Facebook Graph API - Same access token for all users - facebook

I have been madly trying to get access token for my users since long. I read at many sites to get it somehow by using getSession() and getting access_token from it... it gives me undefined function error.. I googled that too and all solutions said to use the updated SDK but mine is updated and it still won't work... so I finally got another solution to getting access token but this seems to be giving same access token for all users... any idea where the problem lies? All users certainly can't have same token right?
$app_id = $facebook->getAppId();
$app_secret = $facebook->getApiSecret();
function callFb($url, $params)
{
$ch = curl_init();
curl_setopt_array($ch, array(
CURLOPT_URL => $url,
CURLOPT_POSTFIELDS => http_build_query($params),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_VERBOSE => true
));
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
$params=array('client_id'=>$app_id, 'type'=>'client_cred', 'client_secret'=>$app_secret);
$url = "https://graph.facebook.com/oauth/access_token";
$access_token = callFb($url, $params);
$access_token = substr($access_token, strpos($access_token, "=")+1, strlen($access_token));

The issue is that you are asking for type=client_cred, which tells Facebook that you don't want access token for a user, but an access token for the app. This is used for doing things like accessing insights, the realtime updates API, and public data. If you want to get user data, you should not be passing that flag.
If you really do want to roll your own access to the Graph API, you can certainly do that, following the instructions at https://developers.facebook.com/docs/authentication/ .

You say you're using the PHP SDK but I don't see any mention of it anywhere in your code.
The proper way is this:
<?php
require('facebook.php');
$fb = new Facebook(array('appId' => APP_ID, 'secret' => SECRET));
$user = $fb->getUser();
// if we have a valid user, we're logged in
if ($user)
{
// do stuff with the API using the $fb object
}
else
{
// redirect the user to the authentication page
header("Location: ".$fb->getLoginUrl());
}
Example largely paraphrased from Facebook's SDK Github.

Related

Login on facebook sdk without callback

I would like to know if it's possible to login on Facebook api without a callback URL.
What I want to do is really "simple":
- Login on Facebook.
- Post or Delete on the wall.
- Logout of Facebook.
This is my code for login and post:
$fb = new Facebook\Facebook([
'app_id' => 'xxxx',
'app_secret' => 'xxxx',
'default_graph_version' => 'v2.5',
]);
$helper = $fb->getRedirectLoginHelper();
$permissions = ['publish_actions'];
$loginUrl = $helper->getLoginUrl(null, $permissions);
echo 'Log in with Facebook!';
try {
$accessToken = 'xxxx';
//$accessToken = $helper->getAccessToken();
//echo 'Log in with Facebook!';
$linkData = [
'link' => 'http://www.desarrollolibre.net/blog/tema/50/html/uso-basico-del-canvas',
'message' => $model->value,
];
$response = $fb->post('/feed', $linkData, $accessToken);
$graphNode = $response->getGraphNode();
The problem here is that I have to specify the access token getting directly from developers app, because $accessToken = $helper->getAccessToken() returns nothing to me.
Any help will be appreciate.
You can't "auto-login", you have to implement a proper login process. If you want to automate things (and you really should not autopost, because that is not allowed), you need to store a User Access Token somewhere and use it later. You may want to use an Extended User Token for this, because the default one is only valid for 2 hours. The Extended User Token is valid for 60 days.
More information about Tokens and how to generate them:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/

CodeIgniter and Facebook Connect

I am trying to integrate my Codeigniter website with the Facebook PHP SDK. What I want to do is let a user share an article from my site on their facebook wall, if they are logged into a facebook account. My library appears to load correctly, but everytime I try to do something, I get some kind of error... primarily with the auth. getUser does not appear to return the correct results. I set up my facebook application and set the config vars for my library, but no luck. It says I am not logged into facebook. When I click on the "login" anchor, the link takes me to the same page, but with the facebook url, and doesn't ask me to login with the app. Here's my code:
function facebook($article_id){
$config = array(
'appId' => '276870792431073',
'secret' => '8d49eee575413fb9a8063d22f65dbf6a'
);
$this->load->library('facebook', $config);
$user = $this->facebook->getUser();
if($user){
try {
$user_profile = $this->facebook->api('/me');
} catch (FacebookApiException $e){
error_log($e);
$user = null;
}
}
if($user){
$article = $this->article->fetch_article($article_id);
$config = array(
'message' => 'I just read an '.anchor('articles/'.url_title($article['title']).'/'.$article_id, 'article').' on '.anchor('', 'TrackTheOutbreak.com').'!',
);
$this->facebook->api('/me/feed', 'post', $config);
} else {
$data['MESSAGE_TITLE'] = 'Authentication Error';
$data['MESSAGE_TEXT'] = 'You must be logged into an existing Facebook account to use this feature. Click '.anchor($this->facebook->getLoginUrl(), 'here').' to login.';
$this->parser->parse('error_body.tpl', $data);
}
}
In order to access a users information and post anything to their wall you first need to get a access token from them. To do that you need to make sure that you have gained their permission through Facebook's FB_login (and then Open Graph). I would double check with this guide and make sure that you have everything set up properly to post to their timeline.
https://developers.facebook.com/docs/reference/javascript/FB.login/
I hope this helps

Get photos with graph api

I've read a lot of tutorials/articles/questions here about this, as well as trying to find something useful in the fb documentation.
So far I've made no progress at all myself so any input would be greatly appreciated, I'm simply trying to access a list of my photos but all I get is an empty array.
I know I've added more req_perms than I need probably, I just copied the ones from a "working tutorial" that didnt work for me, and after reading a thread here I also added user_photo_video_tags because that had worked for the thread poster (again, not me).
I've gotten the dialog to allow photos sharing my photos with my app, login works without any problems, the access token I get seem to be correct, after logging in I have visited:
https://graph.facebook.com/me/photos?access_token= and the token, and gotten an empty array, if I wasnt logged in or the access_token wasnt linked to my app there would be some error, but all I get is an empty array.
Thanks in advance for any input.
Thanks to Chaney Blu I was able to validate my permissions:
{
"data": [
{
"installed": 1,
"status_update": 1,
"photo_upload": 1,
"video_upload": 1,
"create_note": 1,
"share_item": 1,
"publish_stream": 1
}
]
}
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
require_once 'library/facebook.php';
$app_id = "xxxxxxxxxxxxxxxx";
$app_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$facebook = new Facebook(array(
'appId' => $app_id,
'secret' => $app_secret,
'cookie' => true
));
$loginLink = $facebook->getLoginUrl(array(
'scope' => 'user_status,publish_stream,user_photos,user_photo_video_tags'
));
$logOutLink = $facebook->getLogoutUrl();
$user = $facebook->getUser();
if ($user) {
try {
// User logged in, get token
$token = $facebook->getAccessToken();
//var_dump($token); dumped successfully
// Get public profile info
$user_profile = $facebook->api('/me');
//var_dump($user_profile); dumped successfully
$photos = $facebook->api('/me/photos?access_token=' . $token);
var_dump($photos); // Empty array, BAH!
} catch (FacebookApiException $e) {
$user = null;
}
}
?>
Click here to login if you aren't autoredirected<br /><br /><br />
Click here to logout
Not sure if this is the problem, but try this. It appears you're using the latest PHP SDK. In your getLoginUrl(); calls, try changing 'req_perms' to 'scope'.
Like this:
$loginLink = $facebook->getLoginUrl(array(
'scope' => 'user_status,publish_stream,user_photos,user_photo_video_tags'
));
You can verify that you've authorized the correct permissions by visiting https://graph.facebook.com/me/permissions/?access_token=XXXX
After testing some other permissions I noticed facebook weren't updating the permissions to my token, even when logging out of the app, logging in again and accepting new permissions nothing changed when I looked at the Graph permissions link I got from Chaney Blu.
I used that link to verify the token from facebooks graph api page http://developers.facebook.com/docs/reference/api/ and noticed that token had access to user_photos but not my token.
Going into my facebook settings and removing the app made facebook update my permissions the next time I signed into the app.
Thanks to Chaney Blu for putting me on the right track. Would vote you up if I had the reputation.

How to login with OFFLINE_ACCESS using the new Facebook PHP SDK 3.0.0?

with the old (2.x) SDK I used this to log someone with offline_access:
$session = array
(
'uid' => $userdata['fb_uid'],
'sig' => $userdata['fb_sig'],
'access_token' => $userdata['fb_access_token']
);
$facebook->setSession($session);
In the new SDK this function doesnt exist anymore. I think I need to login using:
setPersistentData($key, $value)
but this function is protected and I dont know what 'code' is? Do I need this to log the user in or not? And what's going on with 'sig'? Don't I need this anymore?
Hope someone already figured this out because the documentation really doesn't help!
With the Facebook PHP SDK v3 (see on github), it is pretty simple. To log someone with the offline_access permission, you ask it when your generate the login URL. Here is how you do that.
Get the offline access token
First you check if the user is logged in or not :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
// The access token we have is not valid
$user = null;
}
}
If he is not, you generate the "Login with Facebook" URL asking for the offline_access permission :
if (!$user) {
$args['scope'] = 'offline_access';
$loginUrl = $facebook->getLoginUrl($args);
}
And then display the link in your template :
<?php if (!$user): ?>
Login with Facebook
<?php endif ?>
Then you can retrieve the offline access token and store it. To get it, call :
$facebook->getAccessToken()
Use the offline access token
To use the offline access token when the user is not logged in :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$facebook->setAccessToken("...");
And now you can make API calls for this user :
$user_profile = $facebook->api('/me');
Hope that helps !
With PHP SDK 2.0 (I guess), I just use it like
$data = $facebook->api( '/me', 'GET', array( 'access_token' => $userdata['fb_access_token'] ) );
This should work with the newer one to as it seems to be more of a clean approach than rather setting up sessions by ourself. Can you try?
Quentin's answer is pretty nice but incomplete, I think. It works nice, but I for example getUser() isn't working in that time because userId (which is getUser() returning) is cached.
I have created a new method to clear all caches and save it persistently.
public function setPersistentAccessToken($access_token) {
$this->setAccessToken($access_token);
$this->user = $this->getUserFromAccessToken();
$this->setPersistentData('user_id', $this->user);
$this->setPersistentData('access_token', $access_token);
return $this;
}

Facebook Graph Api - Posting to Fan Page as an Admin

I've setup a script which allows users to post messages to a fan page on Facebook. It all works but there's one small issue.
The Problem:
When the post is added to the page feed it displays the posting user's personal account.
I would prefer it to show the account of the page (like when you're admin of the page it says it came from that page). The account I'm posting with have admin rights to the page, but it still shows as a personal post.
HTTP POST
$url = "https://graph.facebook.com/PAGE_ID/feed";
$fields = array (
'message' => urlencode('Hello World'),
'access_token' => urlencode($access_token)
);
$fields_string = "";
foreach ($fields as $key => $value):
$fields_string .= $key . '=' . $value . '&';
endforeach;
rtrim($fields_string, '&');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
$result = curl_exec($ch);
curl_close($ch);
To post as Page not as User, you need the following:
Permissions:
publish_stream
manage_pages
Requirements:
The page id and access_token (can be obtained since we got the required permissions above)
The current user to be an admin (to be able to retrieve the page's access_token)
An access_token with long-lived expiration time of one of the admins if you want to do this offline (from a background script)
PHP-SDK Example:
<?php
/**
* Edit the Page ID you are targeting
* And the message for your fans!
*/
$page_id = 'PAGE_ID';
$message = "I'm a Page!";
/**
* This code is just a snippet of the example.php script
* from the PHP-SDK <http://github.com/facebook/php-sdk/blob/master/examples/example.php>
*/
require '../src/facebook.php';
// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
'appId' => 'app_id',
'secret' => 'app_secret',
));
// Get User ID
$user = $facebook->getUser();
if ($user) {
try {
$page_info = $facebook->api("/$page_id?fields=access_token");
if( !empty($page_info['access_token']) ) {
$args = array(
'access_token' => $page_info['access_token'],
'message' => $message
);
$post_id = $facebook->api("/$page_id/feed","post",$args);
} else {
$permissions = $facebook->api("/me/permissions");
if( !array_key_exists('publish_stream', $permissions['data'][0]) ||
!array_key_exists('manage_pages', $permissions['data'][0])) {
// We don't have one of the permissions
// Alert the admin or ask for the permission!
header( "Location: " . $facebook->getLoginUrl(array("scope" => "publish_stream, manage_pages")) );
}
}
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl(array('scope'=>'manage_pages,publish_stream'));
}
// ... rest of your code
?>
Here the connected $user is supposed to be the admin.
Result:
More in my tutorial
As far as I know, all you have to do is specify a uid (that is, the page's ID) in your call to stream.publish
EDIT
Have a look at impersonation
Because the is the only relevant posting in the google results for "facebook graph won't post to page as page" I want to make a note of the solution I found. You need an access token with manage_pages permissions. Then call
https://graph.facebook.com/<user_id>/accounts?access_token=<access_token>
This will list all the pages the user has access to and will provide the access tokens for each. You can then use those tokens to post as the page.
The Graph API expects the parameter page_id (The Object ID of the Fan Page) to be passed in as an argument to API calls to get the events posted in a Fanpage wall. Not mentioned anywhere in the official Graph API documentation, but it works. I have tested it successfully with the Official PHP SDK v3.0.1
The required application permissions would be create_event and manage_pages
An Example would look something like this:
//Facebook/Fan Page Id
$page_id = '18020xxxxxxxxxx';
//Event Start Time
$next_month = time() + (30 * 24 * 60 * 60);
//Event Paramaeters
$params = array(
'page_id' => $page_id, // **IMPORTANT**
'name' => 'Test Event Name',
'description' => 'This is the test event description. Check out the link for more info: http://yoursite.com',
'location' => 'Kottayam, Kerala, India',
'start_time' => $next_month
);
$create_event = $facebook->api("/$page_id/events", "post", $params);
The answer lies with acquiring a permission of "manage_pages" on the FB:login button, like so:
<fb:login-button perms="publish_stream,manage_pages" autologoutlink="true"></fb:login-button>`
When you get those permissions, you can then get a structured list back of all the pages the logged-in user is an Admin of. The URL to call for that is:
https://graph.facebook.com/me/accounts?access_token=YourAccessToken
I HATE the Facebook documentation, but here is a page with some of the information on it: https://developers.facebook.com/docs/reference/api/
See the 'Authorization' and 'Page Login' sections in particular on that page.
A great resource to put all of this together (for Coldfusion Developers) is Jeff Gladnick's CFC on RIA Forge: http://facebookgraph.riaforge.org/
I added the following UDF to Jeff's CFC if you care to use it:
<cffunction name="getPageLogins" access="public" output="true" returntype="any" hint="gets a user's associated pages they manage so they can log in as that page and post">
<cfset var profile = "" />
<cfhttp url="https://graph.facebook.com/me/accounts?access_token=#getAccessToken()#" result="accounts" />
<cfif IsJSON(accounts.filecontent)>
<cfreturn DeserializeJSON(accounts.filecontent) />
<cfelse>
<cfreturn 0/>
</cfif>
</cffunction>
What this returns is a structure of all the pages the logged-in user is an Admin of. It returns the page NAME, ID, ACCESS_TOKEN and CATEGORY (not needed in this context).
So, VERY IMPORTANT: The ID is what you pass to set what page you are posting TO, and the ACCESS_TOKEN is what you pass to set who you are POSTING AS.
Once you have the list of pages, you can parse the data to get a three-element array with:
ID - ACCESS_TOKEN - NAME
Be careful though, because the Facebook ACCESS_TOKEN does use some weird characters.
Let me know if you need any additional help.
You must retrieve access_tokens for Pages and Applications that the user administrates.
The access tokens can be queried by calling /{user_id}/accounts via the Graph API.
More details:
https://developers.facebook.com/docs/facebook-login/permissions/v2.0 -> Reference -> Pages
This is how I do it with PHP SDK 4.0 and Graph API 2.3:
/**
* Posts a message, link or link+message on the page feed as a page entity
*
* #param FacebookSession $session (containing a page admin user access_token)
* #param string $pageId
* #param string $message - optional
* #param string $link - optional
*
* #return GraphObject
*/
function postPageAsPage( $session, $pageId, $message = '', $link = '' ){
// get the page token to make the post request
$pageToken = ( new FacebookRequest(
$session,
'GET',
"/$pageId" . "?fields=access_token"
))->execute()->getGraphObject();
return ( new FacebookRequest(
$session,
'POST',
"/$pageId/feed",
array(
'access_token' => $pageToken->getProperty( 'access_token' ),
'message' => $message,
'link' => $link,
)
))->execute()->getGraphObject();
}