Recently I am experiencing this problem.
When I click to register with facebook and I am logged in as a user, I can see my information correctly. But staying on the same page, if I log out from facebook in some other tab and click Register with facebook on my own site, I see this person profile picture. The url of this image is:
http://graph.facebook.com/undefined/picture?type=large
I am accessing graph API using APP
Kindly advise me the solution to the problem
Accessing a users data requires an access token, with out this token your call is getting undefined returned as a user, and with out the access token appended to the picture url it returns emphamous Unknown User.
refer to: http://developers.facebook.com/docs/facebook-login/access-tokens/
for requesting access tokens, and usage.
Example Only: https://graph.facebook.com/ShawnsSpace/picture?type=large&return_ssl_resources=1&access_token=users_access_token
My script cannot access FB script without Access token
FB.login(function(response)
{
//If the user is succesfully authenticated, we execute some code to handle the freshly
//logged in user, if not, we do nothing
if (response.authResponse)
{
FB.api('/me', function(response) {}
}
{scope:'email,user_events,friends_photos,user_about_me,user_birthday,user_hometown,user_location,user_location,user_relationships'}); });//fbclick
So, I think access token condition is already satisfied.
Related
Using the Facebook Access Token Debugger I can see I have an access token that never expires.
https://developers.facebook.com/tools/debug/accesstoken/
However using the Graph Explorer I get the error
{
"error": {
"message": "(#10) To use 'Page Public Content Access', your use of this endpoint must be reviewed and approved by Facebook. To submit this 'Page Public Content Access' feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review.",
"type": "OAuthException",
"code": 10,
...
}
}
This was previously working, has something changed with Facebook? The only other thing that has changed is that my access to the Facebook App was removed then reinstated, so I now use a different access code.
Please could anyone advise what I need to do to resolve this issue, I previously did not need Facebook review to use this API last month.
Thanks
Edited: the login required screen when requesting a Page Access Token:
This is not about expiry of the token.
Facebook has restricted API access to the data of any public pages - you now need to get your app reviewed for the use of the feature “Page Public Content Access”, before you can use it.
https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS
Without getting this reviewed, you can only access data from pages you have admin access to - but that in turn requires the use of a different kind of token then, a page access token. (You presumably used the general app access token, for your requests that have been working up until now. For that to keep working to access public page data, you need to submit for review of the feature.)
Thanks to misorude for all your help. This is what worked for me:
Step 1: ask the business manager to grant the user "Manage Pages" permission on both the app and the page:
https://business.facebook.com/settings/pages/PageID?business_id=BusinessID
https://business.facebook.com/settings/apps/AppID?business_id=BusinessID
Step 2: Create the user access token (select "Get User Access Token" from the "Get Token" dropdown)
https://developers.facebook.com/tools/explorer/
Step 3: Check the user has access by calling your graph method using the temporary user access token
E.g. https://graph.facebook.com/v3.3/PageID?fields=link%2Cpicture&access_token=UserAccessToken
E.g. https://graph.facebook.com/v3.3/PageID/feed?fields=message%2Cfull_picture%2cpermalink_url%2Ccreated_time&limit=3&access_token=UserAccessToken
Step 4: Create permanent user access token
https://developers.facebook.com/tools/debug/accesstoken/
Click "Extend Access Token" at the bottom of the page and debug to reveal the token with expiry: never
I am using PHP for accessing Facebook friends location. I want to access location of all friends. I read that it requires "access tokens" to get client's public information from here
https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
and here
https://www.sammyk.me/access-token-handling-best-practices-in-facebook-php-sdk-v4
Is that token will be provided by Facebook at that instant of time or my app needs to wait till friend's approval.
I saw this post on stack overflow: How to get user access token?
But i still i can't figure out what if friend is offline. How that token will be passed to my application?
Or is it like that "Tokens are generated by Facebook at time when my application made the request but i can only access the user information later using the same token if he has given permission (when he gets logged in)".?
I am unable to find any explanation regarding this.
Thanks.
You can´t get the location of friends at all. Friend permissions have been removed for privacy reasons, you can only get data of users who authorized your App too. Check out the changelog for more information: https://developers.facebook.com/docs/apps/changelog
That being said, there are different Access Tokens. You can get an App Token without authorization, but you need to implement an authorization process for User or Page Tokens.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
I have some C# code that retrieves an access token using Facebook.JsonObject and can post to my profile wall on facebook with no problems.
However, if I try to use that same access token to retrieve details of my facebook business pages so I can post to them, then I get the message "user access token is required to request this resource".
I thought the access token I had retrieved that allowed me to post to my profile was a user access token. What is the difference, and how do I get a user access token?
This is the code I am using to get the access token:
facebook.JsonObject AuthResult = (Facebook.JsonObject)Oauth.GetApplicationAccessToken(parameters);
object Access_Token = "";
AuthResult.TryGetValue("access_token", out Access_Token);
FacebookClient FBClient = new FacebookClient(Access_Token.ToString());
More information:
I need my customer's c# application to post directly to my customer's facebook business page via code without the application "allow access" box popping up and any redirects to applicatoins taking place. Therefore I need to get the User Access Token programatically without facebook being logged in or open etc.
Any (non-sarcastic) help very gratefully received.
Thanks
I thought the access token I had retrieved that allowed me to post to my profile was a user access token.
Does that method name,
(Facebook.JsonObject)Oauth.GetApplicationAccessToken(parameters);
===========
really sound to you as if it was supposed to give back a user access token? Sorry, but to me it doesn’t …
If you are not familiar with the different types of authentication and access tokens, please read this first: https://developers.facebook.com/docs/authentication/
I'm playing around with Facebook Connect, trying to use Facebook as the means or authentication on my site. Currently my workflow looks something like this:
Go to URL
Server checks cookies for AccessToken
If AccessToken exists, automatically fill in user's name/profile picture in comment box, and leave AccessToken in hidden input
send page down to client
on submit, verify access token (which was submitted with the rest of the form) is a valid access token for a real person. If so, add comment to Database
refresh page to display new data
if no access token, replace user's name/profile picture with <fb:login-button>, along with the required <script>s.
send page down to client
When user authorizes page/logs into facebook, refresh page
(go back to top, except this time the access token should exist)
So I have a few questions:
Is this secure? I was thinking of ways i would be able to do without the double authentication with Facebook (checking once on page-generation and checking again on comment-submission), and I could not figure any other way short of maintaining my own session-state with each client. Is that worth doing?
Does the access token expire when i log out of Facebook? I'm thinking it should, but it seems I can continue to use the same access token to grab data (i.e. name, url, etc.) after I manually go to Facebook and log myself out. Is it because I'm only asking for public information, and only more intrusive permissions expire on logout?
Given that each person who wants to do something has to provide a unique token from Facebook, this should have the side effect of blocking CSRF, since every action can be traced to a valid Facebook account. Is that right?
Why don't you just use the Facebook Javascript SDK to detect if they're currently logged into Facebook? This will also make the access token available in Javascript so you can make client-side calls to the API.
You can access the same access token server side via the session cookie set by Facebook also.
I can't answer all of your questions but I can tell you that having the access token in a hidden field on your page is risky from a policy perspective, especially if your page can be read by any third-party code such as Google Analytics or AdSense. Facebook will nail you for this as it is leaking user identifying data to third parties. The Facebook userid is in the access token in plain text. Facebook has automated processes that scan for this stuff and will auto-ban your app if it is leaking userids to third parties.
I am posting to my facebook wall through my app using my user.
I gave to the app offline access but still, sometimes the accesstoken changes.
I would like to know if its possible to use Facebook API to get the accesstoken?
Right now, I used the example.php from the facebook sdk to login and took the accesstoken from there.
again, I dont want the application accesstoken. I want to user accesstoken of using the app.
Thanks.
There is App Login section in Authorization paragraph in https://developers.facebook.com/docs/reference/api/ .
Read it. You have to call it if you get invalid access token error in order to refresh the token. However, sometimes the token is invalid due to lack of permissions and not because the token is expired