I've made a simple website for my personal usage using flask where I can post something to my facebook page. There is a textarea where I write text and then submit it. Then the server process the text and post it on that page using graph api and access token. It works well on my system. But when I deploy this project on live server the access token expired. If I put the token on access token debugger it says facebook removed access to the token duo session change.
I search about this on google (my bestfriend ;) but found nothing. I want to post on my page without expiring token while changing server. Or is there any alternative way to post on page?
Edit:
Here is the code I'm trying to post with...
import requests
from urllib.parse import quote_plus
acc_tk='EAA....MY_PAGE_ACCESS_TOKEN'
def post_fb(message):
resp=requests.post(f"https://graph.facebook.com/v15.0/113023048137080/feed?message={quote_plus(message)}&access_token={acc_tk}")
if resp.status_code==200:
return True
else:
return False
When I create a new page access token and run this function, it returns true and the post is published on the page. But if I deploy this to live server the access token expires and then this function doesn't work any more even on local machine. If I debug this token this warning shows up~
After 1 day of debugging, I realized that the token get expired when I store token in a variable (like I showed in the question) and push it on github and then deploy it to render.com. So I managed to store token in my database and retrieve it when needed. And that's it! My code is working now.
But one thing I didn't understand that why my token get expired if I push it to github and deploy it on render.com... I found no reason about this.
Related
I'm following this tutorial here to attempt to authenticate using Token Based Authentication with Netsuite:
through postman using Netsuite's Postman environment, but I continue to receive "401 Invalid login attempt".
When I check the Login Audit Trail, I see that there is no role being assigned to my authentication attempts -- it's just blank. To me, this indicates that the token is not properly assigned to the User/Role, but I've walked through the directions several times and everything appears to be setup properly.
I've seen other similar posts about this, but those seem to boil down to the Netsuite Account ID formatting. However, my Netsuite Account ID is all numbers, so I don't think this is a factor.
This should work fine assuming you have created an integration and an access token. Configure Oauth 1.0 in postman with the following fields filled out correctly:
signature method (should be HMAC-256)
consumer key (from the integration you created in netsuite)
consumer secret (from the integration you created in netsuite)
access token (from the access token created in netsuite)
token secret (from the access token created in netsuite)
realm (your account id, if using a sandbox, make sure the realm looks like 1234567_SB1, with an _ and not a -)
You won't be able to complete TBA using postman because using netsuite TBA requires a callback URL that netsuite will redirect you to with the necessary credentials (access token and & token secret).
I'm having this exact same issue. I have custom code written in Salesforce APEX that is connecting to NetSuite just fine. We also have a Workato integration that is connecting to NetSuite just fine.
No matter what I do in Postman, I get a 401 Invalid Login response. I'm losing my mind...
I finally got this to work for me. Postman had a request header of "Connection"="keep-alive". Once I removed that it worked fine! Wow.. I've been trying to get this to work for weeks, looking at it every few days for an hour or two. What a frustrating error message "Invalid Login".
So I've been trying to use Djoser JWT and I don't know how to login in it. As far as I know you create a request with your login credentials to this url /jwt/create/ and get the access and refresh token and maybe get the user object from /users/me/. This is where I got stuck, where do I go from here?
You correctly understood the first step of the process. Basically, you can now:
Add the access token in the header of your next requests.
This will transparently authenticate the user thanks to the Simple JWT plugin and you will be able to access him with the usual request.user in the views.
Refresh the access token each time you get a 401 response.
The access token is supposed to be short-living for security concerns and a 401 response from the server indicates that the one your are using is expired. So you have to get a new one by sending the refresh token to the token/refresh/ API and, then, make your request again.
You can read this article if you need more detailed explanations about this process or JWT.
All mutual friends request made from my app server (node) (also tried the Facebook API explorer) suddenly started returning an empty array for the data field. I confirmed and validated my access token and appsecret_proof on the API explorer. Do you know what has changed or what the request below is missing?
Note: both users use the app and have granted user_friends permission.
I am using v2.12
request
{
url: 'https://graph.facebook.com/v2.12/{user-facebookid}?fields=context.fields(all_mutual_friends.limit(5000))',
qs: {access_token: 'XXXXX'
,
appsecret_proof: crypto.createHmac('sha256', clientSecret).update(accessToken).digest('hex')
}
Yep. Facebook has taken down the Graph API for page access tokens. The only way to retrieve data (or was a week or so ago), was a temporary user token that lasts about 2 hours. It's totally broken my band's schedule page. I've been through every avenue and even spoke with a facebook ad team employee on the phone that was aware of it. She seemed to empathize but had no solution for me. I would count on it being down for a while.
I have finally figured out a work around for this. On your fb application, you have to disable the secret key requirement. This can be found under the advance settings of your fb application console. It's called "
Require App Secret".
Once you generate a fb PAGE access token, you get a fb page token, and then extend it.
here is the token debugger:
https://developers.facebook.com/tools/explorer/
You can extend the access token programmatically as explained here:
https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
AND
https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens
There is also an extend tool in the access token debugger.
How can I setup PAW to work with Facebook locally for development? Or even at all for that matter?
I have a node.js backend that I'm setting up with Facebook Auth. Every one of my routes needs the user to be logged in. I have two endpoints related to FB Auth. localhost:3000/api/v1/loginFB and localhost:3000/api/v1/callbackFB. Both of these work great in a web browser.
loginFB simply returns this string... https://www.facebook.com/dialog/oauth?client_id=523534457345&redirect_uri=https://localhost:3000/api/v1/callbackFB&scope=email,public_profile,user_friends.
When I call that URI in a browser, it returns a code=blahblah which my callbackFB endpoint uses to fire off another request to get the access token. All good.
So now in PAW I'm confused by the difference between the request URI and the Authorization URL text field? Should I use the loginFB URI for my request URI? And then https://www.facebook.com/dialog/oauth in the Authorization URL textfield?
Basically what's happening is that when I click Get Access Token, it returns the code but my callbackFB endpoint 500's by saying "This authorization code has been used." The code that it's getting returned is definitely different each time I Get Access Token.
This is where I'm at with this thing (Client ID and Client Secret are actually my App ID and App Secret from fb's dev management site, and the Access Token URL is actually set to https://graph.facebook.com/v2.3/oauth/access_token which I'm 99% sure is the correct URI):
This is the error I get when I click Get Access Token button:
It would be awesome to get some advice from anyone with experience with this issue. Thanks.
Re: #MichaMazaheri
tl;dr Fixed in version 2.2.2
Sorry for the super late follow-up. We actually fix this exact issue in Paw 2.2.2, which is already released on our website, and pending review for the Mac App Store. (It was some JSON vs. Form URL-Encoded parsing issue). Thanks for reporting.
I am using oauth.io to handle authentication in an Android app. I login using the service and then pass the access token to the server. As part of the server-side verification, I make a call to https://graph.facebook.com/debug_token?input_token={user access token}&access_token={app token}. I was receiving a response with the error message "(#100) The App_id in the input_token did not match the Viewing App".
I took this to mean that the app that generated the access token was not the same as the app that owns the app token I was sending in the request. Upon further inspection, I noticed that when I debugged the token with Facebook's tool (https://developers.facebook.com/tools/debug/accesstoken) I was seeing a different app id that belonged to oauth.io itself instead of my app. Since the app token is based on the app id and app secret, it obviously would not be correct if it was expecting oauth.io's app token.
Is there any way to continue using the debug_token endpoint through Facebook with a token generated by oauth.io?
Sorry this is a bit late - but it may still help you :) I had the same issue. In my perl code, I just did:
use LWP::Simple;
my $check_session_first = LWP::Simple::get("https://graph.facebook.com/me?access_token=$in->{token}");
if (!$check_session_first) {
print $IN->header;
print Links::SiteHTML::display('error', { error => qq|Sorry, we couldn't log you in. |});
return;
}
Basically, if $check_session_first is empty, then it means the session isn't valid. If its valid, it'll return a JSON object (which in my case, I process using the "JSON" perl module)