In my application I have collected the access token with offline access to facebook from the users.
I would like to open a facebook user session with this access token if the user logs in to my application so that the user does not have to login to facebook.
How can I do this?
I am not sure how your application is built, so it's hard to give a concise answer.
One way would be to store the access token and user id with the user details in the user database. When the user logs in, you can look to see if these value exists.
If they do exist, you can create a call with something like:
http://graph.facebook.com/$userID/friends?access_token=$userAccessToken
Related
Each user who allow permission to my app will have an access token
or
One access token can handle actions, for example, upload photos to an user album?
I know that an access token can expire up to 60 days,
so do I need save this access token for each user on my database and when request comes from that user, load the access token for him?
Each user who allow the app will have an access token, which will include all the permissions user has granted to your app.Read more about user access tokens here
Each user who allow permission to fb app, will have different Access Token which will be unique.
The Access Token is generated on the basis of browser session from client, AppID and App Secret. In a web server based application, it is not absolute requirement to save application token for user. But application like HootSuite saves user credentials and access token for later use to get facebook feeds and other services.
So it depends on application requirement.
Thanks
Each user sends you another access token in context to use User session of course.
An access token is a random string that provides temporary, secure
access to Facebook APIs.
A token identifies a User, App or Page session and provides
information about granted permissions.
And in User Access context:
You can use this token to perform API calls on behalf of a user,
including reading, publishing and deleting, depending on the
permissions your app has. For example, you can retrieve a user's
friend list or publish a new photo to their timeline with a user
access token.
http://developers.facebook.com/docs/concepts/login/access-tokens-and-types/
Yes, you have to remember this access token if you dont want to reconstruct it. But in many API's this is done "automagically", for e.x. in PHP SDK the access token is stored in user cookie. If you implement more complicated user-flow, you have to remember access token OR regenerate it each time (http://developers.facebook.com/docs/concepts/login/login-architecture/). Remember, that access token will expire and you will have to regenerate it (on the faith of already granted permissions).
FYI: If you want to preserver offline access (executing application activities without user session), you will consider offline_access, but it is deprecated:
http://developers.facebook.com/roadmap/offline-access-removal/
Hope it revealed the problem.
Is it possible to do it with an App access token? I want to make an app that has a lot to do with anonymity so I don't want to have to run the user through facebook login if I don't have to. Is a user access token the only way?
It used to be possible to do a search with no token, but it seems like you now have to use a user token. I've tried with an app access token and it just returns an error saying a user access token is needed.
I want to fetch feed/post/statuses data for a particular user.
But found that it is necessary to have an access token.
My concern is , do we need to have a separate access token for every user to fetch their information or merely with a single access token it is possible?
The access token is used to verify that the user making the call is verified and has the correct permissions to perform that action. Every user has his/her own access token for each application. As the comments say above, access tokens expire after a while, so you have to re-request them when the user logs back into your application.
There is also "long-term" access tokens that can be retrieved by requesting the offline_access permission. In this case the access token is valid for (i think) 30 days or until the user changes his/her facebook password.
All the information you need about access tokens can be found at https://developers.facebook.com/docs/authentication/
An Facebook Graph API access token allows you to do what a Facebook application running as a particular user, with a particular set of permissions (https://developers.facebook.com/docs/reference/api/permissions/), is permitted to do. Some data on other Facebook objects (such as users) may be available with the access token of another user, especially if they are a "friend" of the user in the access token.
For example, suppose the access token specifies User A and permission "friends_birthday". You should be able to query the birthday of user B if (1) user B is a friend of user A, and (2) user B permits his/her friends to see his/her birthday.
I don't know your full scenario, but if you are really just fetching data, you may find it easier to use https://facebookpsmodule.codeplex.com rather than writing your own Facebook application.
I'm building in Facebook integration into my website with the php sdk.
The website use offline_access. According to the Facebook platform rules you have to provide a log out link that logs the user out of Facebook.
What I don't want to do is displaying the log out link if the user is not logged in to Facebook since they may confuse it with the reauthorize button. (If they are not logged in, the link wouldn't do anything...)
Is there anyway I can check if the user is logged in on Facebook?
My thought was to use the getUser() method to see if I got the user, if not then I proceed with setting the access token I have and I would know if the user is logged in or not.
However, the getUser() method checks if the protected $user variable is already set and if so return it. That makes the getUser() method unusable when I've set the access token and need to check again if the app has access.
I guess I could do it super easily by changing the $user variable to public and set it back to null in my app but I don't want to edit the sdk unless I really have to.
I think you should only be showing the "log out" button if the user is both logged in and authorized. In my experience, you normally do not know if the user is logged into Facebook if they have not authorized your app. And anyway, if they click to authorize your app they are prompted to log in at that point if they are not logged in anyway.
Using the php SDK, there are 2 ways to check the users login status:
$facebook->getUser(); // provides user id of logged in user
$facebook->getAccessToken(); // provides access token of logged in user
If you absolutely need to check to see if the user is logged in, then set the access token and check again, nothing is stopping you from creating a separate instance of a facebook object and setting the access token yourself.
However, not sure why you would want to do this, as if you have an access token that was obtained with the offline_access privilege it's always valid (until user deauthorizes or changes password), and if you don't have offline_access, you should use the one that is provided in the signed_request or code.
I wonder is it possible to access user's wall info without passing his/her access token?
for example, I will just pass my app secret token and app id. and FB user already allows to access his/her info from my app. Facebook does the checking and matching of my app and my app's user by just using my app secret token and app id.
Because I found some topics similar to that.
http://forum.developers.facebook.net/viewtopic.php?pid=9172
When I check Rest FB doc,it says like that.
http://restfb.com/javadoc/index.html
public DefaultFacebookClient()
Creates a Facebook Graph API client with no access token.
Without an access token, you can view and search public graph data but can't do much else.
I doubt that it will work or not without access token.
can everyone share me ideas or any possible similar approaches ?
Thanks.
You will need to ask the users to authorize your app for offline access. You will be able to access the user's wall even if the user is offline, but you still need the access token. It is part of Facebook's security measures.
There are two types of access tokens:
Session based: expires in a short term, are used when the user will be logged to FB every time you need to perform an operation.
Offline access: do not expire and allow the app to perform operations for the user in any moment. This requires the offline_access permission when the app is authorized.
Check here: http://developers.facebook.com/docs/authentication/ for the oauth mechanism and here: http://developers.facebook.com/docs/authentication/permissions/ for the permissions list.
The REST API is deprecated and it is strongly suggested that you don't use it anymore. Furthermore, from this October you will be allowed to use only the Oauth2 authentication (see When is Facebook turning off their session based auth?)
Without token you can only access public information.
Public data
From RestFB homepage :
// It's also possible to create a client that can only access
// publicly-visible data - no access token required.
FacebookClient publicOnlyFacebookClient = new DefaultFacebookClient();
If the user does not protect his posts, then you can access everything without token. But most of user do protect their data and then you need a valid user access token to read the data.
Private data
When you say "FB user already allows to access his/her info from my app" it means that the user has clicked on "Allow app" in the web browser and at that moment here Facebook will give you a token. You can after use that token with RestFB :
FacebookClient facebookClient = new DefaultFacebookClient(USER_ACCESS_TOKEN);
User user = facebookClient.fetchObject("me", User.class);
out.println("User name: " + user.getName());
By default, the token will expire a few hours later. If you ask for the offline_access permission, the token will be valid for ever (as long as the user does not remove the permission for your app in his settings). You should store that token in your database to be able to use it when you need.
Get the user token
You cannot get the user token with RestFB. On the RestFB homepage, you can read :
Non-goals: [...] Providing a mechanism for obtaining session keys or OAuth access tokens
Because you need a browser to do so : the user has to authenticate and authorize your app on Facebook website (the popup that shows).
What you can do is to have a PHP page on which your users have to go to authorize your app. You can read this stackoverflow answer that explains how to use the Facebook PHP SDK to do so.
Hope that helps !