secret. I assume you don't have the app_secret of the Graph Explorer, so this might get difficult.
See
https://developers.facebook.com/docs/facebook-login/access-tokens#extending
I still have this issue and Tobi not understood the problem.
The Facebook Access Tokens are really problematic most of times and this is one of the bigger issue.
I have a facebook stream plugin where user can show their personal profile posts.
But the only access token that work is the one generated by Graph API Explorer and this can not be extended. Any other access token associated to an APP will not work.
Is incredible that Facebook not have a tool to allow users to generate an access token for access their personal informations.
Currently there is not any working solution. Incredible.
I implement some facebook related stuff and accessing graph api for that pourposes. But for implement Integration testing I need a simple strategy to get access_token. So I create test user for that. How could I get access_token only with server side involved, without including browser in the chain. Ideally I just need to exchange login/password to the token.
Correct workflow loooks like this:
According the correct answer, there is special tests users provided by facebook.
To to be able to tests system properly you need to do the following flow
Get application access token
Request application's tests user's via "GET /{app_id}/accounts/test-users"
Parse response and extract access_tokens for each user from that response.
You can't exchange the login/password for an Access Token, but you can create test users programmatically. Have a look here:
https://developers.facebook.com/docs/graph-api/reference/v2.0/test-user
https://developers.facebook.com/docs/graph-api/reference/v2.0/app/accounts/test-users
How to get an access token with the right permissions for a test User
https://developers.facebook.com/docs/graph-api/reference/v2.0/user/permissions/
Short answer: You can´t.
Server side you can only get an App Access Token, Page Access Token or extend an existing Access Token.
So it depends on what you need to achieve, if you just want to get public stuff from a Facebook Page, even an App Access Token may be good enough. But you cannot create User Access Tokens server side.
It may be possible with real test users created via the Graph API itself though, see Tobis answer for links about that. But it is definitely not possible with username/password.
I am trying to retrieve the ads report stats, outlined here:
https://developers.facebook.com/docs/reference/ads-api/adreportstats/
But I am currently stuck with generating an access token. I was going through here: https://developers.facebook.com/docs/reference/ads-api/overview/ ,
And it looks like the only way to generate an access token is to generate it by using live web app.
Is there any other way to generate an access token?
Yes, the only way to get a User access token is to have a user authorise your app via the documented login methods: full documentation here: https://developers.facebook.com/docs/facebook-login/overview/
No.
At least not as far as I can tell. It appears that you need 3 things to generate the token:
App Id, App Secret, Url
https://developers.facebook.com/docs/reference/ads-api/overview/
in the Provide Authorization section.
I'm having a similar issue.
You don't want a client token, you need to generate an access token for the ads reporting.
I've found the Facebook API somewhat confusing because they seem to blur the lines of Access Tokens for accessing user information, and Access Tokens for accessing reporting information.
I'm new to the Facebook Graph API!
I want to display the 5 latest news feed items from my public Facebook page. I understand you can do that through https://graph.facebook.com/cocacola/feed/?limit=5, but it requires an access token, however, https://graph.facebook.com/cocacola doesn't.
When these access tokens are generated through Facebook's Graph API Explorer, what permissions are given for the token? Just the information already displayed in the above link?
So would it be safe to use the access token via cURL's PHP? I only need read access. Would it be insecure to display the access token in the source code? I'm confused as to why the latter link doesn't need an access token while the /feed/ does, even though it's a public facebook page.
when you use your app in a website there is a parameter that defines how much access you have from the user, u can set up params like, email, photo_stream, friend_stream, etc. when the user accepts the conditions, the generated AUTH TOKEN has permisions from that scope.
On the documentation page for Facebook Graph API there are a lot of example links such as https://graph.facebook.com/me/likes?access_token=SOME_AT
Could anyone explain how the access_token for these links are generated?
All I've read in the documentation were about getting access_token only for applications, but on that page everyone could get an access_token without one.
You can use the graph API to get public information. People set privacy settings on facebook, so to prevent social freaks from stalking you, they(fb) created Autorisation.What I believe is that on the documentation, they are generating the access token using the Developers App. You can generate this Access token by making an application and asking a user to Authorise your application to access his data using OAUTH dialogs. Usually people reading at developer.facebook.com have enabled the Developers app so it easily opens your information.
The Graph API as such allows you to
easily access all public information
about an object. For example,
https://graph.facebook.com/btaylor
(Bret Taylor) returns all the public
information about Bret. For example a
user's first name, last name and
profile picture are publicly
available.
To get additional information about a
user, you must first get their
permission. At a high level, you need
to get an access token for the
Facebook user. After you obtain the
access token for the user, you can
perform authorized requests on behalf
of that user by including the access
token in your Graph API requests:
The access_token in these links are generated using your Facebook identity and an application ID (presumable associated to "developers.facebook.com"). If you go to the same page with another Facebook account, you will see different access tokens.