I am having problems with the facebook authorization process within my app.
I want to post something on the users facebook page with a dialog which is shown to the user first, and request the "publish_stream" permission.
If I do so the user is redirected every 2 hours to the request page where it says that the user has already allowed this app to do this, which is very annoying for the user....
So my question is what happens if I don't ask about permission to post on the wall, but still show the user the dialog which shows what is posted on his page? is this legal ? can I get any problems what so ever by doing this?
Cause posting on the users wall without asking permission, works just fine.
thanks for the help
The Facebook documentation states that if you prompt for publish_stream, you will be able to post on the users wall indefinitely, and thus you wouldn't also need offline_access.
publish_stream Enables your app to
post content, comments, and likes to a
user's stream and to the streams of
the user's friends. With this
permission, you can publish content to
a user's feed at any time, without
requiring offline_access. However,
please note that Facebook recommends a
user-initiated sharing model.
There is no legal issues there. However users will be pi**ed off.
But when you request a token with offline_access and then use that token for publish_stream, your token will not expire.
Related
I'm using the facebook sdk 2.7 to prompt the user to login in to their facebook account and then to be able to post to their wall from our website. This works fine but each time the user visits the website they need to login again.
I do retrieve the user access token when they login. Can I use this to enable the website to always be able to post to the users wall without them having to log in to facebook each time?
You would need to use an "Extended User Token" for that, it is valid for 60 days. Btw, you are not allowed to autopost and the message always must be 100% user generated. So make sure the user approves and writes every single post.
How to create Extended User Tokens is explained in the docs:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
I'm using an app access token to write to a facebook user's wall (using the facebook graph toolkit in asp.net). i've found that the process works fine if i have publish_stream permission but fails if i only have publish_actions. i would prefer to work only with publish_actions to avoid the second screen permission request.
this issue seems to go against the fb docs which state "Moving forward, we recommend that apps only ask for publish_actions, as this permission encompasses the other two and we want to simplify the model." (https://developers.facebook.com/docs/concepts/login/permissions-login-dialog/)
I'm wondering if anyone else has experienced and overcome this issue.
You need to check out this.
It says-
publish_actions will now include basic publish_stream permissions (including posting on a user's timeline, posting photos/videos, commenting on and liking content), which will appear on the first Auth Dialog screen. With this change, apps that were previously granted publish_stream do not need to request publish_actions.
as you said, BUT-
If you need specific capabilities like posting to a friend's timeline or to groups, you will still need to request publish_stream, which appears on a second screen where users can also opt out.
I'm getting the permissions of the user settings page of the application on myfacebook (publish_stream). Even if the user that permits has logged out how can i send something to is wall (as Formspring)
Per http://developers.facebook.com/docs/authentication/permissions/, after the user has logged out of your app/website, all you need to do is user an "App Access token" to post to that user's wall as long as you do still have publish_stream permissions for that user.
publish_stream
Enables your app to post content, comments, and likes to a user's
stream and to the streams of the user's friends. With this permission,
you can publish content to a user's feed at any time. However, please
note that Facebook recommends a user-initiated sharing model. Please
read the Platform Policies to ensure you understand how to properly
use this permission.
As mentioned in this other question, if a user grants the publish_stream permission, I can publish to that user's wall using an app access_token. I tested that and it works. But I couldn't publish to the user's pages using the app access_token! Am I missing something?
Right now I use the /me/accounts/ connection to get the access_token of the pages, and use that to publish. But this is a huge headache for me and for users because these tokens expire often (when users change their password, ...et), and every time that happens the publish fails and I need to email the user to come login again so I can retrieve a new access_token for the page. It's a bad user experience and I'm trying to find a way around it. The app token works for publishing to users, which is great, but I couldn't find a way to make it work for pages. Any tips?
Edit:
To clarify further, I currently request the manage_pages and offline_access permissions, and then fetch the access_token of each page and use that to publish to it. That works. The main problem is that tokens expire, even with the offline_access permission. The most common reason a token would expire is if the user changes her password. Here is a common error that I get a lot when publishing to Facebook pages.
Facebook error. type: OAuthException, message: 'Error validating
access token: Session does not match current stored session. This may
be because the user changed the password since the time the session
was created or Facebook has changed the session for security reasons.'
To handle this, I email the user and ask them to visit our app again, and when they do I grab a fresh set of access_token to work with. But that's problematic because users are confused about why the error happened and blame us for it, and some users don't open their emails so the problem doesn't get solved and then they're angry later when they discover that our app had stopped weeks ago without them asking it to stop.
That's why I was hoping that I can publish with the app access_token to avoid these problems. Since it works for user profiles, I hoped it would work for pages as well. But so far no luck, unless I'm missing something obvious.
What you're describing used to work - all last year we were able to successfully post to fan page walls using the app access token. In fact, for some of our users, I see it still working. However, I think the other two answers are correct, this is no longer the way to post to pages (see "Page Login" here)
That said, you should be able to store the access token of the page to spare yourself the step of re-querying the users' linked accounts.
Unfortunately, the page's access token will suffer the same fragility as a user's, per the answer here: Facebook Page Access Tokens - Do these expire? . The page access token will expire when the user who gave you that access token changes their password.
To publish to pages, there is an extra step where you use their token to get a list of their pages. Each page has its own token, use that token to post to the page. Keep in mind that when setting up the original token, you need to specify that you need access to pages.
my app does exactly what you're after.
I request both manage_pages and offline_access permissions from a user.
I store the user's access_token.
I ask the user which page (determined by me/accounts) they want a stream item posted to and when.
Later, when it is time to publish to a page's feed, I grab the user's access_token from the database, the pageid, and the message.
Using that user's access token, I query the me/accounts and grab the latest access token for that account (aka page)
Using that page's access token, I me/feed (or is it me/posts...away from my codebase at the moment) post the stream item.
We have users that logged in to our website through Facebook Connect. Now we'd like to contact those users about changes as we indicated in the signup process, but we don't have their email addresses. Only their Facebook ids.
How can we contact them? I understand Facebook removed 3rd parties' ability to send notifications through Facebook's API. We can send them a message through the API either.
So I guess we're left with posting to their wall from a user account of ours. I assume there's a low limit to how often we're allowed to do that and is that even permitted? Or we can make an application request from this designated facebook user account which would show up in their notifications.
Finally, we could manually go to the user's profile page and then click the "send a message" button from our facebook user account... A lot of manual work and I assume this is frowned upon as well. Is there an easy way to find out the profile page URL from a Facebook id?
What's the best approach here where we don't break any rules?
If you are getting stream_publish extended permission in your profile then you can simply post on there wall see this http://developers.facebook.com/docs/reference/rest/stream.publish/
Alternatively this can be a better solution if the user do not granted any extended permission
http://developers.facebook.com/docs/reference/rest/livemessage.send/
you should get "offline_access" from the facebook user requests to post at anytime.