Facebook Access Token - using the access token in PHP with JavaScript auth - facebook

I use the JavaScript authentication on my website but I want to get hold of the access token in PHP so that I can store the user's email address.
Is there a quick and easy way to this without using the PHP libraries?
Thanks!
PS - I know how to get the access token in JS:
FB.login(function(response) {
if (response.session) {
if (response.perms) {
} else {
// user is logged in, but did not grant any permissions
alert("No Permission..");
}
} else {
// user is not logged in
alert("Please login to facebook");
}
}, {perms:'read_stream,publish_stream,offline_access'});

You don't need the PHP libraries: you just need to extract it from the facebook cookie. Previously answered at Where to find the Facebook cookie?, which points at a quite nice writeup at http://publicvoidlife.blogspot.com/2011/01/quick-and-easy-facebook-integration.html

Related

Initiate login for custom stories

I have created a custom story to be posted on facebook timeline when user clicks on a share button.
While i was logged into facebook, I could successfully post on timeline using the following code
function postLike() {
FB.api(
'https://graph.facebook.com/me/og_pricepan:compared',
'post',
{ product: objectToLike,
privacy: { 'value': 'SELF'}
},
function (response) {
if (!response) {
alert('Error occurred.');
} else if (response.error) {
document.getElementById('result').innerHTML =
'Error: ' + response.error.message;
} else {
document.getElementById('result').innerHTML =
'<a href=\"https://www.facebook.com/me/activity/' +
response.id + '\">' +
'Story created. ID is ' +
response.id + '</a>';
}
}
);
Now, when the user is not logged into facebook, I get the following error:
Error: An active access token must be used to query information about the current user.
Shouldn't the login window get open by itself asking the user to login into facebook or I need to do something on my end to handle this situation?
Also, do i need to submit my application for review before users can create custom stories from my website to their timeline?
Shouldn't the login window get open by itself asking the user to login into facebook or I need to do something on my end to handle this situation?
No. You need to explicitly login the user by following the Facebook Login Flow to request an access token
Also, do i need to submit my application for review before users can create custom stories from my website to their timeline?
Yes and No. No, because it's not like you will have someone from Facebook Support Team going through your app to make sure your app ticks all the boxes. Yes, because you will need to register your app with Facebook. So, technically all you need to do is register with Facebook as a developer and register your app in order to get an app secret and API key. You can have your app in "Sandbox mode", create test users and test your integration with Facebook before you publish it live. There's few requirements you need to meet before publishing it, such as providing set of logos of a specific size, etc. Here's a blog explaining part of the process, but really, the process is very straight-forward and you should be able to get through easily by yourself.
Now, the error you are getting says it all. There's no user logged in to facebook. The endpoint you are trying to post to, requires a active valid access token, if it doesn't exist then there's no context, no user authenticated and you need to explicitly authenticate the user by invoking the login dialog...
FB.login(function(response) {
if (response.authResponse) {
// The person logged into your app
} else {
// The person cancelled the login dialog
}
});
If you need to know whether a user is logged in or not, you can follow to simple approaches:
1.By invoking the FB.getLoginStatus function
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
var uid = response.authResponse.userID;
var accessToken = response.authResponse.accessToken;
}
else if (response.status === 'not_authorized') {
// the user is logged in to Facebook,
// but has not authenticated your app
}
else {
// the user isn't logged in to Facebook.
}
});
2.Or, by subscribing to the auth.authResponseChange event when initializing the framework and setting the status option to true
There's a full-legged tutorial on Facebook Developers Site for Javascript SDK explaining both approaches.
Hope it makes sense

How do I create a custom login url for Facebook graph API?

I want to get the user name and creds from a Facebook user so he can authenticate as a user against my application. Right now, getLoginUrl returns a site at Facebook, which works. How do I avoid the user jumping from my site to Facebook? Can I show a custom form to get the username and password and send that to FB directly?
You have to use the FB.login function from the Javascript API for this,
function fbAuth() {
FB.login(function(response) {
if (response.authResponse) {
alert('User fully authorize the app.');
} else {
alert('User canceled login or did not fully authorize the app.');
}
}, { scope: 'email,friend_likes' });
}
then you can call it with an onclick event or any other method you want:
Login
Documentation: https://developers.facebook.com/docs/reference/javascript/FB.login/

How to set Facebook Access (from server) in JavasScript SDK

If I am using the server side flow to authenticate a user and acquire an access token, how can I set that access token in the JavaScript SDK and use it to make calls from the client side?
Once the user has finished the server side authentication flow the user is already authorized for your app, all you need to do is to use the FB.getLoginStatus method:
FB.getLoginStatus(function(response) {
if (response.status === "connected") {
console.log("authResponse: ", response.authResponse);
FB.api("me", function(response2) {
console.log("Hey there " + response2.name);
});
}
else if (response.status === "not_authorized") {
// user is logged in to facebook but hasn't authorized your app, should not happen if he went through the server side authentication
}
else {
// user is logged out of facebook, also should not happen
}
}
As you can see you can simply use the js sdk to query the graph, there's no need to get the token manually, but in case you still need it, the authResponse should have the following format:
authResponse: {
accessToken: "aaaaaaa",
expiresIn: "bbbbbb",
signedRequest: "cccccc",
userID: "dddddd"
}
Edit
If the user is logged into facebook and has allowed and interacted with your app then yes the getLoginStatus should return a valid access token.
There are a few cases in which this is not the case, one of them being that the token has expired.
As it states in the Handling Invalid and Expired Access Tokens:
Desktop Web and Mobile Web apps which implement authentication with the Javascript SDK
Calling FB.getLoginStatus() or ensuring status: true is set when you
call FB.init() means that the next time a user lands on your
application and is signed into Facebook, the authResponse object you
are passed as a result of those calls will contain a fresh, valid
access token.
In this case, its simply the act of the user using your application
which implicitly generates a new access token.

Facebook Ask new permissions

I've an application that only asks for "user_about_me". Now I want to ask for new permission (publish_stream) but the response object returns "connected" if the user ignores the new permission. Because I want to post to the user's wall I'll get an error when posting to the user's wall "The user hasn't authorized the application to perform this action".
How can I do this?
I'm using Javascript SDK.
Basically you have to handle all the possibilities for user permissions/authorization when a user logs in. Here is a simplified working example from some FB integration I have done:
FB.Event.subscribe('auth.login', function(response) {
if(response.status === 'connected'){
FB.api('/me/permissions', function(resp) {
if(resp.data[0].publish_stream){
//User has permissions and authorization
}
else{
//User has not enabled publish stream, ask them to enable permission
}
}
}
If they have the permissions, I show them their avatar/username and some other options. If not, I present a link that asks them for the required permissions when clicked.

How can i add properties to a facebook application dialog?

How can i add properties (related to the user data access) to a facebook application dialog? for example not only access his basic information, but also to access other personal properties?
When you ask a user to authorize your application it includes all the basic user data, plus public data the user shares.
If you want any other permissions you need to ask for them while authenticating the user or later on when you need them.
In order to ask for them in the auth process use this tutorial: Server-Side Authentication and the OAuth Dialog tutorial.
If you want to ask for more permissions after the user has already authorized your app you can do it in a very simple way using the js sdk:
FB.login(function(response) {
if (response.authResponse) {
console.log("user logged in, auth response: ", response.authResponse);
FB.api("/me/permissions", function(res) {
console.log("permissions: ", res);
});
}
else {
console.log("User cancelled login or did not fully authorize.");
}
}, { scope: "email,publish_stream" });