Through Facebook's PHP SDK getting started guide it takes you through the process of initializing your app, creating a Login URL and then handling the call back data and doing a simple query.
In the documentation it says you can skip the initializing process providing an access token from 'some other means'.
$session = new FacebookSession('access token here');
Due to the lack of documentation I'm struggling on how I would define a scope before creating the login URL and then use the call back data to extract the access token.
This tutorial will help you get started with using the Facebook PHP SDK to log a user in.
Basically, you need to setup your application first and use the FacebookRedirectLoginHelper to create the login URL:
FacebookSession::setDefaultApplication( 'xxx','yyy' );
// login helper with redirect_uri
$helper = new FacebookRedirectLoginHelper( 'http://yourwebsite.com/app/' );
// show login url, scope is array of permissions
echo 'Login';
Related
I've made a simple website for my personal usage using flask where I can post something to my facebook page. There is a textarea where I write text and then submit it. Then the server process the text and post it on that page using graph api and access token. It works well on my system. But when I deploy this project on live server the access token expired. If I put the token on access token debugger it says facebook removed access to the token duo session change.
I search about this on google (my bestfriend ;) but found nothing. I want to post on my page without expiring token while changing server. Or is there any alternative way to post on page?
Edit:
Here is the code I'm trying to post with...
import requests
from urllib.parse import quote_plus
acc_tk='EAA....MY_PAGE_ACCESS_TOKEN'
def post_fb(message):
resp=requests.post(f"https://graph.facebook.com/v15.0/113023048137080/feed?message={quote_plus(message)}&access_token={acc_tk}")
if resp.status_code==200:
return True
else:
return False
When I create a new page access token and run this function, it returns true and the post is published on the page. But if I deploy this to live server the access token expires and then this function doesn't work any more even on local machine. If I debug this token this warning shows up~
After 1 day of debugging, I realized that the token get expired when I store token in a variable (like I showed in the question) and push it on github and then deploy it to render.com. So I managed to store token in my database and retrieve it when needed. And that's it! My code is working now.
But one thing I didn't understand that why my token get expired if I push it to github and deploy it on render.com... I found no reason about this.
I'm building a manual login flow for my App which is integrating some facebook functionality.
I need to check when the current access_token of the user will expire.
The API documentary says I should do this call:
GET graph.facebook.com/debug_token?
input_token={token-to-inspect} &access_token={app-token-or-admin-token}
So I did this in C#:
Uri inspectAccessTokenUri = new Uri("http://graph.facebook.com/debug_token?input_token="+access_token+"&"); //IDK which value should have the last parameter
HttpWebRequest checkToken = (HttpWebRequest)WebRequest.Create(inspectAccessTokenUri);
var response = await checkToken.GetResponseAsync();
Stream stream = response.GetResponseStream();
StreamReader reader = new StreamReader(stream);
string data = reader.ReadToEnd();
Debug.WriteLine(data);
The last parameter should be the app-token:
BUT: Of course I looked up how to get the app-token and facebook says:
Note that because this request uses your app secret, it must never be
made in client-side code or in an app binary that could be decompiled.
It is important that your app secret is never shared with anyone.
Therefore, this API call should only be made using server-side code.
(Facebook Graph API Documentation 1.1.16)
So my question: Can I check the token without the app-token or hardcoding the app-secret?
App secret is usually used by the server-side app, we don't use it in our UWP app, it could be decompiled.
Read the official doc about FB Graph Debug-Token, this can only be used when you debug your app, for example if you want to check the metadata about a given access token, after you publish your app, your code will not relay on it.
In an UWP app, we use WebAuthenticationBroker class to connect to OAuth providers such as Facebook, Flickr, Google, and Twitter. Maintenance is need during using OAuth connections. For example, expires information is included in the access token, when we use OAuth protocol for authentication and authorization, we need to refresh the access token after it expired.
Due to these conditions, you may reconsider what you can do in an UWP app and which API you should choose.
If the app-token is expired you will get a facebook response error. And you can catch this exception to deal with the situation you want. In this way you don't need to make a request with your app secret.
You can also use fb-uwp sdk that contains AccessTokenData for authenticated users
I am using oauth.io to handle authentication in an Android app. I login using the service and then pass the access token to the server. As part of the server-side verification, I make a call to https://graph.facebook.com/debug_token?input_token={user access token}&access_token={app token}. I was receiving a response with the error message "(#100) The App_id in the input_token did not match the Viewing App".
I took this to mean that the app that generated the access token was not the same as the app that owns the app token I was sending in the request. Upon further inspection, I noticed that when I debugged the token with Facebook's tool (https://developers.facebook.com/tools/debug/accesstoken) I was seeing a different app id that belonged to oauth.io itself instead of my app. Since the app token is based on the app id and app secret, it obviously would not be correct if it was expecting oauth.io's app token.
Is there any way to continue using the debug_token endpoint through Facebook with a token generated by oauth.io?
Sorry this is a bit late - but it may still help you :) I had the same issue. In my perl code, I just did:
use LWP::Simple;
my $check_session_first = LWP::Simple::get("https://graph.facebook.com/me?access_token=$in->{token}");
if (!$check_session_first) {
print $IN->header;
print Links::SiteHTML::display('error', { error => qq|Sorry, we couldn't log you in. |});
return;
}
Basically, if $check_session_first is empty, then it means the session isn't valid. If its valid, it'll return a JSON object (which in my case, I process using the "JSON" perl module)
I'm trying to get access to salesforce report data using oauth token. Some time ago it worked fine, I used the oauth token as session id.
...
URL remoteFile = new URL(instanceURL + "/" + reportId + "?export=1&enc=UTF-8&xf=csv");
URLConnection fStream = remoteFile.openConnection();
fStream.setRequestProperty("Cookie", "sid=" + accessToken);
...
But it doesn't work, everytime I try to access the url it returns an html page which corresponds to login page. Is there any way I can access report data (not meta-data) using the oauth access_token?
Thanks.
In order to use the token with such a URL you need to set the scope parameter to include web:
web Allows the ability to use the access_token on the Web.
The oAuth User Agent Flow documentation details where the scope parameter is specified.
I am posting to my facebook wall through my app using my user.
I gave to the app offline access but still, sometimes the accesstoken changes.
I would like to know if its possible to use Facebook API to get the accesstoken?
Right now, I used the example.php from the facebook sdk to login and took the accesstoken from there.
again, I dont want the application accesstoken. I want to user accesstoken of using the app.
Thanks.
There is App Login section in Authorization paragraph in https://developers.facebook.com/docs/reference/api/ .
Read it. You have to call it if you get invalid access token error in order to refresh the token. However, sometimes the token is invalid due to lack of permissions and not because the token is expired