i am lookin for check te sharing of a page, for examples bill gates post:
page = '10152525603066961'
token = '***'
graph = facebook.GraphAPI(token)
profile = graph.get_object(page)
posts = graph.get_connections(profile['id'], 'sharedposts')
print posts['data'][0]['from']
it works with the graph access Token, but it will expire and it don't work with App Token.
how can i get a Token that works and will not expire?
Only App Access Tokens and Extended Page Access Tokens are valid forever. What you need is a User Access Token, you can only extend that one to 60 days.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
https://developers.facebook.com/docs/facebook-login/v2.2
Related
I need to get access token and refresh token in a single API, Currently I have 2 API's for both access and refresh tokens
url(r'^token-auth', view.ObtainJWTView.as_view(), name='token-auth'),
url(r'^token-refresh', refresh_jwt_token),
I need one more API for both
you don't need more api
url(r'^token-auth', view.ObtainJWTView.as_view(), name='token-auth'),
this will return access and refresh token
and the other will return new access token when you post refresh token
url(r'^token-refresh', refresh_jwt_token),
check docs
https://django-rest-framework-simplejwt.readthedocs.io/en/latest/getting_started.html#usage
if you are still confused let me know
you can make new custome view and use the to serializers used in the above views
I'm using Simple JWT to use JWT tokens in my Django rest API. It works great but I would like to be able to blacklist a token when a user logs out. In the documentation, it is said:
If the blacklist app is detected in INSTALLED_APPS, Simple JWT will add any generated refresh or sliding tokens to a list of outstanding tokens. It will also check that any refresh or sliding token does not appear in a blacklist of tokens before it considers it as valid. The Simple JWT blacklist app implements its outstanding and blacklisted token lists using two models: OutstandingToken and BlacklistedToken. Model admins are defined for both of these models. To add a token to the blacklist, find its corresponding OutstandingToken record in the admin and use the admin again to create a BlacklistedToken record that points to the OutstandingToken record.
However, I didn't find any code example and I'm not sure how this should be implemented. An example would be greatly appreciated.
Simple JWT only blacklists refresh tokens. This can be done by setting:
INSTALLED_APPS = (
...
'rest_framework_simplejwt.token_blacklist',
...
}
and then running migrate.
So, i would suggest, inorder to logout user:
Delete both, refresh & access tokens from the client. Also, keep access token expiry as short as possible.
Black-list the refresh token by creating an api end-point.
urls.py
path('/api/logout', views.BlacklistRefreshView.as_view(), name="logout"),
views.py
from rest_framework_simplejwt.tokens import RefreshToken
class BlacklistRefreshView(APIView):
def post(self, request)
token = RefreshToken(request.data.get('refresh'))
token.blacklist()
return Response("Success")
This will make sure that the refresh token cannot be used again to generate a new token (if at all someone has acquired it). Also, since access token has short life, it will be invalidated soon hopefully.
Not sure about this, but it's works for me to use token.blacklist().
make tokens.py
from rest_framework_simplejwt.tokens import AccessToken, BlacklistMixin
class JWTAccessToken(BlacklistMixin, AccessToken):
pass
in settings.py
SIMPLE_JWT = {
...
'AUTH_TOKEN_CLASSES': ('path_to_tokens_py.tokens.JWTAccessToken',),
...
}
I was getting the same error:
TokenError(_('Token is invalid or expired'))
because of passing the access token in:
token = RefreshToken(access_token)
while I should pass in the refresh token.
We can blacklist refresh tokens I would use redis with key pair token[refresh]=access and check for refresh token with blacklist endpoint
path('token/blacklist/', TokenBlacklistView.as_view(), name='token_blacklist'),
Send a refresh token
path('token/verify/', TokenVerifyView.as_view(), name='token_verify'),
verify your token you would send refresh token.
Use an in-memory database to check blacklist refreshed token
now you can make your end point to check the access list token dont forget to add the following lines in settings.py
'ROTATE_REFRESH_TOKENS': True,
'BLACKLIST_AFTER_ROTATION': True,
I need to build a server which would get the public feed details of various companies/ brands. For example, I should be able to get the feed for last one week for Cocacola (facebook.com/cocacolaindia) , Pepsi, Levis etc. Since I am only looking for public feeds I thought I dont need to use OAuth for authorization but I see no other way to get this info. For example - i tried below code but none of last three ways works.
String acessTok = "{my app id}|{app seceret key}"; //App level token
Facebook facebook = new FacebookTemplate(acessTok);
FacebookProfile profile = facebook.userOperations().getUserProfile("cocacolaIndia");
Page page = facebook.pageOperations().getPage("cocacolaIndia");
List<Post> list= facebook.feedOperations().getFeed("cocacolaIndia");
Is there a way out ? I can use httpurl to call http://graph.facebook.com/ and
parse the json but then would need my own api's to get different fields which I don't want to do..
You can use an App Access Token. Here's some RestFB example.
AccessToken accessToken = new DefaultFacebookClient().obtainAppAccessToken(MY_APP_ID, MY_APP_SECRET);
Now you can build your FacebookClient with this new access token.
With fetchConnection you can fetch the public posts from the desired "fanpage".
I had the same Problem.
I was trying to access the public Posts of an Facebook Page only with the AppId and AppSecret.
The following worked for me:
private Facebook facebook;
...
this.facebook = new FacebookTemplate("{AppId}|{AppSecret}");
...
Collection<Post> posts =this.facebook.feedOperations().getPosts("{PageId}");
I hope this is helpful.
I have developed an app so that users can upload images to a page's album. I do not want users to have to authorize and so I used the access token from the app to upload the images for them. This works fine if the admin is logged in and the access token hasn't expired - it only seems to last for a couple hours. I have looked through stackoverflow and facebook and tried many different things and nothing seems to work. Here is some of the code I am using:
try {
$facebook->setAccessToken("APP_ACCESS_TOKEN_FROM_GRAPH_API_TOOL");
$token_url="https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=".$facebook->getAccessToken();
$page_id = 'PAGE_ID';
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$page_info['access_token'] = $params['access_token'];
$page_info = $facebook->api("/".$page_id."?fields=access_token");
if( !empty($page_info['access_token']) ) {
$photo_details['access_token'] = $page_info['access_token'];
$upload_photo = $facebook->api('/'.$page_id.'/photos', 'post', $photo_details);
Am I dreaming? Is this possible and I just screwed up the code? Any help would be much appreciated even just to point me in the right direction...
Currently, your code uses your own Access Token, not the App Access token.
To get the app access token, you need to make a get request to https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=client_credentials as documented at https://developers.facebook.com/docs/technical-guides/opengraph/publishing-with-app-token/
in your implementation, and assuming that APP_SECRET and APP_ID are defined as constants, you'd get the app access token through :
$appAccessToken = str_replace("access_token=","",$facebook->api("https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=client_credentials"));
$facebook->setAccessToken($appAccessToken);
I'm using Django-socila-auth plugin. It uses google API for Oauth 1.0 Authentication. Question is have anybody used it with google python API (gdata). I mean how to apply auth session_token, stored in django-social-auth model to my api call.
Can you help me with code to get this token from model and apply to gdata.PhotoService() instance. For now it is like this:
#getting model instance from django-social-auth model
association = Association.objects.get(user=request.user)
google_session_token=association.handle
google_secret=association.secret
#token string from django-social-auth
#model Association field "handle" looks like:
#google_session_token = '.......XG84PjwytqJkvr8WQhDxm1w-JplWK5zPndSHB13f.........'
gd_client = gdata.photos.service.PhotosService()
gd_client.debug = 'true'
gd_client.auth_token = google_session_token
#image.image is a file field, but problem not in this.
#it tries to send file in debug text.
#It just recieves 403 unauthorised callback.
photo = gd_client.InsertPhotoSimple(
'/data/feed/api/user/default/albumid/default', 'New Photo',
'Uploaded using the API', image.image, content_type='image/jpeg')
I'm recieving error
403 Invalid token string.
I understand that it needs secret too but how to apply it to API for auth?(To receive authorization to post photos.). BTW I added Picassa feed URL, as an option string for social-auth to ask permissions, so token I have asks for Picassa feed permissions when authorizing with google.
BTW. Google tutorial I've used is: here
I understand it's Oauth 1.0 rather than AusSub, but question is:
how to authenticate with token and secret I have and post a photo with this permission?
Just to answer my own problem. I used wrong way to do it, because problem in 'gd_client' and AuthSub.
It must check token on server. And it can not do it on localhost. You need to look ahead to Oauth/Oauth2 for better debugging and so on... No matter that it is much complex than AuthSub