i have this URL ..
https://graph.facebook.com/602414132/albums?access_token=123005381082600|2.FUPHmHF4kfDPly2GRPYDeg__.3600.1298228400-602414132|1JUKjvfo1Ri5s04x9v_vzf-sS8c&type=post&name=refacingme
when i using Chrome i get empty response :
{
"data": [
]
}
from where do you think the error is coming ??
It is true, I just fixed this bug a few days ago myself. The user must grant Extended Permissions for user_photos on your app. A few ways to do this:
1) Update your app info in FB Developer tab and add Extended permissions to your app. This will ask new users who register to give certain permissions before joining.
2) Alternatively, if the user has already added the app you can ask the user for permissions using the Javascript SDK call FB.login while they are in the app. (see code below)
FB.login(function(response) {
if (response.authResponse) {
// user is logged in and granted some permissions.
console.log("user is logged in and granted some permissions.")
} else {
// User cancelled login or did not fully authorize.
console.log("he failed to login or something")
}
}, {scope:'user_photos'});
This route requires you have set up the Facebook JavaScript SDK
I think you have not taken Extended Permission of user_photos. Take extended permission then you will not receive empty array
Related
I have been successful in creating a new Account User from following this tutorial: https://forge.autodesk.com/en/docs/bim360/v1/reference/http/users-POST/#example, and have used the PATCH method to set their status to active on Postman.
I would like to set their role and access_level but I am having trouble doing so. I have followed the link below to try and perform this function, but it requires the user to already be a BIM 360 Project Admin for it to work.
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-users-user_id-PATCH/
I also tried following the next link below to add a User to a project, but I am getting errors that I am unsure how to fix.
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-users-import-POST/
URI: https://developer.api.autodesk.com/hq/v2/accounts/:account_id/projects/:project_id/users/import
Method: PATCH
Authorization: *******************************************
Content-Type: application/json
x-user-id: {{user_id}}
Body:
{
"email": "john.smith#mail.com",
"services": {
"document_management": {
"access_level": "account_admin"
}
},
"company_id": ************************************,
"industry_roles": [
************************************
]
}
(The id for industry_role is IT).
Error:
{
"code": 1004,
"message": "this user doesn't exist."
}
I am unsure how I am getting this error since the User Id used for x-user-id is the same user_id associated with the email given in the request body. Is there a way to fix this or another method I can use?
The x-user-id header is not for specifying the user to import but rather:
x-user-id
string
In a two-legged authentication context, the app has access to all users specified by the administrator in the SaaS integrations UI. By providing this header, the API call will be limited to act on behalf of only the user specified.
Remove this field if that's not what you intended.
Verify the user id and email match each other via /GET users and /GET users:userid.
And be sure to provide either the user's email or the user ID and don't provide them both:
Note that you need to specify either an email, or a user_id. However, you cannot specify both.
See doc here
I want to get the albums from the Facebook in my app. I'm requesting the accessToken with email,user_about_me,user_photos permissions. While authenticating with the Facebook account in the pop window it is written as "app will receive the following info: your public profile, email address, photos and personal description.", this message is coming only for the developer account .
If I login through another account the pop up window text will be like this "app will receive the following info: your public profile and email address. ", there is no photos permission is coming in this message, as a result my accesstToken doesn't getting the albums of the user.
I made the app live for the public. I'm working on grails framework in groovy language
private static final String AUTH_URL = "https://www.facebook.com/dialog/oauth"
static def getLoginUrl() {
def params = [
response_type: "code",
client_id : CLIENT_ID,
redirect_uri : REDIRECT_URI,
scope : "email,user_about_me,user_photos"
]
def url = "$AUTH_URL?" + params.collect { k, v -> "$k=$v" }.join('&')
return url
}
EDIT: I just now created a new app in another facebook developer account and I used those credentials in my app. Then my app is getting albums from that devloper account only. It seems that it is working with the developer account. I checked all options age is anyone(13) , country option is also disabled.
Read about "Login Review" in the docs: https://developers.facebook.com/docs/facebook-login/review
Most permissions only work for users with a role in the App by default, you have to go through a review process with those.
I'm currently asking users for two read permissions i.e. email and user_location and one write permssion i.e. publish_actions. Following is the code snippet I'm using to verify if the user has granted all requested permissions:
$facebook = new Facebook(APP_ID, APP_SECRET, REDIRECT_URI);
if ( $facebook->IsAuthenticated() ) {
// Verify if all of the scopes have been granted
if ( !$facebook->verifyScopes( unserialize(SCOPES) ) ) {
header( "Location: " . $facebook->getLoginURL( $facebook->denied_scopes) );
exit;
}
...
}
Facebook is a class I've customly built to wrap the login flow used by various classes in the SDK. IsAuthenticated() makes the use of code get variable to check if the user is authorized. verifyScopes() checks granted permissions against SCOPES and assings an array of denied scopes to denied_scopes property. getLoginURL()` builds a login-dialog URL based on permissions passed as an an array as a only paramter.
Now, the problem is when the user doesn't grant write permissions, publish_actions in this case, write permission dialog is shown until user grants the write permission. But if the user chooses to deny of the read permissions, say email, the read login dialog isn't show. Instead Facebook redirects to the callback URL (that is REDIRECT_URI) creating a redirect loop.
The application I'm builiding requires email to be compulsorily provided but apparently the above approach (which seems to be the only) is failing. So, is there a workaround or a alternative way to achieve this? Or Facebook doesn't allow to ask for read permissions once denied?
As of July 15, 2014, an update has been made to the Facebook PHP SDK 4.x that allows user to re-ask the declined permissions. The function prototype of getLoginUrl() now looks like this.
public function getLoginUrl($redirectUrl, $scope = array(), $rerequest = false, $version = null)
So, to re-ask declined permissions we'd do something like this:
<?php
// ...
$helper = new FacebookRedirectLoginHelper();
if ($PermissionIsDeclined) {
header("Location: " . $helper->getLoginUrl( $redirect_uri, $scopes, true );
exit;
}
// ....
?>
For the time being you can append &auth_type=rerequest to the getLoginUrl return value to enable a rerequest, kind of lame but it works.
$helper = new FacebookRedirectLoginHelper($app_url, $app_id, $app_secret);
$login = $helper->getLoginUrl(array('scope'=>'user_likes', 'user_location'));
print $login."&auth_type=rerequest";
what about getReRequestUrl(); ?
That works just fine.
Read more at https://developers.facebook.com/docs/php/FacebookRedirectLoginHelper/5.0.0
Context
From Facebook Best Pratices I've understand that I should request a minimum set of permissions on the initial login page and delay the request of extended permissions for when they are really required.
For example. Say that my original login request for two extended profile properties:
<fb:login-button show-faces="true" width="200" max-rows="1"
scope="user_photos, friends_photos">
</fb:login-button>
Now, at some latter point, the user wishes to upload a photo back their profile using my app (which requires publish_actions).
As I understand it my App have to:
Check if the user have already granted that permission (say, with FB.api('/me/permissions')) to avoid triggering a login flow for no reason
Ask for the new permission by means of performing a new login:
FB.login(function(response) {
// handle the response
}, {scope: 'publish_actions'});
Perform a second permission check to see if the user have granted the new permission. If the user have granted the new permission perform the upload, else display some kind of error message explaining to the user that he should grant the new permission before being able to upload.
And my doubts are:
On the second step outlined above, should I ask only for publish_actions or should I also request already granted permissions?
{scope: 'user_photos, friends_photos, publish_actions'});
I'm using a Login on Client, API Calls from Server model:
So, at the moment that I request the new permission, my server will be holding a long-lived access token with the two initial permissions (user_photos, friends_photos). If the user grants publish_actions, am I supposed to go through the entire server side token exchange process again (using the new short lived access-token) before uploading?
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={new-short-lived-token}
Or will the new permission be promptly available for the long-lived token?
Answering my own question to anyone facing the same problem.
Yes, granted permissions are cumulative.
Should I ask only for publish_actions or should I also request already granted permissions?
I only need to ask for new permissions. Previously granted permissions remain available.
If the user grants publish_actions (with FB.login), am I supposed to go through the entire server side token exchange process again (using the new short lived access-token) before uploading? Or will the new permission be promptly available for the long-lived token?
The client side call to FB.login suffices. If the user grants publish_actions I can use the previously stored server side token to post content.
One small gotcha: When you call FB.login the user may skip the permission again (and it will return response.status === "connected"). So I had to actually double check for permissions:
Function to check permissions with callbacks:
function checkPermissions(perms, callback, failCallback) {
FB.api('/me/permissions', function (response) {
var fbPerms = response.data[0];
var haveAllPermissions = true;
if (typeof perms === 'string') {
perms = [ perms ];
}
for (var i in perms) {
if (fbPerms[perms[i]] == null) {
haveAllPermissions = false;
break;
}
}
if (haveAllPermissions) {
callback();
} else {
failCallback();
}
});
}
Assuming that photoUpload is a function that requires the publish_actions permission, here is the usage pattern that worked for me:
// First check
checkPermissions("publish_actions",
// If the required permissions have already been granted
// call the desired method
photoUpload,
// else
function () {
// Asks for permission
FB.login(function () {
// double check - the usar may have skiped the permission again
checkPermissions("publish_actions",
// if the user granted the permission, call the desired method
photoUpload,
// else cancel everything and warn the user
function () {
alert("Can't post without permissions");
});
}, {scope: "publish_actions"});
});
I am using Facebook JS sdk to show news feeds. the app works well for many users for for some users who have authorized my app doesn't bring reasonable result.
I use following code to get basic profile info which works for some users but for some it doesn't:
FB.api('/' + id + '?access_token=' + access_token, function (response) {
var strTitle = response['first_name'] + " " + response['last_name'];
});
In response object I receive only id, birth date, email, profile link but name is not available. Interestingly when I open profile link in my browser facebook says:
"Sorry, this page isn't available
The link you followed may be broken, or the page may have been removed."
after that my code can bring its posts but again the from name of the posts is missing in response object. The permissions list is attached as picture.
I can't understand what is going on and how can i fix this issue. Any help please?
The problem is that you are using the App center permissions feature (previously known for Authenticated referrals).
Use these settings to enter the set of permissions your app requires when displayed in App Center
You should be passing a login url with the scope array of permissions in JS SDK.
FB.login(function(response) {
// handle the response
}, {scope: 'email,user_likes'});
or via a login button
<div class="fb-login-button" scope="email,user_likes" data-show-faces="true" data-max-rows="3">Login with Facebook</div