I am trying to use an app for the user to login from a web platform, however, I have problems so that the token that returns me can use the following route:
graph.facebook.com/v13.0/act_<<user_id>>/targetingsearch
The permissions that I request in the login are: ads_management and ads_read
My architecture gets the token in the frontend, sends it to the backend, there the route that returns a long-term token is called and then it tries to use the /targetingsearch route
The problem is that, when calling the route, it throws me this: 'OAuth "Facebook Platform" "invalid_request" "(#100) Missing permissions'
Can somebody help me? :(
Related
I am hitting a wall while developing seamless integration of a Facebook page with my bot.
Essentially I want to achieve same integration than Chatfuel or Manychat have, where being logged in with your Facebook account lets you to just choose what page you are connecting to them and you are good to go.
The problem I am facing is generating the proper token in order to bind the selected page to my app (bot). As per Facebook documentation:
When you create a subscribed_apps edge, the page-id you use in endpoint must match the page ID of the page access token used in the API call. The app that the access token is for is installed for the page.
Given the call has no other parameter than the access token, this access token has to be enough for Facebook to:
Authorize the action on the page.
Identify what app is being subscribed to the page.
This is confirmed while using the Facebook Graph API Explorer, where one selects the page and the app to bind and a proper access token is generated:
This token properly works using cURL in the terminal:
$ curl -X POST 'https://graph.facebook.com/v3.0/<MY_APP_ID_HERE>/subscribed_apps?access_token=<TOKEN_PASTED_FROM_GRAPH_API_EXPLORER>'
{"success":true}
With the Facebook Access token debugger (info icon on the left of the access token, then open in Access token tool), it is confirmed that the token knows about both the page and the app that have to be connected.
The question is, how are these page-app related token programmatically produced? I can't seem to find the proper API call in Facebook documentation and it is by all means possible, as Chatfuel and Manychat are doing this.
Thanks in advance for your support Lars Schwarz and community!
Adding some detail to Alex's answer, for it to be more complete.
When subscribing an app to a page, Facebook needs to:
Know what app you are talking about.
Know what page you are talking about.
Know that you have permissions on that page to subscribe an app.
How does Facebook know it all?
1 comes from the fact that Facebook login happens in the context of a page, actually, the Javascript code for Facebook contains your appId:
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.0&appId=<YOUR_APP_ID_IS_HERE>&autoLogAppEvents=1';
2 Comes from the page_id in the URL used to subscribe apps to pages:
https://graph.facebook.com/v3.0/YOUR_APP_ID_HERE/subscribed_apps?access_token=YOUR_ACCESS_TOKEN_HERE
3 Comes from the access token, obtained in the context of an APP through Facebook login, that is passed as parameter in the URL used to subscribe apps to pages:
https://graph.facebook.com/v3.0/YOUR_APP_ID_HERE/subscribed_apps?access_token=YOUR_ACCESS_TOKEN_HERE
To do this, you need to put FB Login on your site/customer portal and request pages_messaging and manage_pages permissions. The person that logs in must be a Page Admin.
Once your app has been granted that permission for the page, you can generate a page access token as described here:
https://developers.facebook.com/docs/pages/access-tokens
I am deeply struggling to find the right flow. I have a rails app, registered on Microsft App portal (with Id, Pwd and Scopes). To be be as simple as possible : I need to have access through my app to all emails (only read) of a company. It is a server app, which processes informations during the night.
What I understood and tried :
Get a login link for the administrator of the company :
https://login.microsoftonline.com/{TENANT_ID}/oauth2/authorize?client_id={MY_APP_ID}&response_type=code&redirect_uri=MY_APP_ADDRESS&response_mode=query&prompt=admin_consent
In callback, I do get a code in params. From that code, I get a token with a POST request, specifying :
client_id: MY_APP_ID,
grant_type: "authorization_code",
code: MY_RECEIVED_CODE,
redirect_uri: MY_APP_ADDRESS,
client_secret: MY_CLIENT_SECRET,
resource: "https://graph.microsoft.com/"
From that I get a Token. A simple request to get messages works well for the administrator mailbox (the one who validated the access) ; 'Access is denied' when I try for any other person from the organization.
Last point. Scopes defined in Microsoft App portal : Group.Read.All and Mail.Read (both for apps or delegated services)
What is the right way to get that done ? Thanks !
add the query parameter prompt=admin_consent to the authorization request, that way the admin will consent on behalf of the entire organization and not just for his/herself.
How can I setup PAW to work with Facebook locally for development? Or even at all for that matter?
I have a node.js backend that I'm setting up with Facebook Auth. Every one of my routes needs the user to be logged in. I have two endpoints related to FB Auth. localhost:3000/api/v1/loginFB and localhost:3000/api/v1/callbackFB. Both of these work great in a web browser.
loginFB simply returns this string... https://www.facebook.com/dialog/oauth?client_id=523534457345&redirect_uri=https://localhost:3000/api/v1/callbackFB&scope=email,public_profile,user_friends.
When I call that URI in a browser, it returns a code=blahblah which my callbackFB endpoint uses to fire off another request to get the access token. All good.
So now in PAW I'm confused by the difference between the request URI and the Authorization URL text field? Should I use the loginFB URI for my request URI? And then https://www.facebook.com/dialog/oauth in the Authorization URL textfield?
Basically what's happening is that when I click Get Access Token, it returns the code but my callbackFB endpoint 500's by saying "This authorization code has been used." The code that it's getting returned is definitely different each time I Get Access Token.
This is where I'm at with this thing (Client ID and Client Secret are actually my App ID and App Secret from fb's dev management site, and the Access Token URL is actually set to https://graph.facebook.com/v2.3/oauth/access_token which I'm 99% sure is the correct URI):
This is the error I get when I click Get Access Token button:
It would be awesome to get some advice from anyone with experience with this issue. Thanks.
Re: #MichaMazaheri
tl;dr Fixed in version 2.2.2
Sorry for the super late follow-up. We actually fix this exact issue in Paw 2.2.2, which is already released on our website, and pending review for the Mac App Store. (It was some JSON vs. Form URL-Encoded parsing issue). Thanks for reporting.
I have created the access token for my facebook app. i have two token one is for app and another one is for app test user. when i try to get some post info by hit the facebook graph api using app access token, I am getting the response, but when i use test user access token it gives graph exception.
The url looks like this... i tried the same url with app and test user access token.
https://graph.facebook.com/746574638_7468765477651?fields=created_time&access_token=CAGy9XKP2........
both token have extended (insight and read_stream) permission...
Anybody know why this happening?
I am posting to my facebook wall through my app using my user.
I gave to the app offline access but still, sometimes the accesstoken changes.
I would like to know if its possible to use Facebook API to get the accesstoken?
Right now, I used the example.php from the facebook sdk to login and took the accesstoken from there.
again, I dont want the application accesstoken. I want to user accesstoken of using the app.
Thanks.
There is App Login section in Authorization paragraph in https://developers.facebook.com/docs/reference/api/ .
Read it. You have to call it if you get invalid access token error in order to refresh the token. However, sometimes the token is invalid due to lack of permissions and not because the token is expired