Hi I want to create a feauture for my cms. It should work like this:
When user publish news on website it will automatically publish a link on Facebook page.
What is the best solution ? Let's say we have one facebook account but multiple website admins. And permanent access token doesnt exists so I will have to do some reauthentication?
Any tips how to make this work will be very apriciated.
Thanks
As of last month facebook removed offline access and the access token you use will work for only 60 days. In order to use it after that period you will have to renew access token every time your user enters your web page or whatever you have.
Take a look at this link
How to renew/extend facebook access tokens with PHP?
Related
We have an app which could login via Facebook or Instagram. And we will pull some basic information of the user's from the site if you do so. We want to update all those basic informations at a certain period of time by the backend. It's not necessary for us to update informations while the user is using the app. I think update the basic information is just a test. The company might want to give some useful recommendations to the client for some commercial reasons. Any way, I checked that Facebook access token will live for 60 days,Instagram access token will not expire for now. May I refresh access token at backend without user involved?
There is no way to refresh the User Token automatically (on the server), it needs user interaction. Else, it would be pointless to implement a 60 days limit.
I have a web application that I would like to add single sign on capability using user's Facebook or Google+/Google App account.
I have a USERS table that stores users login information. All users are required to have a record in this table no matter if they signed up using FB or Google+.
I am trying to figure out the information that I need to store in the database in order to link USERS table records to FB or Google information.
Facebook documentation states:
the app should store the token in a database along with the user_id
to identify it.
So should I create a table called SSO_LOOKUP with following columns:
USER_ID // user's id that links to my USER table
PROVIDER_ID // user's FB or Google account id
PROVIDER_TYPE // indicates if it is Google, FB, Twitter, etc.
ACCESS_TOKEN
For SSO login definitely you need to have your user_id and some basic details which allow you to connect to FB or google
provider: "it will be either FB or Google or anything in future"
token: "This token we receive from FB and Google. In case of FB it
expires after 3 months or so where as it does not expire for google
as per my knowledge"
token_expired:" As In FB token expires after a time so you can have
this flag in place if you need to refresh it after that duration"
user_id: "This is your User id:
uniqueid: "This is the Unique ID which you will get from FB and Google.
That helps to identify your user in FB/Google"
These are the minimum fields you can add and these will even help you to scale your app. In the sense if you want to pull or push data from google and FB at that time Access_token and unique_id will help you.
Also incase you want to see some publish source then you can see some of the code on github e.g.
django-social-auth
For some details you can refer google documentation and Google OAuth2
Hope this will help.
Technically speaking all you really need to store is the Refresh Token and some kind of flag type identifier that tells you if its a Facebook or Google Refresh Token. Then you can query the API for what ever information you need. Storing the User Id would be a good idea becouse if they logout then reauth you will still know who it is even though the refresh token has changed. anything else is kind of over kill really as you will be getting that information back from the API anyway when you make your calls.
You could if you want store there Name and most recent picture that might be nice to display before you have fetched there information. Then update any changes to your data after you access the API for the first time. But its basically up to you how you want to design things, and what kind of application we are talking about here.
i am trying to use /me/likes/pageID the same way i used pages.isFan (REST API).
But it always uses the user/page as me for which i created the access token and not the current active user.
can't get my head around this one, any help is appreciated!
thanks
[from comments] but do i really need to create an application to "just" check if the user is fan of my own page? and even ask his authorization?
Yes, you will need an app in any case.
If you run your app as a canvas or page tab app inside of Facebook, then you get the info if the current user liked the very Facebook fan page the app is running in(!) directly from the signed_request parameter.
If you want to query this infor for other pages, and/or your app is running outside of Facebook, then you have to have the user connect to your app and ask permission to read his likes first, before you can get this info.
For information on the latter case, see https://developers.facebook.com/docs/authentication/, https://developers.facebook.com/docs/authentication/permissions/#user_friends_perms, https://developers.facebook.com/docs/reference/api/user/#likes
It is easy: With the new Graph API, the owner of the access token is me. You can see this by pasting an access token into the debugger.
You should be authenticating your user and gaining an access token in their name each time they visit your site. Then use only this access token when you make your query.
This process is easiest if you use one of the Facebook SDKs.
I'm trying to use the facebook API on the backend of a website. Essentially, I want to be able to create events using a Djano app and have it create the corresponding facebook events.
The organization I am creating events for already have a facebook page. I only am concerned with posting events on that organization's page. I am the admin for the organization so I know all the login info.
What I am am trying to figure out is how I can setup the access token such thatit just works for the organization without any need to login to the facebook app. I was thinking that setting a static access token would do the trick, but I cannot find anyway to do it.
So, what is the standard way to create a facebook app that only interfaces with one predefined user?
Im not entirely sure what you're trying to do. However the static access token has now been deprecated. Do you want to: create an event for the person using the page, or for the company's page/profile?
Hope I can help
I've been scouring the net for ages with this one, and I'm not sure if there is a solution at all, but thought I'd post and see if there's a response... thanks in advance!
Several of our customers (who we build websites for) have their Facebook feeds brought into their website (and their Twitter feeds). Before the removal of the offline_access permission, this was no problem. We'd set our app up, authenticate the account, get the access token and then we could bring in the live feed into their websites forever. However, now with the new system, there doesn't seem to be a way of doing this without human intervention.
Essentially, we have these websites bringing in the feeds from the relevant Facebook accounts, with the long access_token (60 day token). However, when this limit is reached, there is no "user" to re-authenticate the app, as its just the server that makes these requests. Is it a case of having to set reminders for all these accounts, and then every two months we (as the web agency) have to log in to all the accounts and get new access tokens to provide to the scripts so they can carry on working? Or is there an alternative which I am just not seeing?
Thanks again!
Neil.
There is no alternative that I know of. Once the token expires after 60 days, the user must re-authenticate.
No alternative way, user must login to provide you the new access token
https://developers.facebook.com/roadmap/offline-access-removal/