I would like to provide users of my application with ability to upload photos to their Facebook account. The application has a username and password form for the users to fill.
In Graph API, there's a method for uploading photos. But I'm unsure how to authenticate - it doesn't seem to provide a way to supply username and password. It requires access_token.
What's the right way to allow users authenticating and uploading photos using username and password?
It's hard to tell how you want to do this without a sample code or even stating what technology you are using..
Anyway, almost ALL interactions with facebook graph api require an access token and most likely an extended permission.
First of all, for you to post/upload a photo you need:
The publish_stream extended permission
A better understanding of how and where the photo will be uploaded to, this can be done by reading the publishing section in the photo documentation
Now that you have a general idea, in your destination/submission page of your form and when the image is successfully uploaded to your server and it's location is known (obviously), use one of the two answers in this question to upload the image.
P.S: I don't really understand why you need a username & password in first place, but it's your application...
To clarify, the access_token is what you receive after the user authorize your application. So , the provision of username and password only need to be done once, when user first access your app.
You need to redirect user browser or client to : https://www.facebook.com/dialog/oauth... (Refer to https://developers.facebook.com/docs/authentication/ )
Then after you have the access_token, you can just use that for the api call to upload photo to that user.
The authorization process need to be done again when the token is expired.
Related
I have a server-side script, that should upload photo-albums to my facebook app page. How can script obtain page access token?
I know it's possible on client-side, when user logs in into facebook, and then asks for page access token using me/accounts query. But server-side script can not authorize as a user. So how this can be done?
UPDATE: I actually found how the same goal - uploading albums to app page from server-side script - can be achieved in another way, by manually creating never expired page token. It's described in here: https://stackoverflow.com/a/43570120/4050723
But still I wonder, if this can be done programmaticaly, from script.
There is no way to generate a User Token server side, it always needs user interaction. And you do need a User Token to get a Page Token.
You can create an Extended Page Token with an Extended User Token though, as you have found out already.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
I have a scenario, where an authorised user through my application is posting status/uploading pictures via my application by granting required permissions. My application uses graph APIs.
Now, as app administrator if I want to see the content of the post, that the user has uploaded via my application. How do i do it?
I know in graph APIs, I have INSIGHTS api. But, it just gives us the statistics of the posts done via my app or user.
Can i really see the posts?
Assuming as an app admin I only have app access token and app ID. I dont store user access tokens with me.
Actually, I worked on the problem with every possible way. Found out that, even being an APP administrator I will need user access token (stored with me), without which these data shall not be retrieved via APIs.
My need was not to use user access token; But, no Its not possible via APIs as of now.
Several people have asked how to post photos using an app token and the general response seems to be that they should use a user token instead.
However, according to https://developers.facebook.com/docs/concepts/login/access-tokens-and-types/ :
"[y]ou can use app tokens to publish or delete content on behalf of a user who gave your app permissions".
and according to https://developers.facebook.com/docs/reference/api/photo/ :
"To publish a 'photo' object you need
-a valid access token
-publish_stream permission
"
The way I interpret those two statements is that I should be able to POST a photo to .../USER_ID/photos using a valid APP token.
However, when I try to do that I get the message "A user access token is required to request this resource". At the same time I can easily publish to .../USER_ID/feed using nothing but the APP token. It is also possible to submit stories containing "User Generated Photos" with only an APP token.
So an App can do those things with an APP token, but needs a USER-specific token for .../USER_ID/photos? I wonder if this behavior is by design? So far I have not found anything in the documentation to indicate that is the case.
I too was stuck at the same point as mentioned. And the documentation barely helped.
The workaround I used was to take the 'offline_access' permission while logging in and storing that temporary user access token given to the user.
While publishing the photo I used that offline user access token since the app access token didn't work. It worked like it should've although offline_access has been discouraged to be used...it seemed to be the only way for now.
I'm trying to implement facebook connect to my website, and i have couple questions.
1: Is it possible to register user in my website using his current facebook email/password.
Let's say user clicks on link Register via facebook and then he have to give me permisions to access his password, email, etc... and after that is done i put that info in my own database and he will be able to login with that account any time he wants without needing to give me permisions any time in the future.
2: If that kind of registration is not possible, what's other solution would be the best for me? Because i need to somehow keep track of that user who logged in with facebook, because he can upload photos, send messages etc.
Anyways, i'm quite new with facebook and similar things, so i'm really lost here, hope some one can help me :)
EDIT Thank you all for wonderful answers it helped me a lot, now all that's left is to read documentation :)
Yes it is, it is possible to get the information of the user. But it is rather complicated, when you have never dealt with it.
First you need to send the user to the following link:
https://m.facebook.com/dialog/oauth?client_id=your-client-id&redirect_uri=xxx&scope=listof-information-you-want
Facebook will then return your client to the uri specified, if the user rejected it will give a reason. If it is not you will get an code in urlencoded format.
This code is needed for the following step, the request of the access token:
https://graph.facebook.com/oauth/access_token?redirect_uri=xxx&client_id=xxx&client_secret=xxx&code=xxxx
This will give back an access token, if the authorization didn't fail.
After that you can ask for the information you want:
https://graph.facebook.com/me?method=GET&metadata=true&format=json&access_token=access_token
This will include a facebook uid, which is unique for all users. Store it and you can discern between a register and login.
This is roughly the process for any oauth2 application.
Facebook will not ask repeatedly for permissions after the user granted them to you. So you can store the access token and reuse it for backend stuff and also use the same procedure you use for register for login.
You can never access the user's password from Facebook even with his/her permission, so the user will always have to authenticate via Facebook and have Facebook pass you the user id of the logged in user once authentication succeeds. You can store all kinds of other data locally, but not enough to authenticate the user yourself.
Once the user is authenticated, you'll have access to the user's Facebook user id via the API, which should be enough to connect all kinds of information to that specific user.
Facebook does not provide access to accounts when passwords are taken from your controls. It provides it own canvas for login information. Therefore you cannot use your first approach to store passwords in your databases. Check this out.
You can however store email addresses once user logins into his account using the facebook sdks. Check this out link for the example of C# SDK sample code.
You can use the Facebook APIs to fetch user email-id, photos, friendslist and other information and then play around accordingly.
You don't get access to the users password - only email if you ask for it.
Best way would be to have a table of users and their Facebook account id's.
If you want to allow users to sign up without Facebook then have a nullable field for their password and facebook id, and also have a field for username - which you could populate from Facebook if they register via that route.
I am using the Graph API for Facebook on my iPhone application. The problem is, I don't want the user to have to re enter their email address each time they want to login to integrate Facebook with my app. Is there a way to save and auto fill the login information using the Graph API?
Using the Graph API, there is no need for you to store the credentials, more than that, you should NOT store the credentials. As explained in the API dedicated help page the authentication process is handled by a secure token.
Meaning that if the user is already authenticated on Facebook using another application, it might be ( based on authentication process used ) already authenticated within your app.
You might check the token validity by using the isSessionValid method from the Facebook class.
Have a look to the iOS Facebook SSO link, it explains everything you need.