I am using PHP for accessing Facebook friends location. I want to access location of all friends. I read that it requires "access tokens" to get client's public information from here
https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
and here
https://www.sammyk.me/access-token-handling-best-practices-in-facebook-php-sdk-v4
Is that token will be provided by Facebook at that instant of time or my app needs to wait till friend's approval.
I saw this post on stack overflow: How to get user access token?
But i still i can't figure out what if friend is offline. How that token will be passed to my application?
Or is it like that "Tokens are generated by Facebook at time when my application made the request but i can only access the user information later using the same token if he has given permission (when he gets logged in)".?
I am unable to find any explanation regarding this.
Thanks.
You can´t get the location of friends at all. Friend permissions have been removed for privacy reasons, you can only get data of users who authorized your App too. Check out the changelog for more information: https://developers.facebook.com/docs/apps/changelog
That being said, there are different Access Tokens. You can get an App Token without authorization, but you need to implement an authorization process for User or Page Tokens.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Related
All mutual friends request made from my app server (node) (also tried the Facebook API explorer) suddenly started returning an empty array for the data field. I confirmed and validated my access token and appsecret_proof on the API explorer. Do you know what has changed or what the request below is missing?
Note: both users use the app and have granted user_friends permission.
I am using v2.12
request
{
url: 'https://graph.facebook.com/v2.12/{user-facebookid}?fields=context.fields(all_mutual_friends.limit(5000))',
qs: {access_token: 'XXXXX'
,
appsecret_proof: crypto.createHmac('sha256', clientSecret).update(accessToken).digest('hex')
}
Yep. Facebook has taken down the Graph API for page access tokens. The only way to retrieve data (or was a week or so ago), was a temporary user token that lasts about 2 hours. It's totally broken my band's schedule page. I've been through every avenue and even spoke with a facebook ad team employee on the phone that was aware of it. She seemed to empathize but had no solution for me. I would count on it being down for a while.
I have finally figured out a work around for this. On your fb application, you have to disable the secret key requirement. This can be found under the advance settings of your fb application console. It's called "
Require App Secret".
Once you generate a fb PAGE access token, you get a fb page token, and then extend it.
here is the token debugger:
https://developers.facebook.com/tools/explorer/
You can extend the access token programmatically as explained here:
https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
AND
https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens
There is also an extend tool in the access token debugger.
My app got white-listed for using the Ads API.
I was wondering in regarding to the authentication flow.
Say, that I need to retrieve and execute actions via the API on daily tasks ( with no user interaction) , I find the authentication process quite cumbersome.
Is there a way to work with my app access token instead of a user access token?
I want to be able to approve my app only once for each user and then to be able to work with no user interaction.
Can I achieve this?
App access token is not relevant for this case.
I had to work with the user access token.
I followed this doc: https://developers.facebook.com/docs/reference/ads-api/
Eventually , one should use some client side code in order to get a user permissions and then make another request for getting the user token.
So you'll have to call
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=ads_management,offline_access&response_type=code
Get the authentication code and make another call:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=AUTHORIZATION_CODE
Then you'll get an access token which is valid only for two months, in opposed to what Facebook docs says in here:
https://developers.facebook.com/roadmap/offline-access-removal/
"Ads APIs are special cased to allow collection of statistics offline. PMD partners should use server-side OAuth flow in order to receive a non-expiring token rather than a token that has longer expiration time."
Too bad that the access token is not really valid forever...
According to "Exception 4" in this document , if you have Ads API access you should be able to get a non-expiring token if you use the correct workflow. Following the guidelines outlined here, if you use the server side OAuth flow, to make the following request you should get a non-expiring token:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
thx for the feedback regarding the Access token process being cumbersome. Because this is a one to many solution - a single App ID can manage multiple ad accounts, on behalf of multiple people - we need to make calls on behalf of people.
You should be able to get a persistent access token for Ads API. If you are not getting it, please provide exact steps you are following so we can see if there is a bug or you might be missing a step.
Thx.
I have some C# code that retrieves an access token using Facebook.JsonObject and can post to my profile wall on facebook with no problems.
However, if I try to use that same access token to retrieve details of my facebook business pages so I can post to them, then I get the message "user access token is required to request this resource".
I thought the access token I had retrieved that allowed me to post to my profile was a user access token. What is the difference, and how do I get a user access token?
This is the code I am using to get the access token:
facebook.JsonObject AuthResult = (Facebook.JsonObject)Oauth.GetApplicationAccessToken(parameters);
object Access_Token = "";
AuthResult.TryGetValue("access_token", out Access_Token);
FacebookClient FBClient = new FacebookClient(Access_Token.ToString());
More information:
I need my customer's c# application to post directly to my customer's facebook business page via code without the application "allow access" box popping up and any redirects to applicatoins taking place. Therefore I need to get the User Access Token programatically without facebook being logged in or open etc.
Any (non-sarcastic) help very gratefully received.
Thanks
I thought the access token I had retrieved that allowed me to post to my profile was a user access token.
Does that method name,
(Facebook.JsonObject)Oauth.GetApplicationAccessToken(parameters);
===========
really sound to you as if it was supposed to give back a user access token? Sorry, but to me it doesn’t …
If you are not familiar with the different types of authentication and access tokens, please read this first: https://developers.facebook.com/docs/authentication/
On this page:
http://developers.facebook.com/docs/opengraph/using-app-tokens/
It describes how to get the app access token, yet the token it returns is different than the one in the open Graph "Get Code" example. The latter is the only one that works. How can I get the second access token using the API? When I try to use the first example, I basically get something back that looks like "application ID|secret key" which is different than the real access token.
as documentation states, you will get
access_token=YOUR_APP_ACCESS_TOKEN
string back from the API call. Even though it LOOKS like "application ID|secret key HASH" - it is a valid access token you can use to publish to user's wall. You can verify it's a proper access token using Debug toll from FB: https://developers.facebook.com/tools/debug - just paste the token there.
The reason it might not work for you is because you are trying to publish something to the user's wall who did not authorize your app. Look here: https://developers.facebook.com/docs/reference/javascript/ - for example of how to use your app ID to make user authorize the app. You need to request publish_stream permission for your app from user in order to be able to publish as the app to the user's wall.
And going back to the documentation:
Note that the app access token is for publishing purposes permitted by
the publish_actions and publish_stream permissions. You will be unable
to retrieve information about the status update post with the given ID
using the app access token. Instead, you should use a user access
token for such purposes.
hope that helps.
I'm (just?) trying to get a user's feed via the graph api. All the permissions are in place; I just need to get it to work.
I've found that, if I go into the graph api explorer, I can retrieve the feed if I pass over an access token corresponding to the user. However, if I use the application's access token, I get nothing -- it returns with an empty DATA value.
Is this right? Shouldn't the app's access token work? What's the point of having it around if it doesn't?
An App Access token is primarily used for taking actions on behalf of the app itself (e.g. banning users, changing app settings, posting games achievements, etc).
To access a user's posts you need a user access token from them (or from another user who's able to see that user's posts), and the access token needs the read_stream permission