How can I add users to a Facebook group automatically? - facebook-graph-api

The flow I'm going for is:
User signs in with Facebook to our site.
User pays a fee using PayPal or some similar service.
User is allowed access to a particular Facebook group.
I'm not particularly fussy about how the process works, but I'd like to avoid a manual step if possible.
I know I can't invite them using the Graph API (as they're not an admin, developer or tester of the app). But is there some other way round? A button that allows them to request access that I then confirm using the API? An automatic way of emailing an invite?
Or is there a way of making it easier to do the manual step? Some way of listing the new users with an "invite to group" button? A friend request button for the user to press?

With facebook API you can't do this with a normal group, but you can use app groups instead. To create an app group, you have to do a POST request to this url:
http://graph.facebook.com/{your-app-id}/groups
with the following informations:
valid app access token
name: the name of the group
description: the description of the group
privacy: enum, it can be open or closed
admin: admin's user id
Then you will recive a gropu ID. You can get info about your group ith a GET request to this URL:
http://graph.facebook.com/{group-id}
EDITED: You can no longer add members with POST request, but there is an another way.
New solution
You can use a client-side dialog to add members to groups. You can find the documentation here: https://developers.facebook.com/docs/games/app-game-groups/v2.0#add_user
I tested it with a user who wasn't a tester, andd it works fine.
Old solution (no longer available)
You can add members to this group with a POST request to this URL:
http://graph.facebook.com/{group-id}/members
You have to post:
valid app access token
member: user ID of the person to invite
The person will recive something like this image:
(source: edemmester.hu)
I tested it, it works fine.
More info about app groups: https://developers.facebook.com/docs/graph-api/reference/v2.0/app/groups
IMPORTANT! You have to use app access tokens here, not user access tokens.

I don't think it's possible to invite people without writing a browser extension that has access to the cookies etc. of the logged-in group admin.
Anyway, you cannot simply add people to a group if you're not friends with them, but need to invite them by email. So probably it's easiest if you ask them for their email-address and then invite them by email.

Related

Request additional permissions only for specific users in Meteor

I have an application allowing users to sign in using their Facebook and Twitter accounts. I only need a very basic information like their email address and full name. Everything works fine and as planned.
Accounts.ui.config({
requestPermissions: {
facebook: ['email'],
github: ['user:email']
}
});
But, now I need to implement a feature posting to a Facebook page and Twitter on behalf of the admin users only. So, I need to get additional permissions from specific users only.
Admin users are eligible to manage our page at Facebook. The app needs to request additional permissions to be able to post to the page. I wan't to keep those basic permissions for regular users.
How can I accomplish that?
One way you can do is,
If you know that logged in user is Admin, put the re-authenticate button in user-dashboard (or somewhere which makes sense) that will do authentication user of user for whatever permissions as required by application.
This will basically do, oauth with social service like usual and upon completion you will get aceess code and against this code get the re-newed access token from social service. (This is normal , how you basically do the oauth manually) Now, use this access token to post to social services.
For this, you will need to use node modules such as for facebook -fb_graph , for twitter- twiiter
Hope this helps

add Tip or Venue to foursquare by using a URL like /share.php url in Facebook

Is there any way to add Venue/Tip to Foursquare without creating appID in developer.foursquare.com?
I need to confirm whether is there any provision for sharing content to foursquare by using a public url like Facebook share.php.
Basically you will need an app-id or authed user, due to the fact that every tip is from a user or linked to.
But they make exceptions when it comes to adding venues.
At least you will need an app-id for that.
Adding Venues Without Authenticating Users First
This endpoint generally requires you to authenticate Foursquare users
before you can add venues on their behalf. In some cases, we’ll make
exceptions and allow applications to create new venues without
authenticating any users. If you’re interested in this feature, please
contact api#foursquare.com.
https://developer.foursquare.com/docs/venues/add

How can I secure a Django site

I have a working django site - up-and-live, working just fine. It uses Django's contrib.auth for authentication. It's hosted on Heroku. I would like to set up a clone of this site for demo purposes, but would like to add an extra layer of security around the site, which would be a very simple password-protection. Doesn't have to be bulletproof or unhackable - just enough to put 'muggles' off trying.
This authorisation layer should not in any way interfere with the site auth itself. It's just an outer ring (check once, store access rights in session). Because the site is hosted on Heroku this is not something I can do at the web server level - it has to be part of the app itself.
My nuclear option is to create a django app (working title 'perimeter') which would enforce this, but if anyone knows another way to do this, I would be really grateful.
Core features include:
Some mechanism for generating short tokens (< 8 chars)
Some mechanism for logging tokens against an email address
Prompt users for a token / email combination on first access of site
Unrestricted access to site thereafter (standard auth model kicks in at that point)
Typical user journey is:
Bob asks site owner (me) for access to demo site
I generate a token for Bob and send it him along with the site URL
Bob clicks on the link, gets redirected to page to input his email and the token
If the token is valid (expires after X hours / days), store in session, let Bob in.
If the token is not valid, 403 (/401).
(You may wonder why securing a copy of website that is already public makes any sense. It's because the site is a members-only site, and on the demo version it will be 'auto-enroll' so that people can see what it's like inside the site without having access to the real data. However, I would like to be able to track users on it.)
[UPDATE: alternative]
A blunt alternative is to add the token to the URL I send Bob, ignore his email, and simply validate the token itself. That would work so long as Bob always uses the URL in the email.
I have created my own solution to this - meet Django-Perimeter.
This app isn't packaged (yet) so you'll need to clone the source and add it in manually to your own django site, but it does work. It provides the ability to generate access tokens, and then secure access to the site (the entire site, not parts of it) using those tokens.
[UPDATE]
This is now available via PyPI - http://pypi.python.org/pypi/django-perimeter
You can install using pip install django-perimeter

email id of user from new facebook API

I have worked earlier on facebook API. I successfully used it and fetched all friend lists with their email ids. I was also able to get user email id who logged in through facebook API.
Now in gap of 7-8 months I found that faceAPI development section has been changed . New one is something different.
And now I am facing problem to get email id after user login at facebook.Yet all other details are coming like user name .user id and location except email id.
Old script is also not working with me. Could you help me to get email id of user who get login by facebook at my website.
Thanks for your cooperation.
No one will do your homework (upgrade the code for you)
Read the most current documentation
Accessing users e-mails require a special permission email
Users may choose not sharing their direct e-mail with you
You didn't say what technology you are using, but you can check the PHP-SDK example page to get started.
Direct Access Method:
Log into Facebook under your name. If you need an "Access Token", Click on the Extended Permissions and click the "read_friendlist" check box to get your Access Token and then
submit your query. You may need to "Allow" access, so just follow the prompts given.
Voila! You now have the usernames for everyone on your Friends List. The "username" parameter in the query will give you the contact email "message to that person" and you append #facebook.com and send them a message. Very simple.
http://developers.facebook.com/tools/explorer?fql=SELECT%20username%20FROM%20user%20WHERE%20uid%20IN%20%28SELECT%20uid2%20FROM%20friend%20WHERE%20uid1%20%3D%20me%28%29%29%20ORDER%20BY%20name
I had been using the import function in Yahoo Mail but now it has been limited to the first 50 names on your friends list. Where I work, they have over 6,000 friends between the two pages. This is a very simple solution to my problem. And now I can write a very small PHP sendmail program and send EVERYONE on the friends list an email message that goes directly to their messages. No more viewing page sources or manually doing this.
I can create a special email list on IFanz that will handle all dups, even if I repeat this process on a monthly basis to acquire new emails.
-SAB

Django auth system: adding user to group via "invites"

I want to use the Django default auth system to manage users and groups. Is there an existing Django app/module that adds users to groups by invites? I.e. some existing user of the group sends an invite with a secret key in a URL, and another user that clicks on the URL joins the group.
I can write one, but figured I ask before doing that.
Thanks.
I am not sure if this will solve all your problems but do take a look at Pinax. They have features to support user invitation and user groups.