I have a working Facebook app that most users will use just once. Leading into the Facebook workflow, users indicate if they want their wall to be written to or not. Based on that, I either ask for the publish_stream permission or not.
Later, a small percentage of users will come back and use the app again. Some of the people who previously did not want to write to the wall (and thusly I didn't ask for publish_stream) now want to write to their wall.
How do I request an additional permission after the user has already authorized the app?
Similarly, how can I query a user to list which permissions they have already granted?
It's as simple as adding the new permission to a new fb:login-button:
<fb:login-button scope="publish_stream">
Let me write on your wall!
</fb:login-button>
So for example you have the above hidden in a DIV and if the user tick a checkbox you show the DIV and prompt the new permission!
A good live example of this is on the Facebook Test Console:
Click login to "add" the application
Then click on examples
Under fb.api choose does-like
Now you can see that even after being *connected to the application (test console app), you can actually have another login button to prompt the user!
EDIT:
To check if the user has granted your application a permission, just use this FQL:
SELECT read_stream,offline_access FROM permissions WHERE uid=me()
This would return something like:
[
{
"read_stream": 1,
"offline_access": 0
}
]
To test it, just use the test console posted early.
EDIT 2:
To construct the link yourself without XFBML or Javascript, you just need to add the scope parameter with the additional perms (reference):
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=publish_stream
Or if your are using the PHP-SDK:
$loginUrl = $facebook->getLoginUrl(array(
"scope" => "publish_stream"
));
I was looking at this the other day! If you read through http://developers.facebook.com/docs/authentication, there are several different ways of displaying a little popup box to request extra permissions.
I'm not sure how this works with a Facebook App, but I know on a website using Facebook Connect, if you try to request permissions that the user already has accepted, then the page automatically redirects back to the redirect_url that you set.
Related
Using the Perl module, Facebook::Graph, I have created some basic perl code that can post to my own wall. I can share a photo on my own wall. I can also post a simple wall message to one of the pages for which I am an admin. However, when I try to post a photo to the page, it posts as me, not as the page.
Here is the sample code that posts as me, to the Facebook page. I need it to post as the Page, not as me.
# previously, I obtained my Page's accesstoken, and other credentials
# including the Facebook Page ID
my $fb = Facebook::Graph->new(
app_id => $facebook_application_id,
secret => $facebook_application_secret
);
$fb->access_token($facebook_accesstoken);
my $rstring = $fb
->add_photo
->to($facebookPageID)
->set_message('Look at this really cool photo!')
->set_source('./raw_image_example.jpg')
->publish
->as_string;
print "$rstring\n\n";
I am trying to figure out how to create a post to the wall of a Facebook page, as if it is being posted BY the page, not by me.
I am trying to do that with the CPAN module, Facebook::Graph, located here: http://metacpan.org/pod/Facebook::Graph
I cannot, for the life of me, figure this out. Any help would be most welcomed!
I went through the same trouble, so let me share what I did step by step so it might benefit other people:
After going to developers.facebook.com to create an app, you
go to https://developers.facebook.com/tools/explorer/
There, on the top menu named "Graph API Explorer" you select the app
you just created
Then, on the righthand side, there is another menu named "Get
Token", in which you select "Get Access Token", then a pop-up window
will appear, you to the extended
permissions tab, and check "publish_pages" and "manage_pages"
options and click on "Get Access Token". It will pop-up a window
asking you to confirm you want to grant access to this app. It will
produce a long token.
Then, you select the menu Get Token again, and you will find in this
menu the list of the pages you manage, select the one you want and
it will show its related access token.
Now the token received is only temporary like 2 hours or something.
You want something that last 60 days and renewable, so from your
server you do a curl request:
https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=$facebook_application_id&client_secret=$facebook_application_secret&fb_exchange_token=$facebook_accesstoken
Facebook will output something like this:
access_token=ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ&expires=5184971
Then, you can post as your page using your fine code.
I hope this helps.
Enable manage_pages permission to get a code.
Submit code to get user access token for your account (you are manager or content_creactor) for query everythings.
Queried your account by calling /me/accounts, you will get page access token. one account can manage many pages. So use JSON to choose which one do you want.
Use those page access token to post msg or photo as normal. https://graph.facebook.com/me/feed
(note that it is not /feed) since page access token contain the ID already.
I am following the basic php facebook login example. When I tap the Login to Facebook url, it will prompt the user "MYAPP would like to access your public profile and friend list, and user likes."
I don't need to access the user's friends list or public profile and i'm worried this will scare away the user. I just want the user to be able hit a like button and then get logged in, and have a callback verifying that the like button was pressed.
The sdk says:
https://developers.facebook.com/docs/facebook-login/permissions/#overview:
"During the basic login flow, your app receives access to a person's public profile and friend list"
Any way to do this without asking permission?
Here is my code:
$params = array(
"scope" => "user_likes",
"redirect_uri" => "https://www.myapp.com/post_login_page"
);
$loginUrl = $facebook->getLoginUrl($params);
I guess I'm also confused... Do I really need to register as a facebook app to detect when users like my fanbook page? That seems kind of heavyweight...
My goal here:
open up a browser that presents the user with a big Like button with some text
when they click the like button, ask them to sign in etc
once they successfully Like my fanpage, redirect them to a secret url which adds a record to my database that they liked the page
This doesn't have to be super secure or anything... If someone figures out how to "cheat" it is not the end of the world.
1 set nothing to "scope", you don't need to know your user's like data in this scenario.
2 I guess you do need to have you own facebook app.
3 You can listen to user like event , and then redirect them wherever you want.
I am hosting a Facebook app on Google app engine, I need to make sure the user is logged into facebook before anything.
What I can currently do is display facebook's log in button using fbxml, but I prefer the user would be redirected to Facebook's log in page if he wasn't logged in, then back to my app's main page, this way I can make sure that the user is logged in before doing anything.
I am new to Facebook apps, I read here that I can redirect the user to
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
in order to authenticate him. But using GAE's self.redirect(url) doesn't work, the page stays the same. I was hoping I could do something like this in my handler:
if u'signed_request' in self.request.POST:
facebook.load_signed_request(self.request.get('signed_request'))
if not facebook.user_id:
self.redirect("https://www.facebook.com/dialog/oauth?"+
"client_id={0}&redirect_uri={1}"
.format(FACEBOOK_APP_ID, EXTERNAL_HREF))
return
but as i said earlier this doesn't work.
I'm assuming by 'Facebook App' you mean a Canvas App - so something that will live at https://apps.facebook.com/YOUR_NAMESPACE from a user perspective?
If so, you'll need to add the redirect via Javascript using window.top, as your app is loaded in an iframe. See https://developers.facebook.com/docs/appsonfacebook/tutorial/ and search for 'top', then view the example toward the end of the page.
There are also good examples on the Php Sdk that facebook provides. I like the with_js_sdk.php example. It runs seamlessly and is good to follow.
https://github.com/facebook/php-sdk
http://developers.facebook.com/docs/reference/php/
I'm currently writing a Facebook app that runs in a page tab. I'm writing it as a simple Web Forms app in C#, using the latest version of the C# SDK pulled from NuGet. The main page tab works fine. I get all the info I need from FacebookWebContext.Current.SignedRequest, and I'm fine there. I'm trying to write a page now that the page admin would use to set up the app, so this is the page that would go under the "Edit URL" in the app setup.
All I really want to do is get the currently signed-on user's ID, and determine if he's an admin for the page in question.
I'm doing this:
var client = new FacebookClient();
dynamic me = client.Get("me");
in Page_Load, and getting the following exception:
(OAuthException) An active access token must be used to query information about the current user.
I've tried a bunch of stuff to get the access token, but I don't seem to know what I'm doing wrong. Is there a straightforward way of doing this?
Update:
I figured out at one point that I had a reference to the old JS SDK on my master page, and that was causing a problem. (See here). Removing that got me to the point where I was usually able to see whether or not the user was actually logged in to Facebook.
Try this:
var fbContext = FacebookWebContext.Current;
if (fbContext.IsAuthenticated())
{
var client = new FacebookClient(fbContext.AccessToken);
dynamic me = client.Get("me");
}
As far as I understand, being logged-in in Facebook does not mean FacebookWebcontext.Current.isAuthenticated() == true. What Facebook wants to make sure is that the user has authorized the app. So what you should do is to forward the page to facebook authorization dialogue page (https://www.facebook.com/dialog/oauth?) with necessary permissions. Facebook will determine whether the app has been authorized by the user and redirect to the redirect_uri with a newer access_token issued.
I am in the conversion process of facebook app from fbml to iframe.
Now i am testing using few iframe pages.
$user = $facebook->require_login();
It gives the current user logged in. Once it get the variable from the facebook.com it saves in cookie by the PHP API provided by facebook).
I logged out using another tab of facebook and i tryed using my app without refreshing the whole site (by just using the links inside my app). It still gives the $user variable.
It indicates that user has logged in instead of user logged out.
Please help me out. I want my app secured.
It looks my iframe app accessible when we select "open this frame in new window".
I need a solution for this too.
Thanks in advance.
You are logged in as far as you are logged in facebook. You will have to create custom PHP's session handling. However, if you want to remove the user from application's cookies, you can do this:
//this will clear cookies for your application and redirect them to a login prompt
$facebook->set_user(null, null);
$facebook->redirect($appcallbackurl);
You can use the JavaScript SDK to subscribe to the logout event via FB.Event.subscribe and reload the page if that happens:
FB.Event.subscribe('auth.logout', function(response) {
setTimeout('window.location.reload()', 0);
});
(Wrapping in setTimeout() is required as a work-around for Firefox.)
To prevent users from using "open this frame in new window," you can check if the page is loaded in an iframe with if(window == window.top) or if the signed_request is available. If not, redirect to the tab URL.