Offline posting on facebook - facebook-graph-api

User A is currently logged in to my Facebook App and performs an action that I would like to notify user B (which is currently offline).
I tried using the graph API but:
A is not a friend of B so I cant post using A's session.
I can post using B's session - but this would be confusing for B that will see a post from himself about A's activity.
I tried also the deprecated rest API but when specifing a uid which isnt the session user i get an error message.
Is there a way I can notify user B on the action performed by A?
Many thanks!

In my opinion you could do that (publish post on wall), if you have a offline_access permission. But this permission could scare some people.
Try remember the access token, and use it to publish while user is already logged out.

Related

Alternative to pull events from Facebook Graph API

Looking for alternatives on how to use the events API since the Facebook changes.
https://developers.facebook.com/blog/post/2018/04/04/facebook-api-platform-product-changes/
Our app currently uses /search endpoint, pulling events based on a /location (miles radius). Is this totally revoked or is there a way to work around?
Thanks.
You can no longer use the /search endpoint with the following object types: event, group, page, user
Please read: https://developers.facebook.com/docs/graph-api/changelog/breaking-changes#search-4-4
Currently to access events you can use a user endpoint such as ‘/me/events’ or ‘/me/events/not-replied’ using an access token valid for that user. you can get the events that the user was invited to or is going/interested
You can access an event endpoint /{event-id} with an user access token if that user has been invited or is going/attending or is the creator of that event.
I believe its possible (but didn’t test it yet) to access to a specific page events endpoint, such as /{page_id}/events with a page access_token such as manage_pages, if Facebook already approved that permission and the page owner accepted the permission.

Facebook server side authentication with partial permission

I'm using server side authentication for Facebook detailed on this page.
https://developers.facebook.com/docs/howtos/login/server-side-login/#step5
I'm asking for extended permissions like user_birthday and if the user accepts, I get the code
YOUR_REDIRECT_URI?
state=YOUR_STATE_VALUE
&code=CODE_GENERATED_BY_FACEBOOK
But if let's say the user declined to provide birthday, I still want to proceed when I get this url
YOUR_REDIRECT_URI?
error_reason=user_denied
&error=access_denied
&error_description=The+user+denied+your+request.
&state=YOUR_STATE_VALUE
Does anyone know how to get the code under that scenario or do I have to ask the user to signin again but this time not asking for additional permissions?
Cheers,
Steve
Does anyone know how to get the code under that scenario or do I have to ask the user to signin again but this time not asking for additional permissions?
There are two scenarios here:
You are asking the user to connect to your app for the first time. At this point, they can not decline giving you user_birthday permission solely (since it’s a basic and not an extended permission) – they either connect to your app, or they don’t.
The user has connected to your app before, and now you are asking for user_birthday permission. If the user declines that, that will lead to the error_reason=user_denied – and then you will not get a code parameter.
In the 2nd scenario, when using the server-side flow, asking the user again (maybe with a reduced set of permissions) is the only way to go – unless you have already gotten an access token before. That will not get invalidated – but it will obviously only contain permissions already given before.
(If the user connected to your app before, you can just call the Auth dialog with no scope parameter at all – in that case Facebook will redirect straight back to your app with a code parameter. Or you could get the token beforehand client-side, for example by calling FB.getLoginStatus.)

Offline_access and Api-Key confusion

I've tried do develop automatic code that would fetch data from ads campaigns under account. My plan is to have server that would query every day to get data from impressions/clicks/costs of ads and save it for later use.
I use https://developers.facebook.com/tools/explorer to get access_token for getting data (insights) from those campaign pages but when I log out to try offline_access it tells access_token is old, cause of password change or access_token getting outdated.
Isn't the whole point of offline_access to grant acccess when user is not logged in?
And besides that.. what's with most of my calls ending having reply as follows:
"(#294) Managing advertisements requires the extended permission ads_management, and a participating API key"
I've given access_token that has ads_management, but I have no idea what this Participating Api key even means. Do I need to add this to url call or something? Where do I get this Api Key?
Edit: I want to be able to get data from add campaign pages, so I'm not talking about Apps in page
You will want to read up on the deprecation of the offline_access here: https://developers.facebook.com/docs/offline-access-deprecation/
But most importantly follow the guide here on how to handle invalid access tokens:
https://developers.facebook.com/blog/post/500/
You app is to monitor the error messages coming back from the API and handle it gracefully.
I have the same issue and I found this bug can be reason of our problem. It's already accepted and assigned, but still not solved. I hope it's really bug and not a secure hole, that was closed :)

In Facebook Graph API, how do I post on someone's wall as the identity of another person?

I have 2 users in my database. I have both access_tokens for these two users.
I want A to post on B's wall. However, I am using the app_access_token, not the user's access_token (because the user access_token expires). Therefore, when the post is created, B is posting on B's own wall.
var uri = 'https://graph.facebook.com/' + fb_id + '/feed?access_token='+ app_access_token
I want A to post on B's wall, but still use the app_access_token.
The access token is what essentially identifies the user performing the action. When you use the app access token it is in fact the application performing the action. You will have to use the correct (user) access token in order for a post to appear on behalf of a user and not your application.
If you still want to use the app access token then you might consider including the users names in the message of the post. That way even though it is originating from your app - the actual post details the correct :
[user name] has sent you this message

Publish to friends wall doesn't work with specified access token

We have an application that allows to users publish content to their friends wall.
It uses the user's access_token given our application.
It works stable usually, but for some reason for one of our clients it doesn't work at all.
We've checked permissions several times, removed-added them again, but still no result.
There is no error message or something, everything looks fine, complete the action, but no posts published in fact. And it doesn't work only for one person.
What possibly can be a problem?
Updated: The problem is actually in this OAuthException:
Error validating access token: Session does not match current stored
session. This may be because the user changed the password since the
time the session was created or Facebook has changed the session for
security reasons.
We tried to get access token one more time, but that didn't help. Somebody familiar with this issue?
your user might forbid people/applications to post on his wall.
"There is no error message or something, everything looks fine, complete the action, but no posts published in fact."
Are you sure about this? You should be getting back a unique stream id of the feed item just posted.
Facebook frequently changes its policies that sucks!
Now, you need permission to access the wall.
You need to check if the user has permission to access your application / wall page. if user hasn't got permission then you need to ask for permission before message is streamed. Yes, that's true, it won't display any error message, unless you manually debug this to see where it is stopping.
My suggestion is:
1. use FB.login method to verify, if the user is not logged in then he should login
2. verify the user permission for the wall page
FB.api('/id', function(response){});
3. publish / stream the comments on wall
FB.api("/id/feed", 'post', { ... blah blah blah !
edits:
At FB.login method, you should ask for permisions
e.g. FB.login(function(response) {..} ... ,{scope: 'offline_access,publish_stream'});