I am new to Facebook application development. I want to create a test user for my application but when I try it using the API
https://graph.facebook.com/APP_ID/accounts/test-users?installed=true&
name=FULL_NAME&permissions=read_stream&method=post&access_token=APP_ACCESS_TOKEN
It displays the following error:
{
"error": {
"type": "OAuthException",
"message": "(#15) The method you are calling must be called
with an app secret signed session"
}
}
I have read & followed the steps mentioned on
https://developers.facebook.com/docs/authentication/
Still the problem persists. Please guide me, what should I do?
Thank You.
You need to get a valid access token - the application access token will do. To get this use:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials
substituting YOUR_APP_ID & YOUR_APP_SECRET with your respective values.
This will return a valid access token that you can substitute for APP_ACCESS_TOKEN in:
https://graph.facebook.com/APP_ID/accounts/test-users?installed=true&name=FULL_NAME&permissions=read_stream&method=post&access_token=APP_ACCESS_TOKEN
You need an 'appId' => 'XXXXXXXXXXXXXX' and a 'secret' => 'XXXXXXXXXXXXXX' one.
From the facebook documentation :
In order to authenticate your app, you must pass the authorization code and your app secret to the Graph API token endpoint at https://graph.facebook.com/oauth/access_token. The app secret is available from the Developer App and should not be shared with anyone or embedded in any code that you will distribute
The link seems to be down at the moment though.
You may use the Facebook Test Java API framework, which wraps the process of creating test users in a Java API. The test user also have access to the user details, the wall, and so on so you may create automatic tests to verify your application behavior.
Related
For my website I use the Facebook API to get the events from a few Facebook pages. For this purpose I have created a Facebook app.
However, even though this used to work before, the API now returns an error:
"message": "Invalid OAuth access token signature.",
"type":"OAuthException",
"code": 190,
Here are the steps to reproduce the error:
Go to app's dashboard on https://developers.facebook.com/apps
Get the app id (APP_ID) and the app secret (APP_SECRET)
Use the app id and the app secret to get an access token by using this url:
https://graph.facebook.com/oauth/access_token?client_id=APP_ID
&client_secret=APP_SECRET&grant_type=client_credentials
This returns something like
{"access_token":"123412342134|f34f34f32fc3rc4rc324r-X","token_type":"bearer"}
I then use this access token to access the events
https://graph.facebook.com/v2.12/{11239244970}/events/?fields={id,name}&access_token={123412342134|f34f34f32fc3rc4rc324r-X}
However, this returns the error mentioned above, "Invalid OAuth access token signature.".
I'm stuck here. None of the posts on here seem to solve my problem.
I've already tried resetting the app secret, but that didn't help. Any hints are greatly appreciated!
It would appear that the reason for this error is that Facebook currently only returns events for pages using the Pages API if you use a user access token and that user is attending, is interested in or has been invited to the events of the page (as answered by #unknown_b to a related question over here).
To get the Client Access Token for an app, do the following:
Sign into your developer account.
On the Apps page, select an app to open the dashboard for that app.
On the Dashboard, navigate to Settings > Advanced > Security > Client token.
https://developers.facebook.com/docs/facebook-login/guides/access-tokens#errors
I have read this:
trying to get app access token
And it doesn't work...
I'm getting the following error:
"error": {
"message": "An active access token must be used to query
information about the current user.",
"type": "OAuthException",
"code": 2500
}
I need the app access token in order to create open graph objects that are owned by the application.
I know how to create objects owned by the users, but I just cant find the correct way of creating the App access token.
AppId -> doesn't work...
AppId|AppSecret -> doesn't work....
App ClientToken -> doesn't work....
Anyone know this?
You can get it directly from the Access Token Tool.
Please note: For security, app access token should never be hard-coded into client-side code, doing so would give everyone who loaded your webpage or decompiled your app full access to your app secret, and therefore the ability to modify your app. This implies that most of the time, you will be using app access tokens only in server to server calls.
It looks like you have a valid token, you're just trying to query for the current user. If you're using the app token, however, there isn't a current user, so it's failing.
If you are using Java language to fetch app access token, you can try this:
DefaultFacebookClient facebookClient = new DefaultFacebookClient(Version.LATEST);
AccessToken accessToken = facebookClient.obtainAppAccessToken(clientId, clientSecret);
System.out.println(accessToken);
To check whether it is valid, use access token debugger.
It is suggested that whether your app uses code or token as your response_type you should perform an automated check on the access_token to confirm that the token belongs to the person the app expects it to belong to and that it was your app that generated the token.
You are supposed to do this on
GET graph.facebook.com/debug_token?
input_token={token-to-inspect}
&access_token={app-token-or-admin-token}
where app-token is app_id|app_secret and token-to-inspect is the user's access_token. Also, I think from reading the documentation you can retrieve an app-token by doing a client-credentials call with the app_id and app_secret.
This is fine with an authorization flow implemented server-side, but what if you're using the implicit method and chose response_type as token (and for whatever reason aren't using FB's javascript SDK)? How do you safely get that app-token without leaking your app_secret? How does FB's SDK do it?
You can generate an app_token in your Facebook developer panel here
and then simply save it into a config file server side. From the developer's page:
App tokens do not expire and should be kept secret as they are related to your app secret.
On my page, I use the following flow:
The user authenticates with the Facebook JS SDK, and then sends his
token + uid to the server.
The server validates that the given token
is related to the given person via a call to the "debug_token"
method, that you spoke of.
If the token + uid combination is valid,
it authenticates the user server side.
I hope this helps.
Several people have asked how to post photos using an app token and the general response seems to be that they should use a user token instead.
However, according to https://developers.facebook.com/docs/concepts/login/access-tokens-and-types/ :
"[y]ou can use app tokens to publish or delete content on behalf of a user who gave your app permissions".
and according to https://developers.facebook.com/docs/reference/api/photo/ :
"To publish a 'photo' object you need
-a valid access token
-publish_stream permission
"
The way I interpret those two statements is that I should be able to POST a photo to .../USER_ID/photos using a valid APP token.
However, when I try to do that I get the message "A user access token is required to request this resource". At the same time I can easily publish to .../USER_ID/feed using nothing but the APP token. It is also possible to submit stories containing "User Generated Photos" with only an APP token.
So an App can do those things with an APP token, but needs a USER-specific token for .../USER_ID/photos? I wonder if this behavior is by design? So far I have not found anything in the documentation to indicate that is the case.
I too was stuck at the same point as mentioned. And the documentation barely helped.
The workaround I used was to take the 'offline_access' permission while logging in and storing that temporary user access token given to the user.
While publishing the photo I used that offline user access token since the app access token didn't work. It worked like it should've although offline_access has been discouraged to be used...it seemed to be the only way for now.
Hi I'm trying to get a JSON file about the list of the friends of Bret Taylor ("btaylor" is a profile of Facebook used for practice). I am reading the Graph API official guide (on FB website) and I am undesrtanding that for this request I need an authorization token code.
I've found an access token code from the link
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&
grant_type=client_credentials
where I've wrote my aps id and secret code but if I try to open the following URL using the access token code
https://graph.facebook.com/btaylor/friends?access_token=MY_TOKE_AUTH_CODE
I get the following error message:
{
"error": {
"message": "(#604) Can't lookup all friends of 220439. Can only lookup for the logged in user (0), or friends of the logged in user with the appropriate permission",
"type": "OAuthException"
}
}
the token code is something like access_token=112701417077438|GnwE4LeR_f_3r-mmxoi79ukgEFd
Where is the problem? With Google I've found some tutorial with long php pages but following the official guide I can't understand how to use all of this code...on the official guide everything appear extrimely short and easy...
First things first, you need to set up your Facebook application. Go to the Developer App:
https://developers.facebook.com/apps
During the process, you will get an App ID and an App Secret. Take note of them.
What to need to do next depends on the type of app you want to create, either a web app or a app on Facebook. You speak about Access Tokens, so I guess you want to create a web app.
Steps are here, it's pretty easy:
http://developers.facebook.com/docs/guides/web/#login
You will need the infos gathered on the first step.