I use google Ouath2.0 with passport.js in my Next.js/Node.js web-app. Registering and logging in works as expected. However, anyone with a google account is able to register, regardless of being in the test users list. The app is unpublished, and so only test users registered by me in the Oauth Consent screen should be able to register and login.
Does anyone know how to fix this? As far as I have understood it, login when not registered as a test user should simply fail. I have seen this asked elsewhere with no answers, and I am not able to contact google as that requires a paid support level.
I had a quick look at this and observed the same (incorrect) behavior; I too was unable to restrict authenticated users to the list of test users:
Created Apps Script Web app (for a quick win)
Associated a Cloud Platform project with it
Enabled Gmail API in the project and added one of its "restricted" scopes
Added one Google account to test users
I was able to login using the test user and any other Gmail account regardless of whether I included a Gmail restricted scope.
One thing I observed but am unable to explain is that I was not presented with the app's (project's) OAuth Consent Screen. Each time I logged in (incognito), I was prompted by the standard Google login screen only. I expected to be prompted by the OAuth Consent Screen before accessing the app. This likely explains why identities aren't being limited to the test users but I'm unsure why I'm not seeing the consent screen.
Even without Google paid support, you may file issues like this using Google's public issue tracker and these will be seen by Google Engineering.
I recommend you file under "Cloud Platform > Security & Identity" and let someone within Google triage:
https://issuetracker.google.com/issues/new?component=187167&template=1162765
Currently I am trying to get my app approved by Facebook.
My app allows users to connect their instagram account. I use data like instagram_profile_picture and followed_by_count to complete their profile with reliable data.
For that, I request the permission instagram_basic within the Facebook-login process. Obviously the process only works if a instagram account is connected to the Facebook account which they are logging in with.
Facebook rejected my app because they could not test the permission properly. But they say that my screencast shows a valid use case (where my FB account is connected to a instagram account). I have checked the test-user they have used to review my app and it is not connected to a instagram account. What makes requesting the permission pretty useless.
test-user
I thought that Facebook is smart enough to understand that, but I guess that's not the case.
Can anyone help me?
Facebooks test-user-system is a mess. But you have to try (I tried several times) creating an Instagram-account using the fb test user, you should then try to connect the instagram account in the instagram mobile app to the fb test user. This worked out for me.
I'm trying to access the media of my Instagram business account through Facebook Graph API. I'm following this guide:
https://developers.facebook.com/docs/instagram-api/getting-started/
I've set up everything as requested: I have an Instagram business account, a Facebook page connected to this account and a Facebook app.
In step 5, when I try to get the Instagram Account ID with
GET /v3.0/{page id}?fields=instagram_business_account
the response I get looks different than the one in the guide. The Instagram business account field is missing, I only get back the ID of the Facebook page, which I already have.
Does anyone have an idea what could be wrong here?
Try the query below with the manage_pages permission.
/v3.0/me/accounts?fields=name,id,access_token,instagram_business_account{id,username,profile_picture_url}
I'm going through the review process and having trouble understand the permissions required to
Get Instagram Business Accounts
Subscribe to instagram_story_insights webhook
I only manage to get 1. by having the manage_pages permission. But I don't want to manage pages, just want to get the Instagram Business Accounts and request insights, feed and profile.
For 2. I only find the /subscribe endpoint and that requires a Facebook Page access token and that is only available with the manage_pages permission.
I was facing this issue since last 2 days and it was started suddenly.
I was able to resolve this issue by doing below steps.
Convert back your Instagram business account to personal account.
Now Convert your personal account to business account through the only facebook web not on instagram native app.
Important: We need to convert personal account to business account through the only facebook.
Hopefully you've figured this out by now. I had the exact same problem as you did where I would only get the id of my page.
The solution was adding the correct permissions to the user access token.
You will need to use a user access token with manage_pages and instagram_basic permissions when you make API calls to
GET /v3.0/{page id}?fields=instagram_business_account
We found that this happens for 2 reasons:
Instagram profile was not associated with Facebook page correctly (i.e. person converted did not have access to your page).
The person who converted Instagram to business and connected to the page is no longer an admin of the page
You connected your page and Instagram using Facebook page settings - that screen definitely does not work.
Make sure that your app has approved business_management permission and that you are asking for it when users authenticate facebook.
In all cases, converting instagram back to personal and then reconverting it to business fixes the issue.
Facebook Graph API 4.0 Only Supports Instagram Business Account. Creator instagram account doesn't work on graph api .
Check out below pics for getting instagram id from graph api
Click to View for Graph API Response
I was able to resolve this by going to the Facebook Page > Settings > Instagram and there I was prompted to "Review connection." I recently added the Instagram account "asset" to a user of our business account, so maybe that caused some need for the connection between the FB Page and IG account to be reviewed. I never received a notification from FB about this and I banged my head against the wall for over a day trying to debug this.
Given the Facebook account has a page (with {page id}) linked to the Instagram account. We managed to obtain ids via Browser (HTTPS Get) with
https://graph.facebook.com/v3.0/{page_id}?fields=instagram_business_account& access_token={Access token with the right permissions}
The token was manually generated using Facebook's Graph Explorer
https://developers.facebook.com/tools/explorer/v2/
Choose "User Token" option and Add the permissions "business_management", "manage_pages" and "instagram_basic" via the UI. Hit "Get Access Token" button to generate the token to be used with the "instagram_business_account" url query above.
To get images from the linked Facebook page, we currently do
https://graph.facebook.com/v3.0/{instagram_business_account}/media?fields=id,name,media_url,media_type,timestamp&access_token={Access token with the right permissions}
BTW, our Facebook account does have an app created under it so we could choose this app in the Facebook Graph API Explorer tool when the UI asked for it.
With the right permissions, one can covert these steps into code.
I am facing the same issue and I think thats because one of these two reasons:
the Graph API has updated its policy and requires all apps to undergo Business verification, which is part of the App Review process. Once your app gets verified then you can make those calls.
Your app is in live mode. Switch it off so it comes in development mode from your app dashboard. now you have access to all the api calls. Select the manage_pages and instagram_basic permissions from the graph api explorer. Now you can make the request.
I was facing same issue but i found the solution. At start be sure your instagram account should business account or Creator account.
And then link it with facebook from Facebook web.
Error only come when we use our personal account instead of Creator or Business.
This is my output now.
Add one more permission to your auth request: pages_read_engagement. No need to have manage_pages or public contents access to get Instagram ID.
I faced the same problem and I have resolved it. Follow the following steps to get the Instagram business ID.
(assuming that you already have an access token)
Step 1: Get the Facebook ID first [ GET v11.0/me?access_token={your_access_token} ]
{
"name": "your facebook page name",
"id": "facebook_page_id"
}
Step 2: Make sure that manage_pages , business_management and instagram_basic permissions are enabled. Can be easily done using Graph API Explorer.
Step 3: Using the Facebook ID we can obtain the Instagram business ID [ GET /v11.0/{facebook_page_id}?fields=instagram_business_account?access_token={your_access_token} ]
{
"instagram_business_account": {
"id": "insta_business_id"
}
}
Step 4: In case you are getting only Facebook ID after hitting the endpoint as mentioned in Step 3 then, using your mobile device switch back to your personal account. Again, enable the business account and make the HTTP request again. This method worked for me in getting the Instagram business id.
Finally solved it. Here is what I did to accomplish it.
I' not using business manager. The problem I was facing because my facebook account was not properly connected to instagram account. I thought I created instagram account with my facebook account so they were connected somehow. It was not the issues. Switching instagram account to business won't work. You need to connect your instagram account to your facebook business page.
Go to your pagee
Go to your page settings
Find instagram > you'll see connect. Here I had some problem connecting to instagram from here by logging in with facebook won't work. Do the traditional email password connection.
Last step if successfully connected it will ask you to switch your account. Click on button and done.
After an entire day searching the web (to no use) and reading Facebook/Instagram API docs (which is sometime misleading) I still could not successfully get the Instagram Business Account ID to make requests that use it, like the ig_hashtag_search request.
That's when I decided to ignore everything on the web, trust God, and start using Graph API Explorer's auto complete to try and make some sense of the whole thing!
It finally worked!
Before getting to the actual steps, make sure both Facebook and Instagram accounts are properly configured as business accounts! I don't know if it is a bug in the Brazilian version of Instagram's website, but the process to convert a regular Instagram account to a business account could only be completed using the native Instagram Android app. Specially the part where you link your Instagram account to a Facebook page that should already exist, and that should already have been created using Meta Business Suite.
Again, for me, as of today, the Public Business Information section was missing from the Brazilian version of Instagram's website!
After having configured and properly linked the accounts, it is possible to make the calls using Graph API v12.0.
Step 1
Access the Graph API Explorer.
Step 2
Add the following permissions:
ads_management
business_management
instagram_basic
public_profile
Step 3
Generate the Access Token using the button on the screen (in the popup, be sure to log in using a Facebook account that has both Facebook Business and Instagram Business accounts properly linked and configured).
Step 4
After obtaining the Access Token, get all Businesses IDs:
GET https://graph.facebook.com/v12.0/me/businesses?access_token=xxx
In the Graph API Explorer, you must type only this:
me/businesses
The response should be something like this:
{
"data": [
{
"id": "BUSINESS_ID",
"name": "Business Name"
}
],
...
}
Step 5
Use the BUSINESS_ID to finally get the Instagram Business Account ID:
GET https://graph.facebook.com/v12.0/BUSINESS_ID/instagram_business_accounts?access_token=xxx
In the Graph API Explorer, you must type only this:
BUSINESS_ID/instagram_business_accounts
The response should be something like this:
{
"data": [
{
"id": "INSTAGRAM_BUSINESS_ACCOUNT_ID"
}
],
...
}
And that's it!
If everything worked as expected, you can use this INSTAGRAM_BUSINESS_ACCOUNT_ID to make the desired requests, such as ig_hashtag_search or recent_media requests:
GET https://graph.facebook.com/v12.0/ig_hashtag_search?user_id=INSTAGRAM_BUSINESS_ACCOUNT_ID&q=DESIRED_HASHTAG&access_token=xxx
In the Graph API Explorer, you must type only this:
ig_hashtag_search?user_id=INSTAGRAM_BUSINESS_ACCOUNT_ID&q=DESIRED_HASHTAG
The response should be something like this:
{
"data": [
{
"id": "HASHTAG_ID"
}
]
}
Hope to have helped! 🙏
Unfortunately I'm struggling to understand the documentation provided by Facebook.
This is the scenario:
- Some of my iPhone Apps are also registered as Native/Desktop Apps on Facebook in order to support the Facebook Audience Network.
- I'm building a tool in python which will retrieve data from the reporting API in order to run some automated analysis on specific metrics (request, impressions and so on).
The question is: how do I retrieve this data?
The documentation for the reporting API is here: Reporting API
However I'm struggling with the access token.
It says that I could use the specific App Token available here: App Tokens
However by using such token, I get an error saying that app tokens can't be used for Desktop/Native Ads.
What is the correct way to do it then? Here is where I struggle to understand Facebook Documentation.
My guess is that I should use a User Access Token instead, generated for a user that is also the admin of the App for which I want to retrieve the insights.
What really freaks me out is that apparently, this can't be done with normal HTTP calls only but it requires instead to go through the Facebook Login Dialog. I also need to create another Facebook (web) app because there is no way to get a simple "User Object"... Everything needs to start and go through a registered Facebook App. And there's no way to go through these steps by using backend code only.
So... to recap... in order to read the Insights for a Native/Desktop Facebook App (APP_A), I have to:
- Create a new Web Facebook App (APP_B)
- Create a web interface somewhere for APP_B) which will trigger the Facebook Login Dialog and request the read_insights permission.
- Login through this web interface and generate a User Access Token
- Put this User Access Token in my backend code and run the scripts that retrieve the data provided by the Reporting API for APP_B
Really... to me... it doesn't make any sense to create a new Facebook App in order to access the data of another Facebook App.
Isn't there another better, simpler, quicker, cleaner way to achieve the same final result?
I am trying to get to grips with the Graph API. Is i,t correctly understood that if I want to ask for my own, say friends, through code, I should
register my application and get an app access token
Login with my own credentials and get an user access token?
I find it difficult to grasp the concepts from the documentation.
The flow should go like :
User adds the app and gives the permissions.
Which returns the access_token (user access token) which is used to query datas.
Generally speaking, You ask for permissions, and you get a key which can open the locked contents. That is the access_token.
Difference between App Access_token and User access_token :
App access_token is needed when you do something as the app. Like getting the insights for the app, or working with subscriptions, so and so.
User access_token is needed when you want to act as the user who have the app added in their account.
With reference to your question, You clearly doesnt need App access_token.
You need to do both.
Registering your application tells Facebook where those requests are coming from. They monitor what requests your app is making to police apps that violate your terms.
Once you have that app, you personally authenticate it to get information from or post information to Facebook on your behalf. The app must ask for specific permissions and you have to grant these for it to work.