Alternative to pull events from Facebook Graph API - facebook-graph-api

Looking for alternatives on how to use the events API since the Facebook changes.
https://developers.facebook.com/blog/post/2018/04/04/facebook-api-platform-product-changes/
Our app currently uses /search endpoint, pulling events based on a /location (miles radius). Is this totally revoked or is there a way to work around?
Thanks.

You can no longer use the /search endpoint with the following object types: event, group, page, user
Please read: https://developers.facebook.com/docs/graph-api/changelog/breaking-changes#search-4-4
Currently to access events you can use a user endpoint such as ‘/me/events’ or ‘/me/events/not-replied’ using an access token valid for that user. you can get the events that the user was invited to or is going/interested
You can access an event endpoint /{event-id} with an user access token if that user has been invited or is going/attending or is the creator of that event.
I believe its possible (but didn’t test it yet) to access to a specific page events endpoint, such as /{page_id}/events with a page access_token such as manage_pages, if Facebook already approved that permission and the page owner accepted the permission.

Related

How to get a Facebook access token that grants permission for an event endpoint?

How can I get a Facebook access token that will grant permission to request information on events that the user has RSVP'd to (interested or attending)? My current method works for my user, but not other users.
My current method:
I'm using the Facebook Javascript SDK to log in as a user, get an access token, and then query the graph API to get data about events that the user has logged into.
The route I'm hitting to get event data is (pseudo):
https://developers.facebook.com/docs/graph-api/reference/v2.12/event
Or in my code (pseudo)
https://graph.facebook.com/v2.12/{event-id}?{access-token}&fields={fields}
When the app logs in as my own user (also admin of app), I get an access token that can be used to query the event route successfully, but when it logs in with another user, I get a failure when hitting the event route with the API token I receive:
"Unsupported get request. Object with ID '466582570713258' does not exist, cannot be loaded due to missing permissions, or does not support this operation."
According to Facebook's API documentation, it states that my app needs the user_events permission to hit the event api endpoint that I'm looking for:
https://developers.facebook.com/docs/graph-api/reference/v2.12/event
I went through the verify process and requested that permission for my app, which now has these approved:
PERMISSIONS
email
Provides access to the person's primary email address. This permission is approved by default.
public_profile
Provides access to a person's name and profile picture. This permission is approved by default.
user_events
Provides access to a person's events.
If I grab the API token I get back when logging in as a user (other than myself), it does say that user_events scope was granted, which would seem to be sufficient to get a response from the event endpoint. But it is failing as above.

Is it possible to send and fetch Facebook messages using Graph API for v4.0 or greater?

I want to create a web application using PHP which will allow to connect Facebook accounts with my application and once they authenticated my application can fetch inbox messages of that user and can auto reply to the messages received against authenticated Facebook accounts.
Also, allow user to send messages manually from my application to Facebook inbox.
Is this possible with Graph API or any other Facebook API which will allow me to do above mentioned things.
Some people was told that this feature is no longer available after Facebook Graph API v2.4.
and once they authenticated my application can fetch inbox messages of that user and can auto reply to the messages received against authenticated Facebook accounts.
Neither of those two things is possible.
You can not read the messages of user accounts any more, and you can not reply in their name either.
The only messaging that can be handled via API, is that between a user and a page.
Assuming you refer to Page conversations, not user conversation, see /conversations and /messages docs here:
https://developers.facebook.com/docs/graph-api/reference/page/conversations/
https://developers.facebook.com/docs/graph-api/reference/v5.0/conversation/messages

Graph API: All Mutual Friends Returning Empty List

All mutual friends request made from my app server (node) (also tried the Facebook API explorer) suddenly started returning an empty array for the data field. I confirmed and validated my access token and appsecret_proof on the API explorer. Do you know what has changed or what the request below is missing?
Note: both users use the app and have granted user_friends permission.
I am using v2.12
request
{
url: 'https://graph.facebook.com/v2.12/{user-facebookid}?fields=context.fields(all_mutual_friends.limit(5000))',
qs: {access_token: 'XXXXX'
,
appsecret_proof: crypto.createHmac('sha256', clientSecret).update(accessToken).digest('hex')
}
Yep. Facebook has taken down the Graph API for page access tokens. The only way to retrieve data (or was a week or so ago), was a temporary user token that lasts about 2 hours. It's totally broken my band's schedule page. I've been through every avenue and even spoke with a facebook ad team employee on the phone that was aware of it. She seemed to empathize but had no solution for me. I would count on it being down for a while.
I have finally figured out a work around for this. On your fb application, you have to disable the secret key requirement. This can be found under the advance settings of your fb application console. It's called "
Require App Secret".
Once you generate a fb PAGE access token, you get a fb page token, and then extend it.
here is the token debugger:
https://developers.facebook.com/tools/explorer/
You can extend the access token programmatically as explained here:
https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
AND
https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens
There is also an extend tool in the access token debugger.

Cognito User Pools - Is it possible to create a custom sign up/in form for Facebook login?

I would like to use a Cognito User Pool for Facebook logins only, which may be possible using the built in login form, but I need to use my own.
Theoretically, when it comes to a custom form, it shouldn't be hard: after I receive a user object from FB, I bind the user and email attributes to the ones in my User Pool and I save it.
But what to do about the password field and future authentication? And here I have failed during my journey...
...
userPool.signUp('FoobarUser', '**password?**', attributeList, null, function(err, result){
...
While digging deeper into the docs, I tried to implement a Identity Pool (Federated Identities), managed to save user info in the form of datasets as well, but then I realised, querying these sets gonna be a huge pain if possible at all.
Maybe I'm failing to understand the concepts, I would be really thankful if someone could suggest a way to manage facebook logins in a nicely organised fashion using Cognito.
So here is what I understand from your query.
Setup
Link Facebook to userpool
The app client allows only Facebook login, no other providers allowed (not even Userpool)
On login, you want Facebook user's info to be automatically populated in your Userpool
You don't want to use Cognito's builtin UI but use your own
My 2 Cents
In your app client, just select Facebook
In your UI, have a login button. On clicking it should redirect to your userpool's authorization endpoint
https://your_domain.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https://www.example.com&response_type=token&client_id=your_appclient_id
If you want to use your own UI with multiple providers, allow the same in Client and on clicking the appropriate button in your UI (say Facebook), redirect users to the authorize endpoint but append the identity_provider in the URL
https://your_domain.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https://www.example.com&response_type=token&client_id=your_appclient_id&identity_provider=Facebook
If you want to see the names of all supported identity providers, use ListIdentityProviders API call
This way, all Facebook users will be automatically created in your userpool. Of course, their names will be random like Facebook_123jkjdwj but all their details will be correctly populated from the token as per your attribute mapping. As a plus, all auto-created users from a particular provider are added to an auto-created group 'Userpoolid_providername' eg. us_east_1_xxxx_Facebook.

Why http://www.friend.ly can get information when I don't confirm

I really surprise when use http://www.friend.ly site. I'm login Facebook and after go to http://www.friend.ly. I'm surprise because I don't confirm extended permission but this site can get email, address... Any ideas?
My Information
Information get from friend.ly site
They are using the Facebook Registration Plugin which basically renders an iframe from Facebook's server. Due to cross-domain browser restrictions, they can't actually access any of that data until you submit the form by clicking the register button.
If you read the section on the Graph API documentation about authorization you'll see that if they're using an OAuth 2.0 access token then they can retrieve any information that you have publicly available without your authorization. You can see the examples below.
The Graph API as such allows you to easily access all public information about an object. For example, https://graph.facebook.com/btaylor (Bret Taylor) returns all the public information about Bret. For example a user's first name, last name and profile picture are publicly available.
To get additional information about a user, you must first get their permission. At a high level, you need to get an access token for the Facebook user. After you obtain the access token for the user, you can perform authorized requests on behalf of that user by including the access token in your Graph API requests:
https://graph.facebook.com/220439?access_token=...
For example https://graph.facebook.com/btaylor?access_token=... (Bret Taylor) returns additional information about Bret Taylor.
The Graph API uses OAuth 2.0 for authorization. Please read the authentication guide which provides details of Facebook's OAuth 2.0 implementation, how to request permissions from a user and obtain an access token.
Getting an access token for a user with no extended permissions allows you to access the information that the user has made available to everyone on Facebook. If you need specific information about a user, like their email address or work history, you must ask for the specific extended permissions. The reference documentation for each Graph API object contains details about the permissions you need to access each connection and property on that object.
This quote is from the facebook documentation located here:
https://developers.facebook.com/docs/reference/api/