Direct access to profile pictures via the Facebook graph API has recently stopped working and appears deprecated. Apparently, this now requires an access token (which requires the user to login to FB first)...
https://graph.facebook.com/{user-id}/picture?redirect=false&type=large
I'm developing a web application in JavaScript, unrelated to Facebook. I would like to offer users the option to use their FB profile picture for posts. They provide their numeric user-id which I save on our server. Until recently, my client app could use the numeric user-id in the above URL to produce a JSON response with a link to the user's profile picture.
Is there an alternative approach to getting a user's profile picture without first requiring the user to login to FB to get a client-side access token?
If They (the users) provide their numeric user-id means that you're using Facebook Login, and they at least gave their public_profile permission to your app, you can just add the App Access Token to the request and it should work.
https://graph.facebook.com/{user-id}/picture?redirect=false&type=large&access_token={app_access_token}
If you don't use Facebook Login, I see no chance to be honest.
Related
What I'm trying to achieve:
Fetch images from my own Instagram business account to display on a website using the Instagram graph api v3.3 by not obtaining a user access token from a client side Facebook SDK login modal because users just shouldn't be doing that to see a simple Instagram feed.
I have the permissions manage_pages and instagram_basic granted(gone through app review). I'm using app_id and app_secret as user access_token parameter value(which may not be the access token Instagram graph api is looking for) as when I tried to fetch any data there is an error message:
" #10) To use 'Page Public Content Access', your use of this endpoint must be reviewed and approved by Facebook. To submit this 'Page Public Content Access' feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review.'" However, I don't need the permission Page Public Content Access because I'm fetching images from my own account. This is also confirmed by the Facebook App Review support.
The query that is used to get the images is as follows:
https://graph.facebook.com/${pageId}?fields=id&access_token=${accessToken}
My access token in this case is app_id|app_secret since I can't access the user access token.
The developer api guide "https://developers.facebook.com/docs/instagram-api/getting-started/" only shows a way to get user access token using the client side Facebook SDK login button which generates a user access token after a visiting user interacts with a modal that pops up to have them login. But again, a simple Instagram image gallery shouldn't require every user that visit the site to log in to their own Facebook account.
I have bugged the App Review support team at Facebook with no real answer. I couldn't join the Facebook developers support group as no one is approving my request to join and I've also tried my best to seek help from the facebook developers support team but I can't reach them. So I'm turning to Stack Overflow to ask if there is any way to display images from an Instagram Business Account without sticking a Facebook login SDK modal on the site.
Thanks so much.
EDIT: After reading #misorude's comment, I'm thinking would adding the Facebook login modal on the website and querying it by logging into my own Facebook account and then capturing my own user access token that is returned by the api and then use that access token for every susequent api calls to fetch images work?
So I was going through Instagram's API and I implemented it. However it isn't as useful as I thought it would be because when trying to get and OAuth2 token a user is taken to a page to authorize them in what looks to be and effort of insuring that the user realizes that they are about to view and share Instagram content with my application. This all makes sense to me although not ideal. You can find it in detail here(Step One: Direct your user to our authorization URL).
Then I saw this press release from a company called Celtra who says they can pull the the most recent images off any Instagram feed and put them in an Ad. I checked it out and somehow they are pulling the images of other companies without this authorization page I am encountering. Basically without page scrapping I don't know how to do this with Instagrams API, and I realize scraping violates Instagrams terms of service. Does anyone have this functionality, where I can pull down images from Instagram and not take a user to an authentication page working legally as I am assuming Celtra is doing? Guidance or documentation on how to achieve this would be ideal.
Instagram recently added an endpoint that will allow you to any instagram account's photos without oauth or needing access_token, you can specify client_id and make API call to get photos.
Just register for an app account at here and add the client_id to this endpoint and make call:
https://api.instagram.com/v1/users/3/media/recent/?client_id=YOUR-CLIENT_ID
You only need access_token to get users' likes, follower feed and to like/comment/follow.
update: you need to have access_token with the new API changes, cannot
access API with just client_id anymore
To do this simply, you could authenticate your app from a dummy profile or your own personal profile and then use the access_token to request the feeds of any account. Then, when an end user goes to use your product, instead of authenticating them, you can just pull content from the Instagram API using your access_token.
I'm building up an app that should allow the user to sign up / sign in with Facebook and then he should be able to login (always via Facebook) to the "main" website
To be honest it's a bit more complicated than this. That's because I'm using django-tastypie and django-allauth in the main website to allow sign up, login, and browsing of our API
Basically I want to make the mobile app user browse the tastypie API (accessible only if logged and if you're an user in the main website) and grant him the rights to add rows (like orders)
Here's what I have
A phonegap app with a working Facebook login (I'm working on that right now)
A website with django-allauth and django-tastypie that makes me register as a new user using the allauth's Facebook login
No trace on the main website if the mobile user is doing a sign up via Facebook (this is the problem)
I'm basically confused how I should work with access tokens and how to pass further parameters (I don't need only the Facebook infos to complete the registration, but some custom fields too)
Anyone got experiences on this or would like to expose his workflow?
One common way of doing things is to leave all registration related functionality up to the website. In your phonegap app you can simply point the user to /accounts/login/ using the In-App-Browser (IAB). The IAB has events like loadstart and exit that you should monitor. A simple way of monitoring whether or not the user is successfully logged in is to have him redirected to a specific url, say /accounts/login/complete/, at the end of the login. If you attach a token to that return url (as in /accounts/login/complete/?token=123) you will be able to parse that token in your app. You could simply use the session ID as a token.
A more secure way is to use the django-oauth2-provider app and actually implement a proper oauth handshake. Handling that is almost the same. Using IAB open /oauth/authenticate/, you will be asked to login using allauth, then an oauth2 confirmation dialog appears, after which the oauth grant code is passed to a success URL. You can pick that code up from phonegap and using AJAX calls from within the phonegap app you can fetch the oauth access token. Btw, django-rest-framework has builtin support for django-oauth2-provider (don't know about tastypie).
A completely different approach is to implement a Facebook login in your mobile app, completely independent from the web site. Once logged in you'll be handed over a Facebook access token. Now, you can send this token over to the web site. Given the token, the website can fetch the user (https://graph.facebook.com/me?access_token=...), check whether or not that user is already known, if so return an appropriate token/session for that user, if not, create the user account and also return a token.
I was just wondering if an app exists for Django that helps connecting all 3 social networks, imports basic info, profile picture, but most importantly pushes the post user makes to these three website accounts. I looked into django-social-auth but that just lets you register or login with these websites,not push posts.
django-allauth http://github.com/pennersr/django-allauth/ stores basic info for FB/G/Tw (and more), provides basic access to the profile picture, and stores the access tokens in the database.
Whatever you do with the access token is project specific and beyond allauth scope. For example, in order to post to the users wall you need:
The user's permission (you can do this by configuring the proper scope for the Facebook provider, search for SCOPE in the README.txt)
Once the user is logged in via FB, the access token is stored in allauth.socialaccount.models.SocialToken. Simply lookup the token for the user that is logged in.
Then, given the token use whatever method you like to post to the Facebook API on behalf of the user. E.g. https://github.com/pythonforfacebook/facebook-sdk
For some more background on the relation between a Django user and the Social* models, see:
How can I get the user's facebook id with django-allauth?
There are django apps that do what you need individually (Facebook example), but I'm not aware of one that works with multiple.
django-social-auth will get you half way there by obtaining the users information and permission to post to the social network on their behalf.
Once you have users authenticating via django-social-auth you'll have access to the users access token needed to post to respective network on their behalf.
From there, you're going to have to stitch together some additional python modules like the Facebook example above to do the actual posting.
I have a website which users can sign up to using Facebook Connect (with the new OAuth 2.0 stuff). Now when a user logs out of Facebook they remain logged-in on my site.
I'm not using the JavaScript SDK as I don't like the "magic behind the curtains". So what should I do when a user logs out of Facebook? Should I care at all? I get the feeling I should try to catch this somehow and log them out of my site as well.
I'm using Django with a custom authentication backend for this.
Don't do anything. You are using facebook as means of authentication. The fact that the user logged out of facebook means nothing for that matter - He's stil the same user.
Do the users think of your site as a part of facebook? I guess not (assuming its not a facebook app, just a login via facebook). Then it would be surprising and counterintuitive from the user's perspective to find he's also logged out of your site when he only logged out of facebook.