Imagine I have a mobile app, and then I create a new Facebook app, which I use to login users through it. In order to log into the app, users have to grant user_likes permission.
Then, I can access their user_likes with a request to the facebook graph using the app_token. I've tested this. But also, I realized that only the user_likes set to "public" are shown. All the user_likes that are private or only friends, are not shown.
Is this the intented behaviour? I mean, if some user granted me access to user_likes and he didn't revoke explicitly the permission after that, should I be able to get the user_likes anyway or no?
Thanks in advance.
You need to use an User Access Token, not an App Access Token. That's what they are for.
Related
I am using the Graph API to automatically post to a Page. To get a Page Access Token, I have first logged in to my app using the Graph API Explorer's login with the permissions manage_pages, publish_pages and pages_show_list. I then used the access token tool to extend it, then used that to call me/accounts in the Explorer to obtain a Page Access token with no expiry time.
When I first logged in to my app, it was in development mode. I looked at the access token in the Access Token Debugger and saw it had the manage_pages and publish_pages permissions. However, when I make the app public, these permissions disappear from the scope of the access token, even though the user it refers to is an Admin of the app. When I try to make an API call in public mode, I get the following error:
(#200) This endpoint is deprecated since the required permissions manage_pages,publish_pages are deprecated
This really confuses me, as I believe those permissions have not been deprecated.
Does anyone know why the perms are disappearing/becoming "deprecated" when I switch the app to public mode?
I had a similar problem.
After contacting Facebook, it turns out this is an app verification issue, and the publish_pages permission is available for private test apps, and properly approved public apps.
Sadly manage_pages and publish_pages permissions are deprecated. From their documentation -
As of April 24,2018, the pubish_actions permission has been removed. Please see the Breaking Changes Changelog for more details. To provide a way for your app users to share content to Facebook, we encourage you to use our Sharing products instead.
You can check out this link that mentions the above details.
I'm create and facebook app that must require publish_stream to publish some information on user's wall. But when user interact with auth dialog they have an option skipping publish on your wall with your behave. So I have to ask if Django-Social-Auth support to check for permission I want, If user reject it, reopen auth dialog so user can grant it.
I've already put publish_stream in facebook extend permissions settings.
I'm trying to find out if a Facebook User is able to view the insights of a certain Facebook page. I know that this is possible using the Open Graph API with an access token that has the "manage_pages" permission. Is this the only possible solution? I don't want to request the "manage_pages" permission just to find out if this certain user can view the insights. My app only requests the "view_insights" permission and I'd like to keep it that way.
If its a specific page then you can get <PAGE_ID>/insights with the Graph API, all it requires is read_insights permission.
For getting list of pages a user administrating using either Graph API (<USER_ID>/accounts) or FQL (SELECT page_id FROM page_admin WHERE uid=<USER_ID>) you'll have to request the manage_pages permissions
I created web application using Facebook C# SDK 5.3.2. I can post messages to my wall. But I want to collect access tokens for my friends' Facebook accounts and store them to use later to post messages to their wall.
Is it possible to get their access token with their Facebook account info. I can get access token for myself with "App ID" and "App Secret. Do I need also add application for my friends' Facebook to get this credentials.
You don't need to store access_token for any user, since it's something time based.
Instead ask for publish_stream permission and post messages to their wall using application access_token
From Facebook documentation on publish_stream permission:
Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends. With this permission, you can publish content to a user's feed at any time, without requiring offline_access. However, please note that Facebook recommends a user-initiated sharing model.
the only way to get it done, is that your friends login into your application with their accounts and grant you the publish permission (if you want to publish when they are online) and the offline_access permission, to publish in any moment.
You have to think in the big security issue that this situation potentially represents.
Good luck.
I am wondering if you have a users permission to publish_stream and you want to publish_action from now on does publish_stream cover both or do we need to re-request the users permission?
If so whats the easiest way of detecting wether they have this permission granted etc.
User journey suggestions welcome.
The login system I have in place is users can use with facebook or their account credentials.
But some users sign up without facebook and then connect later. I don't create the session every time they login as I only need the publish_stream permission which works without needing a live user session with facebook to post when the user does specific actions. There is one column in the table which specifies wether the user is connected or not.
Suggestions welcome.
Thanks!
-Stefan
As of now, publish_stream includes publish_actions permissions.
see https://developers.facebook.com/docs/publishing/#publish_stream
The publish_stream permission is a superset of publish_actions allowing everything that publish_actions allows plus more.
publish_stream and publish_actions are two separate permissions. publish_stream does not include publish_actions.
To publish actions to the open graph, you will need to get this new permission for new users and for existing users.
You can check the permissions a user has granted your app by GETing /me/permissions from the Graph API.
In the latest version of the permissions dialog, users will have the option to NOT grant publish_stream - its always an optional permission. If the app requests publish_actions, this permission is considered required.
Once Timeline has launched beyond Developer Beta, you should not need to ask for publish_stream. If you want to publish a feed story, use the Feed Dialog.
Publish_stream is Deprecated Permissions from v2.2, that's why u can not use, just only publish_action u can still use,
https://developers.facebook.com/docs/facebook-login/permissions
regards
djavalatte.com
You must request publish_stream as a new permission because the prompt is much different. It is more around "Add to timeline" and a straight up permission.
To know if you have the permission, you can do many things. The easiest is to try and publish and see if it succeeds. but that will skew your metrics in insights. Better is to use the access token info endpoint and check the scopes you have there.
I have successfully published actions to the timeline with only the publish_stream permission. I cannot say if this is will be the case when it is fully launched or if it's only working because of the developer's beta. We can know for sure once we're 48 hours away from the official launch by checking out the beta tier. http://developers.facebook.com/support/beta-tier/