I recently tried to integrate laravel socialite with laravel 5.5 but i was getting an error :
GuzzleHttp \ Exception \ ClientException (400) Client error: GET
https://graph.facebook.com/v2.10/me?
access_token=$my_token&appsecret_proof=my_proofsecret resulted in a
400 Bad Request response: {"error":{"message":"Error validating
access token: Session has expired on Tuesday, 03-Oct-17 05:00:00
PDT. The current (truncated...)
Now i have debugged it to some extent and basically this is the line creating the error in FacebookProvider.php line number 89:
protected function getUserByToken($token)
{
$meUrl = $this->graphUrl.'/'.$this->version.'/me?access_token='.$token.'&fields='.implode(',', $this->fields);
if (! empty($this->clientSecret)) {
$appSecretProof = hash_hmac('sha256', $token, $this->clientSecret);
$meUrl .= '&appsecret_proof='.$appSecretProof;
}
$response = $this->getHttpClient()->get($meUrl, [
'headers' => [
'Accept' => 'application/json',
],
]);
return json_decode($response->getBody(), true);
}
this is the line :
$appSecretProof = hash_hmac('sha256', $token, $this->clientSecret);
If i comment it out this whole if else block it seems to work fine, cant figure out whats wrong.
I was actually not selecting the access_token's for my application while getting it from the graph API. I selected the default graph api token. Facebook actually lets you generate access token specific to your App so you have to selection it specifically.. Here is a screenshot of it.
$meUrl .= '&appsecret_proof='.$appSecretProof;
please remove this line and & sign
Related
I try to have an app that can pause/resume my adset (accounts owned by myself).
I get no error message(or anything) output when requesting this
$adset = new AdSet($adsetid);
$adset->campaign_status = AdSet::STATUS_ACTIVE;
try{
$adset->updateSelf();
} catch (RequestException $e) {
$response = json_decode($e->getResponse()->getBody(), true);
var_dump($response);
}
But I see that the adset status did not change.
Now, I do see that the Marketing API, Settings section shows me that the API access Level is development and the app doesn't have Ads management standard access.
When I check permissions at App review > Permissions and features it shows 'Standard access' and 'ready to use'. (however not 'Active')
And at the same time my request count and error rate in the past 30 days are acceptable.
I don't understand what is missing to make it work. Can anyone help me out?
The code I have shown in my question was based on the code I copied from the Facebook marketing API documentation.
Strangely when I simulated my request using the Graph API Explorer and hit the "Get code" button it will suggest you a different code.
When I used that code instead of the code of the marketing API docs it did seem to work just as expected.
This code worked as opposed to the code from the docs:
$adsetid = "YOUR ADSET ID";
$access_token = "YOUR ACCESS TOKEN";
try {
$response = $fb->post(
'/'.$adsetid,
array (
'fields' => 'status',
'status' => 'ACTIVE'
),
$access_token
);
} catch(FacebookExceptionsFacebookResponseException $e) {
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(FacebookExceptionsFacebookSDKException $e) {
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
$graphNode = $response->getGraphNode();
In my javascript I have a click event that triggers an ajax call to the php page where I send my notification from. I chose to do it this way because the documentation advises against using your app secret in any client side code, and the notifications parameters requires an access token that you can only get using the app secret.
The problem I'm having is that even though I'm logged in, $facebook->getUser() is returning 0 in php, so the api call I make afterwards to send the notification wont work. My user is already logged in via the client side code, so how do I get the message to the php that they're logged in so the notification can be sent.
//JS
$.ajax({
url : "http://xxxxxo/bn/notification.php",
type : 'POST',
data: {notify: notify },
success : function (result) {
console.log(result);
},
error : function () {
alert("error sending notification");
}
});//closes ajax
//PHP
<?php
require_once(dirname(__FILE__).'/php-sdk/facebook.php') ;
$APPLICATION_ID = '1402xxxxx7';
$APPLICATION_SECRET = 'ce71d6bbxxxxx5f55a';
$fb_app_url = "http://apps.facebook.com/myAPP";
$config = array();
$config['appId'] = $APP_ID;
$config['secret'] = $APP_SECRET;
$config['cookie'] = true;
$facebook = new Facebook($config) or die('Error is here!');
$facebook = new Facebook(array(
'appId' => $APP_ID,
'secret' => $APP_SECRET,
'fileUpload' => true
));
$notify = $_REQUEST['notify'];
$userid = $facebook->getUser();
/*IF WE HAVE A LOGGED IN USER AND THE 'NOTIFY' REQUEST VALUE, THEN SEND THE NOTIFICATION.
BUT MY USER ID IS 0. HOW DO I GET PHP TO RECOGNIZE ME AS LOGGED IN WITHOUT HAVING TO FORCE MY USER TO LOG IN VIA PHP AFTER THEY'VE ALREADY LOGGED IN CLIENT SIDE?*/
if($userid && $notify){
$token_url ="https://graph.facebook.com/oauth/access_token?" .
"client_id=" . $APP_ID .
"&client_secret=" . $APP_SECRET .
"&grant_type=client_credentials";
$app_token = file_get_contents($token_url);
$app_token = str_replace("access_token=", "", $app_token);
$data = array(
'href'=> 'https://apps.facebook.com/thebringernetwork/',
'access_token'=> $app_token,
'template'=> 'test'
);
$sendnotification = $facebook->api('/1622649653/notifications', 'post', $data);
}else{
//handle error
}
?>
The first thing I noticed is that you define your app id as $APPLICATION_ID but use it as $APP_ID (and the same goes for your app secret). But since you didn't mention any errors and $facebook->getUser(); executes I'm guessing this is just a bad copy-paste.
Now for the sake of answering this question I'm going to presume that you are using the latest versions of both JS and PHP SDKs. These use oauth 2.0 and change the way you pass the login information from JS to PHP.
According to Facebook Developer Blog removing $config['cookie'] = true; and setting oauth to true in your JS configuration should work. Just make sure to refresh the site after the login.
The solution I've found in my own project is to disable cookies altogether and simply pass the access token to my PHP script.
In your JS call your PHP script like this (make sure to call this after the JS login!):
$.ajax({
url : "http://xxxxxo/bn/notification.php",
type : 'POST',
data: {
notify: notify,
token: FB.getAuthResponse()['accessToken'] // add your access token
},
success : function (result) {
console.log(result);
},
error : function () {
alert("error sending notification");
}
});
And in your PHP script add this after creating the FB object.
$facebook->setAccessToken($_POST['token']); // set the users access token
Doing things this way will also get rid of any need to refresh the website after the login.
Yes, this is a common problem when using the PHP SDK in combination with AJAX:
When you make an AJAX request, the PHP SDK deletes the cookies where the authorization information are stored, and then the next call to getUser will just return 0, because this method tries to find the current user id in those cookies – apparently there is something in the OAuth 2.0 spec that demands this behavior to prevent some sort of click-jacking attack.
But the info will still be stored in the session, so you can read the user id (and the user access token, should you need it) from there:
$user_id = $_SESSION['fb_YourAppIdHere_user_id'];
$user_access_token = $_SESSION['fb_YourAppIdHere_access_token'];
Replace YourAppIdHere with your app id (so it becomes fb_1234567890_user_id resp. fb_1234567890_access_token) to get the correct names of those session keys.
I have a php/javascript API on my website for posting messages on the user wall depending on actions on my website.
I use on one side the javascript API for logging the user to the App and the PHP sdk on the other side for posting on the user wall some link.
The thing is that when I launch the PHP graph API method, Facebook respond me with the given error :
error :
array(1) {
'error' =>
array(3) {
'message' =>
string(46) "(#1) An error occured while creating the share"
'type' =>
string(14) "OAuthException"
'code' => int(1)
}
}
The php call is like this :
$facebook->api( '/me/feed/', 'post' ,$data );
And the data with the $data array are just the message and the link
But if I do the exact same code in javascript( using the FB.api('/me/feed' ) method), the message is well posted on my wall.
Is there something I have missed ?
I'm using the Facebook Graph Batch API to send one message / different messages to registered people's FB walls.
I'm defining an access_token for each user, and the obliged top-level access_token (used as fallback, according to the doc). For the latter I just use an access_token from the users listed in the batch.
The thing is that the only user recieving the message, is the one who's access_token I used as the top-level/fallback access_token.
The other users get the "(#210) User not visible" error message.
I'm using 3 test users setup at my app-roles.
Any idea what goes wrong here?
Here's my code (python) for generating one message to all registrants:
for soc_reg in self.registrants:
batch_item = {
"method" : "POST",
"relative_url" : FACEBOOK_URL_FEED % (soc_reg['uid']),
"body" : Helper.toURL(publishParams),
"access_token" : soc_reg['access_token'],
}
batch.append(batch_item)
params = {
"access_token" : self.registrants[0]['access_token'], # used as fallback
"batch" : Helper.toJSON(batch),
}
results in following value for "params":
{"access_token": "XYZ", "batch": "[{\"body\": \"caption=&message=is+not+a+test.%0D%0AWe%27re+just+rappin%27+to+the+beat%21&place=146270405429726&link=&description=\", \"access_token\": \"XYZ\", \"method\": \"POST\", \"relative_url\": \"/100003720771245/feed\"}, {\"body\": \"caption=&message=is+not+a+test.%0D%0AWe%27re+just+rappin%27+to+the+beat%21&place=146270405429726&link=&description=\", \"access_token\": \"ZYX\", \"method\": \"POST\", \"relative_url\": \"/100003671211957/feed\"}, {\"body\": \"caption=&message=is+not+a+test.%0D%0AWe%27re+just+rappin%27+to+the+beat%21&place=146270405429726&link=&description=\", \"access_token\": \"YZX\", \"method\": \"POST\", \"relative_url\": \"/100003683601909/feed\"}]"}
So the only user recieving the message is the one defined here: "access_token" : self.registrants[0]['access_token']
When I adjust the index, I can determine the one recieving the message ;)
OK, seems like the documentation and the API itself are not corresponding:
https://developers.facebook.com/bugs/212455918831996
Documentation says:
relative_url => 'alias', 'body' => '{"access_token" => "..."}'
But only this ways seems to work:
'relative_url' => 'alias?access_token=...'
FB seemed to have confirmed the bug and put it on the 'wishlist', so far the latter is the way to go, works for me at least :)
I have a few applications which upload image to user profile. A few hours ago all applications were working fine but now when uploading is requested, it gives this error
Fatal error: Uncaught OAuthException: (#1) An unknown error occurred thrown in applications/fb-sdk/facebook.php on line 543
I'm using the following code to publish image.
$FILE = "images/$image";
$args = array('message' => 'My msg ');
$args['image'] = '#' . realpath($FILE);
$data = $facebook->api('/'.$uid.'/photos', 'post', $args);
Is it because of some policy change or some new feature?
I have all the permissions like upload is set to true and application takes permission to upload file.
P.s: when the application is used 2nd time, it works fine.
You need to verify if the user is logged in AND has the permissions to post on wall. We're going to do that with a TRY/CATCH with a call to the user.
$userId = $facebook -> getUser();
if ($userId) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
$userId = NULL;
error_log($e);
}
}
$app_permissions = array(
'scope' => 'publish_stream'
);
$logoutUrl = $facebook->getLogoutUrl();
$loginUrl = $facebook->getLoginUrl($app_permissions);
If the user is not logged in OR has authorized the app, you'll need to redirect him via header redirect or with a link.
if ($userId){
//Then you can call the facebook api
$data = $facebook->api('/'.$uid.'/photos', 'post', $args);
//... ...
}
That's the easiest way i've found.
EDIT : This question on stack has helped me : Facebook PHP SDK Upload Photos
No, the error is caused by the system cannot get the image file. Facebook will not allow the empty image field appear in the api. So it return Fatal error: Uncaught OAuthException: (#1) --- although it does not relate to the OAuth and OAuthException.