I am using using ColdFusion 9.0.1
I am building a site that will use Facebook connections extensively, so we need the Facebook one click sign on. Specifically, to vote on our site, visitors will just "log in with Facebook" and can do all sorts of cools things while we track what they do using their email address.
I am only slightly confused by the Facebook documentation. And with their recent security change, most of the tutorials and help files I find elsewhere are out of date. So....
I have the single click sign on form on my page. When I am logged out of Facebook, I can use the "log into Facebook" link on my site to log in to my site as well as Facebook. So, I know the form works and the cookie works too.
From what I understand, I am supposed to read the cookie that Facebook sets in the browser and then parse it to access the info I need. Here's the cookie for my site:
cookie.fbsr_252075631496861
When I CFDUMP this cookie, here's what I get:
P2Hlk0UVT2EXc8LiaH48vmL_gI7Y4mwkto0IoSUN9mI.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiIyLkFRQ0VLMC1ibzhqeVhJSzYuMzYwMC4xMzI0MzM5MjAwLjEtMTAwMDAwNTg3NDM1OTY1fFNrYkQ1NU9UWndFMTh3cGE4TUZLZkpLalZzdyIsImlzc3VlZF9hdCI6MTMyNDMzNTU2OCwidXNlcl9pZCI6IjEwMDAwMDU4NzQzNTk2NSJ9
I have found a few tutorials on how to parse this string, but nothing works. I don't really know if I am acessing the right cookie.
Now that the user is logged into my site via Facebook, I just need their FBID to access their info. I believe the FBID is buried in this cryptic string.
Can you provide any help?
Once you get parsed signed_request (stored in your cookie) you can use user_id (which is Facebook User Id) and oauth_token (aka access_token) to get needed info via Graph API or FQL.
Related
I stumbled across a website a while back where it showed the privacy repercussions of logging in to Spotify using the web version. I believe it used JavaScript but I can't be too sure. Anyway, this unrelated website was able to display my Spotify username despite me not authorizing anything. If I remember correctly, it also had slots for other services that I didn't use so it couldn't show my username there.
But what I'm interested in learning about is how it managed to get my Spotify username. Not because I plan to use the method but out of curiosity with how the whole thing works. When I found out about that page/site awhile back, it spooked me enough that I started using a different browser profile specifically for Spotify going forward because of it but I never got around to digging deeper into how it actually did what it did.
Cookies save your an access token for Spotify account after to success login of Spotify.
Next time, if open your browser go to
https://open.spotify.com/
It's java-script to access from your PC's cookies,
call this API with cookies an access token, get your information.
Then display your user name in the web page.
https://api.spotify.com/v1/me
If I copy from my Chrome browser the access-token and API URL,
Then access by Postman.
I can get the my user name.
Each browser has own location to save a cookies,
if you never login before other browser, will not pick up your information.
I did not login before by Firefox.
This is screen of login.
I have a facebook application and want to use it to allow my users to post simple messages on a page.
I used api explorer and made a few api calls to post but all that I post is not visible for other users than the one I am logged with and for not-logged-in users. I want my api-made posts to be visible for everyone, not just for the user that posted them.
I mention that if I make a post using the textbox directly (manually) on the page then those posts are visible to everyone, even for non-logged-in.
Is there a step-by-step tutorial for this?
What I finally want is to allow users of my site to post messages to facebook directly (after login to facebook of course). Posts should be done by different users to different pages as the respective page.
Code samples are much appreciated.
For posting to a page as the page, get a page access token: https://developers.facebook.com/docs/facebook-login/access-tokens/
To post as the page, you need an access token with manage_pages permission. And there’s no build-in way for a page admin to get notified when someone wants to post to their page as the page, because that’s not a common use case. But the page admin can grant you manage_pages once so you get a page access token, and then you can use that in your app to post to the page, you just have to set that access token explicitly when doing so.
OK, I need some help understanding the process behind Facebook's website integration process and how I can integrate it into my web app....
In its most basic form, my site stores and displays users' comments about products (there's more to it than that, but that's all that's relevant for this question). What I'd like to do is allow them to post that comment, together with the name of the product (and my site), to their Facebook wall by clicking a button.
I do not need the users to log in to my site at all, either with Facebook or any other authentication system and the Post to Facebook part is optional.
Obviously if they decide they do want to post their comment to Facebook, then they'll need to login, but I'd rather temporarily take them away from the page to login, post and then be brought back to my site.
What I need to know is how much of Facebook's APIs, Open Graph and Auth systems do I actually need to integrate?
I had hoped that I might be able to generate a simple link to Facebook with their comment embedded as a POST element...?
I'd be really grateful if someone could point me in the right direction!!
(P.S. I need a similar solution for Twitter, but I think that's easier!?!)
The Feed Dialog doesn’t allow including of a pre-set message any more, so you’d have to make that post via the Graph API if you want to pre-fill the message (and even then, you should only do so, if you’ve given the user the possibility to edit the pre-filled message first).
See here for how to make a post on a user’s behalf via Graph API, https://developers.facebook.com/docs/reference/api/user/#posts
You can do that all client-side, if you embed the JavaScript SDK into your page.
You need to set up an app on FB, then have the user connect to it (using FB.login), ask for the necessary permission (publish_stream) while doing so, and after successful login use FB.api to make the Graph API call.
OK, apologies for the verbose title. Let me give the background in a bit more detail.
My website allows my registered users to create new pages, each of which has its own unique URL. Each page has a Facebook "Like" button on it. I've already implemented Facebook Open Graph API meta tags so that the pages are proper open graph objects, and when some other visiting Facebook user "likes" the registered user's page, a post appears on that Facebook user's wall saying they have liked the page. The Facebook Like widget also displays the number of "likes" that page has received as normal. So far, so good.
What I want to do is allow my registered users to be able to communicate back to the Facebook users who have liked their page. The community of "likers" for a page is a potentially valuable social media resource to the registered user, if only they could communicate back.
I am aware of the "admin page" link you get beside the Like button, which can be used to post to these people, but that is not an option for my registered users as they have no privileges in relation to the Like button.
What I want to do, if possible, is setup a form to capture the registered user's message back to the Facebook users, and then my website sends the message on their behalf, without having to ask for any extra privileges from the Facebook users.
The following Facebook documentation pages seem to say this is possible, but having followed the Open Graph API documentation, I can't get it to work as described - http://developers.facebook.com/blog/post/465/ and http://developers.facebook.com/docs/reference/api/ ("Publishing" subsection). I can get the access token correctly in the first request, and plug that into the second request to do the post, but that doesn't seem to do anything and doesn't return any error.
Since it doesn't work for me, I'm wondering if this is possible as described, or do I need to get some sort of extra permission to do this? I've seen reference to offline_access permission but as I'm new to this stuff I am not sure how it would fit in. If I have to get the Facebook users to grant permissions, this is not going to work as envisaged.
Any thoughts would be most helpful.
The short answer: No, You will never been able to post on someones wall as another user.
The long answer:
You could try to ask for offline access but then you are asking the user to hand over all their facebook data and give you access todo whatever you like their accound, so that is not likely to happend.
The next problem is that they have to be friends to be able to post on each others walls.
Thats why Pages was implemented, so that organisations could announce/talk with the people interested.
However if you have created the like button correctly and give the pages correct meta data, you are able to post to user who have liked it.
Scroll down to Publishing:
http://developers.facebook.com/docs/opengraph/
Just add a form for your user and let your system publish to the correct page, you probably will need a offline token from your own account or similar to use on the server.
Another more complex way could be to generate a facebook page for each page you have on your server.
When the user creates a page on your system a page is created on facebook but as your app as admin.
And when another user likes the page they like the facebook page, hence you have the possibility to post in that page and speak to the user who liked it. (whooa thats a mouthfull).
I need to make POSTs to facebook page timeline (not auto posts, but when a user on an enterprise application submits a form). Note that a user should bot be logged in on facebook!
I've searched a lot and seems i should use graph api to do this... but, it's possible to achieve this without creating a facebook app?
I don't wish any user have this app... i just need to make POSTs to a facebook page that i own. So, it's not a public app.
I've made some tests with graph api explorer, after creating an app, and i'm trying to POST and always get error "An active access token must be used to query information about the current user.".
So, i'm using the correct access token (app access token in this case)... how can i test this? I should have my app submitted to be reviewed already? I just want to make some tests, to see if this actually works as i need to... don't wish to publish app now.
Could someone point me to the right direction?
Thanks!
An App Token is the wrong Token to post to a Page. You would need to use a Page Token for that. At least if you want to post "as Page". If you want to post "as User", you have to use a User Token. Everything you need to know is in the docs: https://developers.facebook.com/docs/graph-api/reference/v2.5/page/feed#Creating
More information about Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/