Facebook Graph API problem - facebook

I've got some trouble with Facebook authentication. Even when I'm logged, the function getUser() returns 0
Here's my code :
$fb_params = array(
'appId' => APP_ID,
'secret' => SECRET_ID
);
$fb = new Facebook($fb_params);
echo $fb->getUser(); // UID
Someone's got an idea?
PS : 'I can no long access to $fb->api('/me'), it says it requires an access_token, I think it's linked to the authentication issue...'
Thanks

You are currently not authenticating as a user, only as an application. As a result, the Facebook API can't show you the /me page or respond to a getUser() call since it doesn't know what user you are trying to access the API on behalf of (ie. "Who is /me?"). You will also only be able to access publically-accessible information.
You need to get a user to authenticate your application through Oauth2, store the access_token you are returned, and then include it in any future calls (eg. WIRQjCey1.3600.1309525200.0-509450630|eD6SAR">https://graph.facebook.com/me?access_token=2227470867|2.AQB-_WIRQjCey1.3600.1309525200.0-509450630|eD6SAR...).
To do this using the PHP SDK you can do
$loginUrl = $fb->getLoginUrl();
echo "<a href='$loginUrl'>Login with Facebook</a>";
Clicking that link and having the user authenticate will store the access_token to the $_SESSION, and when you hit refresh the "new Facebook( $fb_params );" constructor will pick out the access token from the $_SESSION and use it for all future calls, so then calls like $fb->getUser(); will return correctly.
There's a functioning example in the examples folder of the SDK, here:
https://github.com/facebook/php-sdk.
You can use it to try calls while authenticated as an application (public data access only), and then as a user.

Related

Return User Token instead of Access Token

I'm using the php-sdk to create a session upon login of my site thru fb. Upon login, the user will be redirected to a file called fb_redirect.php. On that page, there is the following:
$facebook = new Facebook(array('appId' => '123456789',
'secret' => '123456789',
'cookie' => true));
$access_token = $facebook->getAccessToken();
//$facebook->setAccessToken($access_token); // you do not need to set the token if there is one, so this should be conditional to if your switching tokens or setting a token from an external sdk.
When the
$access_token
is echoed here, it display the user token. But, on another page, I need to take advantage of the publish_actions permission that my app has requested and post a custom action to the user's timeline. For that to happen, I need the access token to be set to the user token. But, for some reason, on other pages the $access_token is always set to the access token and not the user token. How can I manually set it back to the user token?
If you use the server-side flow, then you have to save it somewhere (a cookie, or a server-side session, or a DB table), and load it back when the user comes back.
Quick and dirty method, this does not handle expiry.
if (!$_SESSION['fb_YourAppID_access_token']) {
$access_token = $facebook->getAccessToken();
if ($access_token) {
$_SESSION['your_token'] = $access_token;
}
}else{
$access_token = $_SESSION['fb_YourAppID_access_token'];
$_SESSION['your_token'] = $access_token;
}
this will look for existing token in browser, if not found it will ask the php sdk what the current token is, if there is a token in the sdk, it sets your session token to the current access token, if not it will save it blank.

how to post facebook user wall/ page status by a single user only no app install for other users

I am working on a site and i need to post page links from that site to a special user wall or page if something is published on it which means i only need one user to post that question.
the problem which i am facing is access token since i am not trying to show facebook login page in front of website traffic. its not like sharing on user wall we are basically trying to post status on a page automatically so any help for this problem will be appreciated.
i am using the following code which seems to work fine as long as the access token for the page is valid but i need to make something permanent so that i can add all the info in the php code hardcoded and it work for some weeks at-least without changing the api key or token
$appid = 'code';
$appsecret = 'code';
$wall= $pageId = 'code';
$token='page token';
$facebook = new Facebook(array('appId' => $appid, 'secret' => $appsecret, 'cookie' => true));
$params=array( 'message' => $msg,'name' => $title, 'caption' => $title, 'link' =>$uri,'description' => $desc, 'picture' => $pic, 'access_token' => $token,'actions' => json_encode(array('name' => $action_name,'link' => $action_link)) );
$result = $facebook->api($wall.'/feed/','post',$params);
if i make token from the graph api debug page then it works fine but after some time i got the message "OAuthException: An active access token must be used to query information about the current user."
i am really desperate to find something solid for it.
thank you
You can write a backend script (maybe a cron job using the FB PHP-SDK) that runs as the special user and makes the desired FB api calls. For this, you will want to use a long-lived access token, which needs to be renewed every 60 days. You might also try your FB api calls using an App Access Token, which do not expire but also do not support all FB publishing and other operations.
To post to someones wall (or perform any action with the open graph) you must be authenticated with facebook as somebody in their graph or an application that they have granted permission to.
You should look at the permissions that can be set using the oauth scope attribute...
https://developers.facebook.com/docs/reference/dialogs/oauth/
To me it looks like they will need to grant your application publish_stream if you want to write to their friends walls as well as the user that you are authenticated as.
https://developers.facebook.com/docs/reference/login/extended-permissions/

Facebook Logout not Working with offline_access

I am trying to implement the Facebook Login and Logout in my website.
I am using the Facebook PHP SDK.
The code i am using is as follows :
Login
$facebook = new Facebook(array('appId' => APP_ID,
'secret' => APP_SECRET
));
$param = array();
$param["scope"] = array("email","offline_access","publish_stream");
$loginUrl = $facebook->getLoginUrl($param);
Logout
$logoutUrl = $facebook->getLogoutUrl();
The problem is logout url is not being able to logout the facebook user.
When i remove the "offline_access" from the scope parameters the logout Url is working fine.
I have also implemented the above scope in the example.php file in the PHP SDK and the result was the same.
Can anyone provide any help.
I found out my problem. After logging in from Facebook I called the function $facebook->destroySession(); and after that, called the function $facebook->getLogoutUrl();.
Because of the destroySession() function the access_token returned from Facebook got lost and my logout URL generated from the getLogoutUrl() function could not log out the user from Facebook.
After removing the destroySession() function my code is working fine.
I think the problem might be that you are not clearing the session cookie after you log the user out of FB.
1) download the latest php sdk.
2) Make sure you specify the 'domain' parameter when you create the $facebook object.
3) Before you redirect the user to FB logout, clear their session with
$facebook->setSession(null); - alternatively, you can use FB.logout() in the javascript SDK.
Update:
as you are specifying appId and key, also give 'domain' as your domain name.
Examples of setSession:
example1

How do I check if a facebook account is currently logged in before requesting permission for my app? (using php sdk)

I'm using the php sdk v3.0.1.
I am trying to get offline access from users.
When my app requests permission from the user, it does so for the currently logged in user. I'd like to first check if a facebook account is logged in, and if so display a message. for example:
User "John Doe" is currently logged in.
then I'd have a link to "log out" or a link to continue to the permission page.
I was trying this but it always returns 0:
$facebook = new Facebook(array(
'appId' => 'XXX',
'secret' => 'YYYYYYYYY',
));
// Get User ID
$user = $facebook->getUser();
if($user)...
else...
the if statement always fails and then when the else is procesed and I send them to the login page, it requests permission for the currently logged in user (which I don't want).
I've searched extensively and can't find an answer. :-/ Any help or suggestions would be appreciated. I'm completely new to the facebook api.
Basically you would like authentication and permission requests to be separate. Correct me if I'm wrong about that. So you can just send users through a plain authentication step:
$loginUrl = $facebook->getLoginUrl();
and then later send them through again with the proper permissions.
$arg['req_perms'] = "[permissions here]";
$loginUrl = $facebook->getLoginUrl($arg);
This will get you a separate login and permission request step.

Prevent signups with Facebook proxy email

Problem is, when a user clicks on FB Login button on my site, Facebook API throws him with a window which ask for access permissions(which is the usual flow). But when the user chooses the proxy mail address (anonymous), then I want to force the user to login only using his real email id.
How am I supposed to handle this ?
I can detect that user used proxy email and prevent him from registering, but then I can't remove my app from his list of authorized apps - meaning I can't get him to that initial dialog for choosing which email he will provide.
You can't force the user to go through the authorization dialog again, because as far as Facebook is concerned, the user has installed your application and nothing else needs to happen. The best thing you can do here is write your own form which informs the user that the Facebook proxy e-mail address is unacceptable and you need a real e-mail address. Unfortunately, this does not force the user to give you their Facebook account e-mail address, or even a real e-mail address. This is the best we have via Facebook though, and it's just something we have to deal with.
UPDATE 5/10/11
I was browsing around the Facebook documentation, and found a method that exists in the old Legacy REST API which actually allows you to remove extended permissions for your app from a user. I think you could use this exact API call to manage getting non-proxy addresses from your Facebook user, while still using the native install dialog.
I tested this using the FB JS SDK and it worked! The method you need to use is the auth.revokeExtendedPermission method. Here are 2 examples of calling that method via the JS SDK and the PHP SDK.
Javascript:
<script>
FB.api({
method: 'auth.revokeExtendedPermission',
perm: 'read_stream'
}, function(response)
{
console.log(response)
});
</script>
PHP:
<?php
$facebook->api(array(
'method' => 'auth.revokeExtendedPermission',
'perm' => 'email',
'uid' => $uid
));
Because these use the Legacy REST API they're not as "supported" as the new Graph API. I've not seen anything regarding migrating this feature to the Graph API. Hopefully they will.
Invoke revocation of the app through graph api (as below) with the php sdk then redirect user back through your dialog with this non-proxy requirement explained.
private function revokeAccess() {
$access_token = $this->facebook->getAccessToken();
$result = $this->facebook->api(array(
'method' => 'auth.revokeAuthorization',
'uid' => $this->{facebook id here},
'access_token' => $access_token
));
return $result;
}
This code is php.
This completely removes the app.
Returns 1 on success; 0 on failure.
$this->facebook == facebook object from the facebook php sdk.