Facebook App, Wrong access token - facebook-graph-api

I'm using the Graph Explorer, and I'm choosing my application from the Application Drop Down List.
I'm having to access this photo https://graph.facebook.com/399744030064153.
When i choose the application, facebook automatically the access token for the app and I'm being able to view the photo details.
However, in my php application, when i do
$access_token=$facebook->getAccessToken();
$photoObj=$facebook->api("https://graph.facebook.com/399744030064153?access_token=$access_token");
Its not working, from what i know, the access token is wrong because I'm trying to echo the access token and I check it. Thus, the problem is the access token
Does someone has an idea??

The Graph API explorer automatically generates a user access token, which gives the app the ability to act on a user's behalf. - in this case, your own account.
The getAccessToken() method in the SDK, if used standalone (i.e not as part of the documented Auth flow) will return an App Access Token, which although usable with the API won't be able to view any content unless it's Publicly visible

Related

Facebook marketing api acess token

I am trying to get my ( OWN ) ad accounts data using facebook insights api. the very first step is getting access token. until now i was using access token generated by graph api explorer by extending it lifetime manually. now what is the programmatic way of getting access token. i have referred this documntation https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/
This is only possible when i am using some sort of front-end or browser interface to open up login dialog but i am using a python script. its not possible to open up the login dialog. ho do i get my access token .
as far as i understand login dialog popu up when using user access token. i think i need to use app access token . are both same?
Follow the step here:
https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
You can get the access token through the sample code
But reminded that because this request uses your app secret, it must never be made in client-side code or in an app binary that could be decompiled.

facebook api - what token do I need?

I'm developing a site for a non-profit. I'm building it as an express app hosted on heroku that needs access to the non-profits facebook group events.
I'm able to grab all the group's events in the graph api explorer. But I'm very confused as to what api token I need.
What facebook api token do I need to provide my webapp so it can access a random group's events listing?
Probably the app access token from the application requesting the information. The access token can be created by linking your application ID and your application secret together like so:
APP_ID | APP_SECRET
No spaces between though, just provided them for clarity.
PHP example:
$app_access_token=$app_id."|".$app_secret;
Then just append the access token to your request and it should work.
You want to use an app token. Easiest method is to create an app, then submit a get request with your app_id concatenated with your app secret.
Like so curl https://graph.facebook.com/v2.1/endpoint?key=value&access_token=app_id|app_secret note that https is required. https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
Note this only works for endpoints that don't need user credentials e.g. public groups https://developers.facebook.com/docs/graph-api/reference/v2.1/group/ However group/events does need a user access token https://developers.facebook.com/docs/graph-api/reference/v2.1/group/events

Application Token is Different

On this page:
http://developers.facebook.com/docs/opengraph/using-app-tokens/
It describes how to get the app access token, yet the token it returns is different than the one in the open Graph "Get Code" example. The latter is the only one that works. How can I get the second access token using the API? When I try to use the first example, I basically get something back that looks like "application ID|secret key" which is different than the real access token.
as documentation states, you will get
access_token=YOUR_APP_ACCESS_TOKEN
string back from the API call. Even though it LOOKS like "application ID|secret key HASH" - it is a valid access token you can use to publish to user's wall. You can verify it's a proper access token using Debug toll from FB: https://developers.facebook.com/tools/debug - just paste the token there.
The reason it might not work for you is because you are trying to publish something to the user's wall who did not authorize your app. Look here: https://developers.facebook.com/docs/reference/javascript/ - for example of how to use your app ID to make user authorize the app. You need to request publish_stream permission for your app from user in order to be able to publish as the app to the user's wall.
And going back to the documentation:
Note that the app access token is for publishing purposes permitted by
the publish_actions and publish_stream permissions. You will be unable
to retrieve information about the status update post with the given ID
using the app access token. Instead, you should use a user access
token for such purposes.
hope that helps.

Facebook app (NOT user) access token expiration

Do Facebook APP access tokens expire? These tokens are different than the USER tokens; they are acquired like this:
https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id={0}&client_secret={1})
as described in the App Login section of the document at http://developers.facebook.com/docs/authentication/.
Are there any circumstances under which they will become invalid?
NB: This is NOT a question about USER access tokens (which are clearly documented). There was an identical question http://facebook.stackoverflow.com/questions/7322063/does-app-login-access-token-expire wrongly closed as duplicate of another question about USER access tokens.
Per the Facebook documentation:
An App Access Token is signed using your app secret and will not
expire; it will be invalidated if you re-key/reset your application
secret.
Creating an APP_ACCESS_TOKEN is really easy.
You can use your App ID/API Key and App secret
access_token = YOUR_APP_ID|YOUR_APP_SECRET
Example: 1234587968 | bghyuifjk3438483249235903502035023504305
I do know that one condition that will cause them to become invalid is if you reset the Application Secret using the Facebook developer tool.
I do not know if using the OAuth method to produce an App Token will cause it to have an expiration. However, if you scan Facebook's PHP SDK, you may notice that a non-expiring app token is made by concatenation app_id and secret:
/**
* Returns the access token that should be used for logged out
* users when no authorization code is available.
*
* #return string The application access token, useful for gathering
* public information about users and applications.
*/
protected function getApplicationAccessToken() {
return $this->appId.'|'.$this->apiSecret;
}
WARNING: I would never use this in client-code as it would publish your app secret. However, in a trust server environment, it seems like the way to go.
To test this, I went to the OpenGraph tool and erased my Access Token and typed in the concatenated value from the code sample. I then accessed my app's insights to verify that it would work:
<APP_ID>/insights/application_active_users
For me, the answer is not to find a token that doesn't expire, (since I do not trust Facebook), but to catch the expiring token and reset without taking up my users time. I found this and thought you might want to check it out.
"To ensure the best experience for your users, your app needs to be prepared to catch errors for the above scenarios. The following PHP code shows you how to handle these errors and retrieve a new access token.
When you redirect the user to the auth dialog, the user is not prompted for permissions if the user has already authorized your application. Facebook will return you a valid access token without any user facing dialog. However if the user has de-authorized your application then the user will need to re-authorize your application for you to get the access_token." Resource: https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/

Can't get user feed with application access token?

I'm (just?) trying to get a user's feed via the graph api. All the permissions are in place; I just need to get it to work.
I've found that, if I go into the graph api explorer, I can retrieve the feed if I pass over an access token corresponding to the user. However, if I use the application's access token, I get nothing -- it returns with an empty DATA value.
Is this right? Shouldn't the app's access token work? What's the point of having it around if it doesn't?
An App Access token is primarily used for taking actions on behalf of the app itself (e.g. banning users, changing app settings, posting games achievements, etc).
To access a user's posts you need a user access token from them (or from another user who's able to see that user's posts), and the access token needs the read_stream permission