I understood from Facebook's tutorial that someone clicks on your Facebook app and is brought to your app page: http://apps.facebook.com/example_app
Then Facebook opens an iframe with your canvas URL and does a POST with the signed_request parameter. That parameter has all the info you need, check it if the user has accepted your application. If not, redirect to the OAuth 2 flow. If they have, then the signed_request will contain their user_id.
Unfortunately, I'm not passed any signed_request parameter when I click on my facebook app! This is what I'm passed in the POST request body:
fb_sig_in_iframe=1&fb_sig_locale=en_US&fb_sig_in_new_facebook=1&fb_sig_time=1316465522.5989&fb_sig_added=1&fb_sig_profile_update_time=1280164553&fb_sig_expires=1316469600&fb_sig_user=111111111&fb_sig_session_key=&fb_sig_ss=222222222222222&fb_sig_cookie_sig=333333333333&fb_sig_ext_perms=email&fb_sig_country=us&fb_sig_api_key=44444444444444&fb_sig_app_id=555555555555&fb_sig=66666666666
Is it the above or signed_request? I'm confused... how can I get the access_token of the user and his user_id?
This won't be enabled for all (especially older) apps by default, there's a setting you need to enable in the App's Advanced settings, under 'Migrations' to enable signed_request for canvas apps
Related
I am hitting a wall while developing seamless integration of a Facebook page with my bot.
Essentially I want to achieve same integration than Chatfuel or Manychat have, where being logged in with your Facebook account lets you to just choose what page you are connecting to them and you are good to go.
The problem I am facing is generating the proper token in order to bind the selected page to my app (bot). As per Facebook documentation:
When you create a subscribed_apps edge, the page-id you use in endpoint must match the page ID of the page access token used in the API call. The app that the access token is for is installed for the page.
Given the call has no other parameter than the access token, this access token has to be enough for Facebook to:
Authorize the action on the page.
Identify what app is being subscribed to the page.
This is confirmed while using the Facebook Graph API Explorer, where one selects the page and the app to bind and a proper access token is generated:
This token properly works using cURL in the terminal:
$ curl -X POST 'https://graph.facebook.com/v3.0/<MY_APP_ID_HERE>/subscribed_apps?access_token=<TOKEN_PASTED_FROM_GRAPH_API_EXPLORER>'
{"success":true}
With the Facebook Access token debugger (info icon on the left of the access token, then open in Access token tool), it is confirmed that the token knows about both the page and the app that have to be connected.
The question is, how are these page-app related token programmatically produced? I can't seem to find the proper API call in Facebook documentation and it is by all means possible, as Chatfuel and Manychat are doing this.
Thanks in advance for your support Lars Schwarz and community!
Adding some detail to Alex's answer, for it to be more complete.
When subscribing an app to a page, Facebook needs to:
Know what app you are talking about.
Know what page you are talking about.
Know that you have permissions on that page to subscribe an app.
How does Facebook know it all?
1 comes from the fact that Facebook login happens in the context of a page, actually, the Javascript code for Facebook contains your appId:
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v3.0&appId=<YOUR_APP_ID_IS_HERE>&autoLogAppEvents=1';
2 Comes from the page_id in the URL used to subscribe apps to pages:
https://graph.facebook.com/v3.0/YOUR_APP_ID_HERE/subscribed_apps?access_token=YOUR_ACCESS_TOKEN_HERE
3 Comes from the access token, obtained in the context of an APP through Facebook login, that is passed as parameter in the URL used to subscribe apps to pages:
https://graph.facebook.com/v3.0/YOUR_APP_ID_HERE/subscribed_apps?access_token=YOUR_ACCESS_TOKEN_HERE
To do this, you need to put FB Login on your site/customer portal and request pages_messaging and manage_pages permissions. The person that logs in must be a Page Admin.
Once your app has been granted that permission for the page, you can generate a page access token as described here:
https://developers.facebook.com/docs/pages/access-tokens
I am referring tutorials to implement django social-auth, I hace successfully implemented it for Twitter and Google+ . But, in case of facebook , I am not seeing "Valid OAuth redirect URIs" which has to provided for facebook. I assume that the new developer console of facebook has this new field.
By leaving the field empty, I am still able to login but I am not getting relevent details from FB. It might be because of this "redirect URI".
I followed below tutorials
Tutorial 1
Tutorial 2
I guessed that "http://localhost:8000/oauth/complete/facebook/" could be the URI looking at google+ and twitter pattern but I am still not getting email ID of user.
Can someone please confirm the redirect URI that has been used by them for Facebook in their Django App
The problem is that Django sends a redirect_state parameter which is not allowed by Facebook redirect URI policy.
Here's a simple solution:
Create a new backend for Facebook OAuth that don't pass redirect_state:
from social_core.backends.facebook import FacebookOAuth2
class CustomFacebookOauth(FacebookOAuth2):
REDIRECT_STATE = False
change social_core.backends.facebook.FacebookOAuth2 on your CustomFacebookOauth in AUTHENTICATION_BACKENDS of settings.py.
After hours of headache I finally found out that it was
https://{your_website_name}/social-auth/complete/facebook/
e.g. https://www.instagram.com/social-auth/complete/facebook/
Note that https is made mandatory by facebook.
I cannot get "userToken" parameter from the redirected callback url.
Under Glassware GDK authorization guideline like below I should have seen “userToken” parameter on redirected callback url after turned on our glassware.
GDK Authentication Process
When users turn on your Glassware in MyGlass, they are redirected to your authentication URL. These requests include a query parameter named userToken that you need to use later.
However, when i debug the redirected callback url on callback server, there had just "code" parameter.
It looks like the successful authorization flow of Mirror API under Glassware Mirror API authrization guideline like below. (Not Glassware GDK authorization flow)
Authenticate the user
This initial sign-in returns an authorization result object that contains an authorization code if successful.
I insert the informations like below on glassware submission web page.
Client ID = Client ID for Service Account
Authorization URL = https://accounts.google.com/o/oauth2/auth?response_type=code&scope=https://www.googleapis.com/auth/userinfo.profile+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/drive.file+https://www.googleapis.com/auth/glass.timeline+https://www.googleapis.com/auth/glass.location&redirect_uri=http://www.aaa.com/auth/google/callback&access_type=offline&approval_prompt=force&client_id=Client ID for web application
Package Name = Package Name from AndroidManifest.xml.
What i have to fix for getting "userToken" parameter on redirected callback url ??
The ?userToken= query parameter is not retrieved from the OAuth 2.0 redirect callback but from the URL that MyGlass uses to open the pop-up.
If the URL you gave the review team was something like https://www.example.com/auth, MyGlass will open a pop-up with this URL https://www.example.com/auth?userToken=<USER_TOKEN>. It is you responsibility to save this value until you can fully process the request.
In our Java EE app we are invoking the fb oauth flow to get accessToken.
For this purpose we make a call with the callback url to the fb server with app key and secret.
At this moment the same url is provided in the fb app url section.
However, is it possible if we can some how change the redirect url to go to a different server ? I have seen just changing the callback url in the code does not work. Looks like it has to be same in the code as well as in the fb application.
This make very difficult to test or use the same app to try things from two different web servers.
Any advise on this?
This is unfortunately not possible. Just redirect user to your redirect_uri which will redirect you to the correct location
The URL to redirect to after the user clicks a button in the dialog.
The URL you specify must be a URL of with the same Base Domain as
specified in your app's settings, a Canvas URL of the form
https://apps.facebook.com/YOUR_APP_NAMESPACE or a Page Tab URL of the
form https://www.facebook.com/PAGE_USERNAME/app_YOUR_APP_ID
https://developers.facebook.com/docs/reference/dialogs/oauth/
For security reasons you can't change the redirect url. Facebook check that you provide the same redirect url as you gave when you registered the application. The way I solved this was to register one application on facebook for each server.
Here is Solution from Promo Group
One of the options - to add a 2nd domain (address mirror the primary site) in
Settings » Basic tab at the top» Mobile Site URL
I am using Twitter OAuth to login users. The login takes users to Twitter and upon successful OAuth returns them to a specified url. From this url I would like to redirect users back to the page they were on before logging in.
What is a good way to do this?
Two ways:
Craft your OAuth URL so it sends them back to the right page, or at least says next=url in the querystring. This is most reliable but can break (and does look ugly but who's copying and pasting OAuth URLs anyway?)
Store a session containing the last requested "real" page. I say "real" like that because I don't count any auth/registration pages as real. So every hit, check to see what URL they're on, if it's not auth-related, store it in session. When they hit your OAuth-auccess page, redirect them to the session value. You can do this in a context processor or some middleware. Requires cookies and logout will nuke it.
i am using redirect url in twitter auth url and its working for me ..