If anyone is familiar with the fql query, why am I getting this error for the next query:
https://api.facebook.com/method/fql.query?query=SELECT%20post_id,%20actor_id,%20target_id,%20message%20FROM%20stream%20WHERE%20source_id%20=%20302056140380%20AND%20updated_time%20%3E%201111111
This is the page:https://www.facebook.com/Inna?sk=wall
All I want to do is to retrive the last posts from Inna's wall.
Thank you very much;
You need to provide a valid access_token with the FQL request even though the data is public. You can test it here. You won't need to have any permissions granted to access the feed, but you will need to provide the token.
You will need an access_token of type "Any Valid" as defined here. In short, it means that you can use any access_token that hasn't expired. One easy to obtain access_token is an app access token which you can obtain by going to:
https://graph.facebook.com/oauth/access_tokenclient_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials
You will find YOUR_APP_ID and YOUR_APP_SECRET under your created apps page (or you can create one there if you don't have one).
When you provide the app id and secret to the oauth, you will receive an access_token which you can use for the request until the token expires.
Related
I've found in documentation that it is possible to use appId and appSecret pair as access_token in the format "appId|appSecret".
The problem, when I'm using this technique with graph API, I don't receive the full information, only some of the fields (permissions are set in the app settings). When I'm trying to use it with FQL I get "A user access token is required to request this resource." exception.
Could somebody route me on the right track how to perform API requests?
My application is running on the server-side, that's why I've chosen these method.
E.g.
When I run GET request on https://graph.facebook.com/me/friends?fields=name&access_token="app_id|app_secret" I get correct response. But when I run https://graph.facebook.com/me/friends?fields=name,notes&access_token="app_id|app_secret" the query returns only friends id's and names. It's worth to mention, that I user has granted access to "notes" for that application.
I think this because this kind of access token can replace the app token, but not the user token.
And with the app token, you can:
This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.
It means that with this kind of token, you don't have any special permission, so your request cannot work.
What you could do is send the user access_token to your server and then use this token to perform the API request.
I have the access token from the user, and I want to retrive the data from their profile. I am working on Unity3D c# therefore I can not use any SDK.
Is there a way of getting it trough a graph request?
I've already tried with
https://graph.facebook.com/me?access_token=00000000000000|AAAAAAAAAAAAAAA
but throws me an error like this..
"message": "An active access token must be used to query information about the current user.",
When I ask for permissions I ask the user to allow me the publish_stream and to access profile data.
How do I get an active access token? I just want the UserID.
Thanks for your answers, and sorry for my terrible english.
So I wanted ti get the User UserAgent Token the only thing that you must do is add that parameter to the Access URL in my case
https://graph.facebook.com/oauth/authorize?type=user_agent&client_id=000000000000000&redirect_uri=http://yourRedirectdomain.com&scope=user_photos,email,user_birthday,offline_access,plublish_stream
Facebook will redirect you to the redirect_uri URL, and the access token will be given in form of a hash. Extra Tip: Yo have to access the Hashed token vía Javascript,
var hash = document.location.hash;
var n=hash.split("=");
This is one method, Im sure there is a better one.
Thank everybody for the answers!
you're Graph Call / HTTP request looks about right.
I'm guessing, based on the error, that the access token has expired.
Normally, they last for about 1-2 hours since the last time they were used. (If i recall correctly). So, a user will start using a website, and the website can make graph calls with the access token while the user is actually using the website for that session, but the token will expire soon after that.
However, you can also ask Facebook for a longer lasting access_token, which will last for approximately 60 days.
Check here for some info :: http://developers.facebook.com/roadmap/offline-access-removal/
As it stands, trying to find this info through browsing the developer docs in Facebook is rather difficult, if not impossible. :-/
You can’t query the API for /me with an app access token, since the API has no way of knowing who “me” is supposed to be.
Only user access tokens contain the info which user id they apply to, and hence only those can be used to query /me successfully.
I am trying to get the post of a Facebook Page throw iOS API and I can't do it without login before (without access token). Is there any kind of solution to make this? Does anyone know it?
The App report me the follow error:
An access token is required to request this resource.
UPDATE
I generate one access token with this structure: APPID|APPSECRET and give it an expiration date. With this, I can access to the public data of my Page :)
Thanks,
David
Graph API Documentation seys:
posts [..] any valid access_token or user access_token
More informations you can find there http://developers.facebook.com/docs/reference/api/page/
Here is live example http://developers.facebook.com/tools/explorer/?method=GET&path=19292868552%2Fposts
+1 well... facebook data is all about "user", therefore you always need valid access_token
there are few exceptions though,
for example, you can display user profile picture without token,
see example;
https://graph.facebook.com/100001789213579/picture?type=large
Using the above libraries, I can get the details of a user, his authorisation, his friends, but only once: I need to store the access_token and key in database, so the user can access his friends walls or other public details.
Can anyone help?
(I have used OAuth for Twitter and Tumblr, but I can't get it for FB).
https://developers.facebook.com/docs/authentication/
Be careful with saving the token. When not requesting all-time permission, it expires in a certain time (what might be your problem)
When using a canvas app (the ones integrated in apps.facebook.com) requesting another token is quite simple. Facebook posts a signed_request parameter to your app whenever a user accesses it (https://developers.facebook.com/docs/authentication/signed_request/).
Decode it, pass it to the Graph API, profit.
if you need a generic access_token without a login... you can use $appID ."|". $secKey
this is called a APP access token, so it would be logged in as the "Application" not a user
!!! make sure you use this on https://graph.facebook.com/ !!!
hints the "https://" for secure SSL connection
but the API already determines this.
Is it possible to decrypt Facebook's new OAuth 2.0 access_token ?
I need to somehow get user_id and app_id from the access_token.
PS:
I need to get the user_id and app_id ONLY from the access_token as Facebook Linter used to do.
As others have already pointed out, the access_token is a unique random string, so it cannot be decrypted as such. Also, we all know that the user_id and app_id are prerequesites to generate the token in the first place.
However, let's assume you stored your token(s) in a database and lost the associated user_id and app_id. In that case, it is a valid question on how to retrieve them having only the token at hand. If your token is still valid, this is possible. If it is expired, you're out of luck.
To retrieve the user_id, make a call to:
https://graph.facebook.com/me?fields=id&access_token=xxx
To retrieve the app_id, make a call to:
https://graph.facebook.com/app?fields=id&access_token=xxx
In both cases, the associated id's will be part of the JSON response, regardless of the access_token being an encrypted or unencrypted one.
Let's illustrate this with an example. Let's assume Mark Zuckerberg uses the Graph API Explorer to generate an access_token. Calling the /me endpoint gives you:
{
"id": "68310606562"
}
and calling the /app endpoint gives you:
{
"id": "145634995501895"
}
The ids you were looking for are part of the response.
Please note that this does not work with the access_token shown on https://developers.facebook.com/apps (not sure if this is a Facebook mistake or intentional). Please use the access_token that your app receives via OAuth.
If the access token is in the encrypted format, there's no programmatic way to determine the User ID and App ID.
I struggle to think of a legitimate way you could have come across an access token without already having those two pieces of information since presumably you know your own App ID and the User ID you stored the access token against.
Nevertheless, assuming there's a legitimate use-case for this:
a call to /me?fields=id will return the user ID and/or you can use the debug tool at https://developers.facebook.com/tools/debug to debug the other properties of the access token
Generally you use the access_token to access other data from your application. So for example, your application would authenticate the user then use the access token to access other functions in FB's API, such as the graph:
https://graph.facebook.com/me?access_token=<access_token>
There is no public way of decrypting an access token to get the user id and app id. This is also very likely a massive breach of Facebook policy.
To get an access token in the first place you have to have access to the user and the app id anyway so you shouldn't need to do this. If you don't actually have access to the user or the app id then my guess would be you probably shouldn't even have their access token and have probably obtained it 'illegally'...
This is actually a very simple task, if you look closely at the access token itself. It consists of 3 segments, separated by a pipe character, |:
APP_ID|SOME_STUFF.NUMBER-USERID|SOME_MORE_STUFF
I'm not sure what SOME_STUFF, NUMBER, and SOME_MORE_STUFF are; presumably timestamps, signatures, or other encoded data that facebook uses to keep track of the access_token's validity and so on.
Unless you've obtained the acces_token in question by fowl means, I don't see a problem with being able to access the APP_ID and USER_ID from them (and neither does Facebook, apparently). So all I'll say on that is be responsible :)
The other thing to keep in mind is that this isn't a standard or anything, and is subject to change. So, watch out for that, too.
you don't have to decrypt accesstoken
As far as AppID is concerned,you should get it from facebook whn you make an app there,its your id to connect to facebook.
facebook sends the userId along with accesstoken..
just check your cookies in browser or in oauth case check entire string returned when request for acess token.
Are you sure you're talking about the Access Token here and not the signed request?
When you're Facebook Application is loaded you have a signed request object, which has the information I believe you are looking for (however if the user has not authorized your application their user ID will not be in the signed request, Facebook security)
The only way currently available is to use to Facebook Access Token Lint Tool.
You can consider to automate the process.