Posting photos to a Facebook page as a non-admin - facebook-graph-api

A client wants the ability for people to upload photos from within their website and have them post to their Facebook page. I'm personally an admin of the Facebook page in question, so I can post the photo myself without issue. However, I'm trying to determine if there is a way for a non-admin to post a photo to an album within the page.
Originally, there was an offline_access scope which would allow me to get a single access token (logged in as myself) to be used on the third party website, but this is no longer the case. It's looking more and more like there is no way to write any kind of information to a Facebook page (including wall even wall posts) via the open graph api unless you're an admin and have a manage_pages enabled token.
Any thoughts?

You shouldn't need manage_pages permission. You want publish_stream.
manage_pages just allows you to obtain an access token to "log in as" an admin to a page the user has access to. Publish stream allows you to make comments and post on people's wall.
With publish_stream, you should be able to post pictures to the pages wall as long as that page's permissions allow you to do so. You won't be able to upload them to the pages album though, as that needs to be performed by an admin to the page. Just like your friends can post pictures to your wall, but they can't add photos to your albums.
Using the graph protocol, you can perform any action that both:
The user you're authenticated as has permission to perform
Your application has been granted permission to perform on the user's behalf.
So it's important to understand both the permission settings of both the actor (authenticated user) and the victim (the object being changed).

Related

Is it possible to display Facebook user photos if someone isn't logged into Facebook?

I'm in the draft stage of designing a charity site for a friend of mine, and we'd like to be able to display photos of people who donate (they would have the choice of turning their photo on or off).
I'm used to logging people into another app of mine via Facebook, and retrieving their basic data.
What I'm wondering is - since the person viewing the site would be the only one logged into it, is it even possible to display photos of Facebook users who have donated ie can you retrieve a FB user photo if they aren't logged in?
If not, are you allowed, with the user's permission, to store their Facebook photo?
Thanks for your time and help.
Have a look at
https://developers.facebook.com/docs/graph-api/reference/v2.2/user/picture/
It's stating
Because profile pictures are always public on Facebook, this call does not require any access token.
This means as long as you requested the public_profile permission upon Facebook Login, and stored the app-scoped user_id in your database somewhere, you can use this app-scoped user_id to generate the profile picture image sources as follows:
<img src="https://graph.facebook.com/{app_scoped_user_id}/picture?type=large&redirect=true"/>
and replace {app_scoped_user_id} by the real app-scoped user_ids in some kind of loop.

Facebook permissions - login flow

I am facebook development newbie and have problems with understanding login flow.
What I want to achieve:
I need access app user's pictures from the album created by the
application (preferably also when users are offline).
I run through facebook samples and stackoverflow questions and what I managed to do is:
I use facebook authentication with user_photos scope as follows:
however the script retrieving list of albums gets an "An active access token must be used to query information about the current user." error.
So I added:
Grant Permissions to Allow access to Photos and Albums
The scope is exactly the same, so I don't understand why after clicking that button retrieving the albums works.
The problem is that after refreshing the page, app recognizes that I'm a user who uses the app, but the albums are not accessible again.
How can I make app to get the permission to access pictures permanently?
I suppose it should be possible to access them also when the user is offline (if the album is public)?
The problem was that script accessing data was loaded faster than the user was verified by facebook. It worked with a button just because clicking a button gave application needed time buffor.

Facebook different users posting to different pages as the page itself

I have a facebook application and want to use it to allow my users to post simple messages on a page.
I used api explorer and made a few api calls to post but all that I post is not visible for other users than the one I am logged with and for not-logged-in users. I want my api-made posts to be visible for everyone, not just for the user that posted them.
I mention that if I make a post using the textbox directly (manually) on the page then those posts are visible to everyone, even for non-logged-in.
Is there a step-by-step tutorial for this?
What I finally want is to allow users of my site to post messages to facebook directly (after login to facebook of course). Posts should be done by different users to different pages as the respective page.
Code samples are much appreciated.
For posting to a page as the page, get a page access token: https://developers.facebook.com/docs/facebook-login/access-tokens/
To post as the page, you need an access token with manage_pages permission. And there’s no build-in way for a page admin to get notified when someone wants to post to their page as the page, because that’s not a common use case. But the page admin can grant you manage_pages once so you get a page access token, and then you can use that in your app to post to the page, you just have to set that access token explicitly when doing so.

what permissions does my canvas app need to post to the feed on its own page?

The page that I'm starting as a compliment to my canvas app is one where a certain user action will add a post to the feed of that page. I know that if I want to post to a page that the user personally administers, I have to get the manage_pages permission, but no one administers this page but me as the developer, so why would I ask the user for that permission? So aside from the publish_stream permission what do I need to do to make this work?
This isn't something I can do in open graph because you can only post open graph stories to the users own feed.
You require no permission if you want to post on your page on user's behalf. You just require to retrieve and save your Page's access token, retrieved by your extended access token with manage_pages and publish_stream permission so that it doesn't expires, and use the same to post on your page.
If you want the same to be posted on the user's timeline then you may ask for the publish_stream permission from the user to post on his timeline.
Just as a word of caution, you should moderate the content that would be posted on your Page's wall just to be sure, so that your Page is not filled with spam posts.

How can I allow my users, who create pages on my website, to communicate back to those people who click the Facebook "Like" button on their pages?

OK, apologies for the verbose title. Let me give the background in a bit more detail.
My website allows my registered users to create new pages, each of which has its own unique URL. Each page has a Facebook "Like" button on it. I've already implemented Facebook Open Graph API meta tags so that the pages are proper open graph objects, and when some other visiting Facebook user "likes" the registered user's page, a post appears on that Facebook user's wall saying they have liked the page. The Facebook Like widget also displays the number of "likes" that page has received as normal. So far, so good.
What I want to do is allow my registered users to be able to communicate back to the Facebook users who have liked their page. The community of "likers" for a page is a potentially valuable social media resource to the registered user, if only they could communicate back.
I am aware of the "admin page" link you get beside the Like button, which can be used to post to these people, but that is not an option for my registered users as they have no privileges in relation to the Like button.
What I want to do, if possible, is setup a form to capture the registered user's message back to the Facebook users, and then my website sends the message on their behalf, without having to ask for any extra privileges from the Facebook users.
The following Facebook documentation pages seem to say this is possible, but having followed the Open Graph API documentation, I can't get it to work as described - http://developers.facebook.com/blog/post/465/ and http://developers.facebook.com/docs/reference/api/ ("Publishing" subsection). I can get the access token correctly in the first request, and plug that into the second request to do the post, but that doesn't seem to do anything and doesn't return any error.
Since it doesn't work for me, I'm wondering if this is possible as described, or do I need to get some sort of extra permission to do this? I've seen reference to offline_access permission but as I'm new to this stuff I am not sure how it would fit in. If I have to get the Facebook users to grant permissions, this is not going to work as envisaged.
Any thoughts would be most helpful.
The short answer: No, You will never been able to post on someones wall as another user.
The long answer:
You could try to ask for offline access but then you are asking the user to hand over all their facebook data and give you access todo whatever you like their accound, so that is not likely to happend.
The next problem is that they have to be friends to be able to post on each others walls.
Thats why Pages was implemented, so that organisations could announce/talk with the people interested.
However if you have created the like button correctly and give the pages correct meta data, you are able to post to user who have liked it.
Scroll down to Publishing:
http://developers.facebook.com/docs/opengraph/
Just add a form for your user and let your system publish to the correct page, you probably will need a offline token from your own account or similar to use on the server.
Another more complex way could be to generate a facebook page for each page you have on your server.
When the user creates a page on your system a page is created on facebook but as your app as admin.
And when another user likes the page they like the facebook page, hence you have the possibility to post in that page and speak to the user who liked it. (whooa thats a mouthfull).