How To Get List Of Apps A User Has Used - facebook-graph-api

I was hoping to use the Graph API to retrieve a list of apps that the user currently has on their account - those that they are using or have used, and have not yet removed. This would be the same list as found by clicking App Centre and My Apps.
I'm not looking to get info about a specific application (yet; I don't know what app to look at, or how to get its ID).
This article: How to get the List of Facebook Applications for a user using Graph API
seemed to be the right answer (and the OP certainly liked it), but for me, while it works, it returns an empty array - but I have about 20 apps (mostly games) listed on my profile, half of which are in favourites. I don't need to know which are in favourites; I simply would like to know what apps a user is interested in.
I realise this is considered sensitive information, but since I cannot find what string to use for the api() method, I can't tell what permissions I'll need; I currently ask for read_stream but since the call itself succeeds, I assume I have sufficient privilege.
I see that you can list the app requests using /me/apprequests, which suggests you should be able to retrieve the list of apps (that's where the requests come from, usually, except invites to new games) - but I can't find anything that seems right.
Any ideas?
Thanks.

No, it is not possible to retrieve a full list of the applications that a user has TOS'ed.
As described in the comments to the OP, it is possible to deduce some of them from /[user]/scores assuming they have granted the user_games_activity permission.

Related

Google OAuth2.0 allows users NOT in list of test users

I'm developing a webapp which allows users to log in with their Google accounts, using OAuth2.0.
I've created an OAuth2.0 client ID, configured the OAuth consent screen with the Publishing status set to 'Testing', and added a test user.
The frontend of my app is built with React, and I'm using a package (react-google-login) to handle the flow. I can successfully sign in with the Google account I added as a test user, and retrieve the basic profile information needed.
The problem is I can also sign in with other Google accounts, which have not been added to the list of test users. I imagine that Google should simply not issue access tokens for accounts which are not in the list of test users.
I feel like I've misunderstood something about the OAuth process, or I have configured something incorrectly. I would appreciate if anyone had any pointers?
Thanks.
It is indeed bugged.
I was in the same spot as you, assuming I had misunderstood something. After reviewing my code over and over with no luck, I made a Stack Overflow post, in which I was advised to post to Google's bug tracking system. After doing some troubleshooting with Google they confirmed the bug, and they are now working to fix it (for a little while already).
I included this thread as an example when talking to Google. I meant to post an update here after getting in touch with them, but I forgot, sorry!
The buganizer thread with more details:
https://issuetracker.google.com/issues/211370835
Is it possible you're only asking for the email scope?
It appears the test user filter and possibly the whole concept of the 'app' being in test mode exists only inside the consent screen feature.
For some reason, Google doesn't show the consent screen if you only ask for email.
So... maybe that means you don't need a consent screen, and therefore don't need to care what that feature thinks about your app (that your app is in test mode and needs to be verified before going into production).
Or maybe it's a bug? Or maybe just because you can do this doesn't mean it's allowed by Google's terms. Maybe they just haven't implemented preventing that use case.
Anyway, it may help you to know that if you add a more significant scope like the Calendar API then the following things will change:
Non-test users will get a message like "The developer hasn’t given you access to this app." and won't be able to complete oauth
Test users will get a message like "Google hasn't verified this app"
Test users will see a consent screen
Basically, everything starts working as expected.
By the way, just putting "email" or "profile" for scope seems to be an old way of doing things, and all the newer scopes want you to use a full URL for the scope (despite google themselves not using the full URL when you're configuring your scopes).
For example, if you want the email and calendar scopes, you can put this value for your scope field:
email https://www.googleapis.com/auth/calendar
Or you can use this equivalent value:
https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar
Not suggesting you add a scope like email for the sake of it, just that it sheds light on what's happening, and if there's a scope like that that you need anyway, adding it will solve your problem.

How to Assign States to Viewers of Django Web Application?

Problem Statement
I'm working on building out a single-page Django web app and am trying to implement the following functionality:
- All viewers of the page are associated with a state. There are buttons on the page which enable viewers to change their state.
- The application stores a list of all current viewers of the page, and their associated states. Whenever a user changes their state, this stored list of viewers updates with this new information.
- The application should display how many people are online (viewing the page) at a given time.
Blockers
I'm unsure of how to collect a list of all current viewers of a page in Django, nor how to collect how many users are currently viewing the page.
Ideally, my application would not require a login to use: therefore, I'd rather either associate viewer state with a user object that doesn't require sign-in, or not associate viewer state with a user object (I'm still new to user objects though, so forgive me if this point doesn't make complete sense).
What I'm Looking For
A discussion of higher-level strategies which I can use to implement this functionality, or other places to look to gain insight in tackling my problem. I'm pretty new to Django, so I'd appreciate it if answers also direct me to locations in my Django project which are of relevance (e.g. "Consider doing X in views.py, then..."). Alternatively, if there are GitHub projects you know of with similar functionality, if you could direct me to them to investigate further, that would also be appreciated.
I'd be happy to offer further clarification as required. Thanks in advance!

get application needed permissions

What I am trying to do is get a list of permissions that an application will ask for when a user adds it. FQL says I need an app access token (which of course requires the application secret). I must be doing something wrong...I don't find it normal than only the developer of an application would be able to use the Graph to read the permissions the app requires. Has anyone seen something similar?
The permissions that you ask for depend on the script that is calling the login at that particular point, so it could be different in many places. One place in the app may only require basic permissions, while another place might require basic and email permissions. So you can't get a one-size-fits-all answer for an app because it isn't defined in one place, and it is not saved on the facebook server.
It might be that there is another solution to the reason why you want this information. What is it you are trying to achieve?

Tracking Checkin Deals

We are considering running a contest/drawing for users who check-in to our client's business. The Checkin Deals (PDF) feature looks really cool but it doesn't seem like you can programmatically access data on users who have checked in for a deal.
You can however get access to Checkins in general, using the Graph API. So I guess I just want to confirm that it would be possible for us to run a drawing/contest for users who check in to a place, before talking about it with our client.
Thanks!
You can't get information about who checked into a deal or checked into a place. The only information like this available via the Graph API is places an individual user has checked in, if they granted your application access to read that. It's similar to how Facebook doesn't provide who likes a page via the API, mainly due to privacy.

Retrieve comments Facebook users make as the Like a web page

I've been pouring over Facebook's Graph API but I can't seem to find any documentation with regards to retrieve comments users leave as they Like an Open Graph object (in my case, a web page with a Like button).
At a minimum, I would assume that there would be some way to retrieve comments from users whose privacy settings allow anybody to see their updates (I guess this might require me to know the UID of everybody who Likes my web page). Alternatively, there might be some method where user comments may be associated with the Open Graph object's stream instead.
Anybody?
To see a user's wall feed via the API (even public ones) you will to have them authenticate your app. Yeah, pretty crappy not to be able to query their public messages, but it is a current limitation of Facebook's API.