I'm building a site that allows users to sign in using their facebook account.
I want to cache nice big versions of the users profile pictures. I know that i'm not allowed to cache images for more than 24 hours so i'm going to re-fetch the images once every 24h.
I thought i could get the url of the image original like this:
$fb=new Facebook($key,$secret);
$query = "SELECT src_big FROM photo WHERE pid IN (SELECT cover_pid FROM album WHERE owner = ".$id." AND name = 'Profile Pictures')";
$imgurl = $fb->api_client->fql_query($query);
http://wiki.developers.facebook.com/index.php/Photo_(FQL)
But i get an exception saying "Requires user session". Why do i need a user session? Is there a workaround for this? How does other sites solve this?
If i have a user session it works for some users but not all. Why not?
Rules on photo accessibility are detailed with the Photos.get API method.
Privacy Note: Photos are visible on
the Facebook Platform only if the
photo owner has authorized the calling
application, or the photo owner has
not turned off access to the Platform.
The Photos.get method is essentialy a wrapper for querying the Photo FQL table so it follows the same rules.
Consider asking users for the offline_access extended permission so you can query their own photos even when they're not online. You'll need to store their session key in your database and make queries with that, but it will mean you can pull down the photos of users who have authorised your application whenever you want.
For when it sporadically works: Some users may have set privacy settings to disallow applications access to their profile pics.
Possibly some users might not have uploaded a profile pic.
Edit: From the (new)fb menus go to: Account > Privacy Settings > Applications and Websites > What you Share
(This page explains about how the user's privacy setting choices affect fb-enhanced websites)
In short the external website can only access what fb users have made available to 'Everyone'.
Related
I am using the Javascript SDK to log in to facebook and request 'publish_actions' permissions for my application. I have everything working and can post photos to my application no problem. I use my own dialog to let them set a comment and set privacy setting to "Just Me", "Friends" or "Public".
When a user first attempts to connect to facebook from my web app, they are asked to set the privacy setting level when posting photos (Just Me, Friends, Public, etc). The issue I am having is that I want to be able to get that information later when the user posts a photo through my app so I can see what privacy setting are available for my dialog. For example:
A user logs in to my app and for publish_actions chooses "Friends" as the privacy setting. Later on if they are running my app, I give them a choice to pick "Only Me", "Friends" or "Public" but I need to know that "Public" is not allowed for that user. Currently if they choose public it will default back to "Friends" since that is what was picked when they connected through my app initially.
I have found examples of accessing the permissions in the privacy_setting table using FQL but not for a particular app (also that looks to be going away with versions after 2.0 according to https://developers.facebook.com/docs/reference/fql/privacy_setting/.
I have not been able to find an end point in the Graph Api to provide the apps privacy setting for a given app.
Would appreciate if anyone knows how to get this.
I'm working on a Facebook app that requires a few basic permissions (email, birthday, etc) as well as publish_actions (so I can create stories about user interaction).
When I ask for these permissions, the end user is presented with one screen for the basic permissions and yet another for the publish_actions permission.
However, when I looked at the following app from Amazon:
http://www.amazon.co.uk/gp/socialmedia/promotions/SprngSweep
When I click on the enter button, I am redirected to Facebook to ask for permissions (as expected), however, they have all their permissions one page (Amazon would like to access your public profile, friend list, email address, birthday, photos, videos, personal description, likes and your friends' birthdays and likes. Amazon would like to post on your behalf. Amazon would like to access your data at any time.)
I can't add a picture due to lack of rep
The url that I'm redirect to is this:
https://www.facebook.com/dialog/oauth?client_id=164734381262&redirect_uri=https%3A%2F%2Fwww.amazon.co.uk%2Fgp%2Fsocialmedia%2Ffbr%2Fconnect-handler.html%2Fref%3Dfbr_hn_SprngSweep%3Fie%3DUTF8%26appName%3DAmazon%26externalApp%3DKindle%26onSuccess%3D%252Fgp%252Fsocialmedia%252Fpromotions%252FSprngSweep%253Fie%253DUTF8%2526sm-sweeps_submit%253D1%2526sm-sweeps_submit.x%253D66%2526sm-sweeps_submit.y%253D20%2526sweepsConnect%253D1%2526sweepsEligibility%253D1%26ref%3DSprngSweep%26token%3D6CBF36BD25311891B2F205333EFA3AA78E561AB9&scope=
While attempting to investigate this myself, I noticed that they aren't even passing a value for scope in the url.
How the hell are they doing this?
Most likely they are using an old API (FB changed the behavior over there recently, read their blogs please) or they are using hidden features which FB created for them (as this has an impact on there advertising revenue obviously, and even these guys are "coin operated").
The "two pager" is normal, FB API and FB advertising API quit the same. I wouldn't worry.
Background:
After thinking that I had managed to successfully navigate Facebook's gauntlet of privacy settings, I have fallen prey to yet one last unexpected hurdle.
My Facebook app allows users to post content to Facebook (status updates, photos, etc). It also allows users to browse and view the same content of others who are users of the same app. Even if two users (that are friends) have:
granted the necessary permissions (read_stream, user_photos, friends_photos, etc) to the app
successfully posted content with the sufficient visibility to Facebook through the app
the ability to see each other's posted content on Facebook itself
It is still possible that they can't read others' content through the app due to the "Apps others use" privacy setting which restricts what information others can see through the Facebook platform, despite that the user has specifically granted access to the app for that content (ugh).
This little quirk makes for a terrible user experience, so I would at least like to be able to detect that a user has this limitation in place an inform him/her accordingly.
My searches through the FQL tables have come up fruitless, but I'm holding out against hope... Is there a (undocumented?) way to retrieve the "Apps others use" settings for an authorized user via Facebook API method?
Does the page http://nakedsecurity.sophos.com/2013/04/03/how-to-stop-your-friends-facebook-apps-from-accessing-your-private-information/ give you some help?
For going to that, is like in the image : Go to the gear icon at the top right > Account Settings > Apps > Apps others use and then customize it.
A facebook user can now specify post privacy on per-application basis. This is explained by facebook on their blog.
In my web application I let people specify privacy settings while posting to their news feed. If a user has specified rather restrictive privacy than the one with he is posting to, facebook will enforce the restrictive settings as specified by user.
This results in bad user experience. I want to know if there is a way, preferably a Graph API end point, that lets me know this setting for a user. If I could fetch this information from Facebook, I could show a proper alert message, 'that to use a rather less restrictive privacy settings, (s)he will have to change his/her application specific privacy settings'. Or I could show only more restrictive privacy settings to the user while posting something in my UI.
Any pointer to where Facebook has documented this new feature from developer point of view in details is also appreciated.
I believe the privacy_setting table (available via FQL) provides what you're looking for.
https://developers.facebook.com/docs/reference/fql/privacy_setting/
*An FQL table that returns the default privacy settings that a user has set for an app.
To read the privacy table you need the following permissions:
User access_token
The data returned is for the user and the application associated with the given access token.
Example
Select the default settings you have set for this app (try this query for a test application):
SELECT name, value, description, allow, deny, networks, friends
FROM privacy_setting
WHERE name = 'default_stream_privacy'*
Does anyone know if Facebook Permissions will allow an app to display a photo of one app user to another, regardless of privacy settings?
I want to save photo id's to a database and then display many different users photos at once, to the user, within the app.
I could use fbml but am hoping to use xfbml.
Any suggestions would be much appreciated!
Facebook API restrictions are going to be exactly the same as the authenticated user ( assuming they grant you sufficient access). So if a user has access to photo's in another users gallery, you can display them. If they don't, you cannot.
However, if you save the Photo ID of a users picture, then want to display it to a different user later on, who does not have implicit rights to view that photo, they will not be able to see it.
Your app would be best served by taking a copy of the shared photo, which would take Facebook permissions completely out of the equation.