I am trying to post to my own facebook wall. So I created an "app" in my
personal facebook page, and got the app_id, app_secret, etc.
I then did this code:
#oauth = Koala::Facebook::OAuth.new(app_id, app_secret, callback_url)
#token = #oauth.get_app_access_token
#graph = Koala::Facebook::API.new(#token)
foo = #graph.get_object('me')
However, I get this error:
An active access token must be used to query information about
the current user. [HTTP 400]
(Koala::Facebook::AuthenticationError)
The token is valid, I checked. I need to post to my OWN wall, not a
different user's. From what I've read in the documentation, I need an "app
access key", not a "user access key" to do this. I am somewhat new to
the facebook api list, so I think I'm missing something very basic.
You can use an app token instead of a user token to post to a wall as long as the user already granted the proper permissions to your application.
That is, in timeline
User grants app access to post with publish_actions
User access token supplied by Graph Login Flow
At this point, you can either use the user access token or application access token
In addition,
foo = #graph.get_object('me')
is not a POST request. It says, get the object from the graph named me. Further me will not resolve to anything if you are using an application token because there is no way for the application to tell which "me" in all the users in the app you are referring to. Thus you need to refer to the app scoped id for the user.
e.g
foo = #graph.get_object('4')
Where 4 is a numerical app scoped ID (4 will not work in your case you need to figure out the correct ID for your application). The correct call in koala will be something like
foo = #graph.put_connections("4", "feed", :message => "I am writing on my wall!")
My problem was that the user (in this case myself) has to allow access to my app to post to my wall.
The full OAuth process is described well at http://developers.facebook.com/docs/authentication/
But specifically, I need to get a URL that I have to visit and then say "yes" to the authnetication question. The code is here:
#oauth = Koala::Facebook::OAuth.new(app_id, app_secret, callback_url)
#oauth.url_for_oauth_code(:permissions => "publish_actions")
The URL will look something like this:
https://www.facebook.com/dialog/oauth?
client_id={app_id}&
redirect_uri={redirect-uri}&scope=publish_actions
Note, the URL has to specify what permissions you want to request from the user (in this case, permission to post to the wall). This permission request is specified under the "scope" variable. Note some version of the facebook api allow posting through the "publish_stream" scope and other versions require the "publish_actions" scope. More information about the permissions available under scope variable is available here: https://developers.facebook.com/docs/facebook-login/permissions/v2.0
When you visit the URL that is generated from the above statement, facebook will give you a message asking if that particular app has permission to post to your wall. You, of course, say "yes". After that, your facebook app can post to the facebook wall using the "app access token"
After that, it's easy to post to the wall with your app access token. The code that works for me is:
#oauth = Koala::Facebook::OAuth.new(app_id, app_secret, callback_url)
#app_access_token = #oauth.get_app_access_token
#graph = Koala::Facebook::API.new(#app_access_token)
foo = #graph.put_connections(facebook_user_id, "feed", :message => "Test message")
Related
All mutual friends request made from my app server (node) (also tried the Facebook API explorer) suddenly started returning an empty array for the data field. I confirmed and validated my access token and appsecret_proof on the API explorer. Do you know what has changed or what the request below is missing?
Note: both users use the app and have granted user_friends permission.
I am using v2.12
request
{
url: 'https://graph.facebook.com/v2.12/{user-facebookid}?fields=context.fields(all_mutual_friends.limit(5000))',
qs: {access_token: 'XXXXX'
,
appsecret_proof: crypto.createHmac('sha256', clientSecret).update(accessToken).digest('hex')
}
Yep. Facebook has taken down the Graph API for page access tokens. The only way to retrieve data (or was a week or so ago), was a temporary user token that lasts about 2 hours. It's totally broken my band's schedule page. I've been through every avenue and even spoke with a facebook ad team employee on the phone that was aware of it. She seemed to empathize but had no solution for me. I would count on it being down for a while.
I have finally figured out a work around for this. On your fb application, you have to disable the secret key requirement. This can be found under the advance settings of your fb application console. It's called "
Require App Secret".
Once you generate a fb PAGE access token, you get a fb page token, and then extend it.
here is the token debugger:
https://developers.facebook.com/tools/explorer/
You can extend the access token programmatically as explained here:
https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
AND
https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens
There is also an extend tool in the access token debugger.
I don't understand something important about permissions and how to grant them. I've made a Facebook page, and I've made an app. I would like the app to be able to post to the page.
Below is my code. I'm using the fb_graph ruby gem, btw (https://github.com/nov/fb_graph)
app = FbGraph::Application.new('531508086900000000', :secret => 'd705fda7275125913a10000000000')
token = app.get_access_token
page = FbGraph::Page.new('000000000000000')
note = page.note!( :access_token => token, :subject => 'testing', :message => 'Hey, testing you!')
And this is the error:
FbGraph::Unauthorized: OAuthException :: (#200) Requires extended permission: publish_actions
I've looked everywhere I can think of on both the app and the page settings but can't figure out how to do this. Help appreciated!
You need to grant access via a user access token.
The current token in your case is an application access token.
Use one of the methods listed at https://developers.facebook.com/docs/facebook-login/permissions/v2.1#adding
Specifically https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.1#login
I voted up phwd's answer for the help s/he was to me here and in IRC. But it still wasn't really enough information to make sense of why this is so hard. I've decided to post my current working understanding of how this works. These are just my own notes, so I'm sorry in advance for anything unintelligible.
So, getting the right access tokens is f***ing hard, and here's my current understanding:
In order to get a token that last forever so that my app can post to a page I have to do this:
1. Create a short-lived user access token with the right scope for the app (manage_pages, publish_actions) using the explorer
- page access tokens can be obtained via /me/accounts from the explorer page
- if the user access token that is "live" during the /me/accounts request is short lived then this page access token will be too
- if it is an extended long-lived token the page access token will have no expiry according to https://developers.facebook.com/docs/facebook-login/access-tokens
2. Extend short-lived user access token to a long-lived one via a graph api call, also using exploer (see below)
3. Execute the /me/accounts call to get a page token that doesn't expire
How to get a long lived user access token
oauth/access_token?grant_type=fb_exchange_token&client_id=531------------&client_secret=e005f031ba3d98------------------&fb_exchange_token=CAAHjZA163IbMBAMKSeFTmeV9------------------------------------------------------------------------------------------------------------------------------------------------fonA4P4bPhhdveMLvZBKldEGCB7EvF301wQv1YPrudy5kvI
where
client_id = App Id
&client_secret = App Secret
&fb_exchange_token = short lived user access token via explorer with proper scope
This gives you the following long lived access token
access_token=CAAHjZA163Ib---------------------------------------------------------------------------------------------------------------------------------------------------------------------ehS8g2ZBYU8uZBPmdMay3AAj5tXgAZDZD&expires=5179843
This is an extended user access_token
This token can be used to post to the page it was genrated for.
It can also be used to get a no-expiry page access token when used to issue /me/accounts
from facebook :
Page Access Token
These access tokens are similar to user access tokens, except that they provide permission to APIs that read, write or modify the data belonging to a Facebook Page. To obtain a page access token you need to start by obtaining a user access token and asking for the manage_pages permission. Once you have the user access token you then get the page access token via the Graph API.
I have some C# code that retrieves an access token using Facebook.JsonObject and can post to my profile wall on facebook with no problems.
However, if I try to use that same access token to retrieve details of my facebook business pages so I can post to them, then I get the message "user access token is required to request this resource".
I thought the access token I had retrieved that allowed me to post to my profile was a user access token. What is the difference, and how do I get a user access token?
This is the code I am using to get the access token:
facebook.JsonObject AuthResult = (Facebook.JsonObject)Oauth.GetApplicationAccessToken(parameters);
object Access_Token = "";
AuthResult.TryGetValue("access_token", out Access_Token);
FacebookClient FBClient = new FacebookClient(Access_Token.ToString());
More information:
I need my customer's c# application to post directly to my customer's facebook business page via code without the application "allow access" box popping up and any redirects to applicatoins taking place. Therefore I need to get the User Access Token programatically without facebook being logged in or open etc.
Any (non-sarcastic) help very gratefully received.
Thanks
I thought the access token I had retrieved that allowed me to post to my profile was a user access token.
Does that method name,
(Facebook.JsonObject)Oauth.GetApplicationAccessToken(parameters);
===========
really sound to you as if it was supposed to give back a user access token? Sorry, but to me it doesn’t …
If you are not familiar with the different types of authentication and access tokens, please read this first: https://developers.facebook.com/docs/authentication/
On this page:
http://developers.facebook.com/docs/opengraph/using-app-tokens/
It describes how to get the app access token, yet the token it returns is different than the one in the open Graph "Get Code" example. The latter is the only one that works. How can I get the second access token using the API? When I try to use the first example, I basically get something back that looks like "application ID|secret key" which is different than the real access token.
as documentation states, you will get
access_token=YOUR_APP_ACCESS_TOKEN
string back from the API call. Even though it LOOKS like "application ID|secret key HASH" - it is a valid access token you can use to publish to user's wall. You can verify it's a proper access token using Debug toll from FB: https://developers.facebook.com/tools/debug - just paste the token there.
The reason it might not work for you is because you are trying to publish something to the user's wall who did not authorize your app. Look here: https://developers.facebook.com/docs/reference/javascript/ - for example of how to use your app ID to make user authorize the app. You need to request publish_stream permission for your app from user in order to be able to publish as the app to the user's wall.
And going back to the documentation:
Note that the app access token is for publishing purposes permitted by
the publish_actions and publish_stream permissions. You will be unable
to retrieve information about the status update post with the given ID
using the app access token. Instead, you should use a user access
token for such purposes.
hope that helps.
I have 2 users in my database. I have both access_tokens for these two users.
I want A to post on B's wall. However, I am using the app_access_token, not the user's access_token (because the user access_token expires). Therefore, when the post is created, B is posting on B's own wall.
var uri = 'https://graph.facebook.com/' + fb_id + '/feed?access_token='+ app_access_token
I want A to post on B's wall, but still use the app_access_token.
The access token is what essentially identifies the user performing the action. When you use the app access token it is in fact the application performing the action. You will have to use the correct (user) access token in order for a post to appear on behalf of a user and not your application.
If you still want to use the app access token then you might consider including the users names in the message of the post. That way even though it is originating from your app - the actual post details the correct :
[user name] has sent you this message