I'm building a flex application using the http://code.google.com/p/facebook-actionscript-api/ library.
Is it possible to get all the comments for an OBJECT_ID (https://graph.facebook.com/OBJECT_ID/comments) without the current user being logged in facebook. If it is, please tell me what the OBJECT_ID needs to be (post in public group or something else).
Thanks in advance.
blz
You need to request the offline_access permission. It will give you an access token that won't expire. Save it in your database and use it for your connections and it will work without the user.
More: http://developers.facebook.com/docs/authentication/permissions/
I believe Object_ID is the user, and they do not have to be logged in for you to acquire this
But...
What you probably will require is authentication of your request. I believe FB now requires that you register your webapp with them to get the necessary OAUTH signature. I think this is as of F8 2010.
Related
To be able to post to a group page I need an oauth access token that lives forever. Is the only way to do this is to create a Facebook app and use the client-id of it and other parameters to grab this? How do I give permission to the app to post to the actual group though? If someone can list the steps on how to do this, that would be great.
Facebook access_token lifecycle (including extension/refresh, etc) are well documented here: https://developers.facebook.com/docs/facebook-login/access-tokens#extending
I'm trying to implement facebook connect to my website, and i have couple questions.
1: Is it possible to register user in my website using his current facebook email/password.
Let's say user clicks on link Register via facebook and then he have to give me permisions to access his password, email, etc... and after that is done i put that info in my own database and he will be able to login with that account any time he wants without needing to give me permisions any time in the future.
2: If that kind of registration is not possible, what's other solution would be the best for me? Because i need to somehow keep track of that user who logged in with facebook, because he can upload photos, send messages etc.
Anyways, i'm quite new with facebook and similar things, so i'm really lost here, hope some one can help me :)
EDIT Thank you all for wonderful answers it helped me a lot, now all that's left is to read documentation :)
Yes it is, it is possible to get the information of the user. But it is rather complicated, when you have never dealt with it.
First you need to send the user to the following link:
https://m.facebook.com/dialog/oauth?client_id=your-client-id&redirect_uri=xxx&scope=listof-information-you-want
Facebook will then return your client to the uri specified, if the user rejected it will give a reason. If it is not you will get an code in urlencoded format.
This code is needed for the following step, the request of the access token:
https://graph.facebook.com/oauth/access_token?redirect_uri=xxx&client_id=xxx&client_secret=xxx&code=xxxx
This will give back an access token, if the authorization didn't fail.
After that you can ask for the information you want:
https://graph.facebook.com/me?method=GET&metadata=true&format=json&access_token=access_token
This will include a facebook uid, which is unique for all users. Store it and you can discern between a register and login.
This is roughly the process for any oauth2 application.
Facebook will not ask repeatedly for permissions after the user granted them to you. So you can store the access token and reuse it for backend stuff and also use the same procedure you use for register for login.
You can never access the user's password from Facebook even with his/her permission, so the user will always have to authenticate via Facebook and have Facebook pass you the user id of the logged in user once authentication succeeds. You can store all kinds of other data locally, but not enough to authenticate the user yourself.
Once the user is authenticated, you'll have access to the user's Facebook user id via the API, which should be enough to connect all kinds of information to that specific user.
Facebook does not provide access to accounts when passwords are taken from your controls. It provides it own canvas for login information. Therefore you cannot use your first approach to store passwords in your databases. Check this out.
You can however store email addresses once user logins into his account using the facebook sdks. Check this out link for the example of C# SDK sample code.
You can use the Facebook APIs to fetch user email-id, photos, friendslist and other information and then play around accordingly.
You don't get access to the users password - only email if you ask for it.
Best way would be to have a table of users and their Facebook account id's.
If you want to allow users to sign up without Facebook then have a nullable field for their password and facebook id, and also have a field for username - which you could populate from Facebook if they register via that route.
I can request an access_token upon supplying an offline_access scope parameter to oauth. I can execute OpenGraph commands that require an access_token just fine when logged out of Facebook, and when I log back in, I don't need to create a new one.
According to this blog post, offline_access is (getting?) deprecated.
Confusions:
Why doesn't the authentication dialog display that I am requesting offline access when authenticating a user?
Is it currently safe to rely on persistent access_tokens?
Clarification greatly appreciated!
The Facebook API generally shouldn't be accessed when the user isn't online. You can update the access token anyways, and that should be good enough.
From: http://developers.facebook.com/blog/
There are no changes required for most apps, but developers utilizing
the 'offline_access' permission will have until May 1, 2012 to update
their apps.
You have some time....
Using the above libraries, I can get the details of a user, his authorisation, his friends, but only once: I need to store the access_token and key in database, so the user can access his friends walls or other public details.
Can anyone help?
(I have used OAuth for Twitter and Tumblr, but I can't get it for FB).
https://developers.facebook.com/docs/authentication/
Be careful with saving the token. When not requesting all-time permission, it expires in a certain time (what might be your problem)
When using a canvas app (the ones integrated in apps.facebook.com) requesting another token is quite simple. Facebook posts a signed_request parameter to your app whenever a user accesses it (https://developers.facebook.com/docs/authentication/signed_request/).
Decode it, pass it to the Graph API, profit.
if you need a generic access_token without a login... you can use $appID ."|". $secKey
this is called a APP access token, so it would be logged in as the "Application" not a user
!!! make sure you use this on https://graph.facebook.com/ !!!
hints the "https://" for secure SSL connection
but the API already determines this.
I was wondering if its possible to get LOGGEDin facebook user_id once they visit my website, without click on any login or fb.connect or even using API ? can we get facebook logged user_id ?.. cheers
You can not get the logged in facebook user_id without using the API because it not only violates the browser's security, but also Facebook's (not to mention the user's privacy).
Yes, you can use the javascript API. Use the FB.getLoginStatus function. If they are logged in, the session will contain their user ID.
You seem to be confused, let me try to clear a few things up.
When you say "without the API" what you seem to mean is "without them giving permission." Even if you don't use "The API", you'll still be required to get permissions before you're able to get access to their account data using your access token.
If you're looking for ways to have Facebook stuff on the page that doesn't require authentication, try Facebook's Social Plugins: https://developers.facebook.com/docs/plugins/ Basically, they run inside of a Facebook , so the user is interacting with a Facebook widget on your page, but your server doesn't get any access to their data.