I'm trying to get my own facebook page feed and register a wordpress post for every post on my facebook page. I got it working, but access token keeps expiring. I looked allover and still can't find a definitive answer about this.
Is it still possible to auto generate an access token using php? I have my facebook app id and secret. If so, how can I do this? Preferably without SDK.
You can use an Extended Page Token: https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
It is valid for at least 60 days though, and you cannot auto generate it. After that time, you may have to generate it again. Earlier, it was valid forever - until you changed your Facebook password or invalidate the App Secret.
Related
I apologize in advance if this question is horrible.
My goal is to have my website grab data (events) from one specific facebook page that I own, and then display that data on the appropriate website.
I'm new to the facebook graph API. I downloaded and set up the PHP SDK to use on my website.
I created the initial $fb object as it stated to do within the SDK "Getting Started" page.
However, the next step in the system is creating a way for users to "login" and with this it generates the required access token.
On my site, I have absolutely no reason to have a user login.
I am so lost, that I am not even sure what to ask.
I guess, what do I have to do so that I can get an authorization token that will grab public data, without having the visitors to the website authorize an app or login.
I have searched a lot over the last few hours, but the only thing i can find is the document on how to have users log in to get the access token.
Any answer or documentation linked would be so greatly appreciated. thank you.
I'm trying to implement login and registration on a page using the Facebook API for both JS and PHP SDK 4.0. The 4.0 SDK seems relatively new and have changed a lot in recent time. There aren't a lot of answers out there. The documentation also seems pretty poor.
I already have a page with standard login using php/mysql. This will just be another option of login/registration for users.
After a couple of years just reading on Stackoverflow, this is my first post. Sorry in advance if it's in some way inadequate.
This is how I figure I would like to set this up:
A Facebook-button next to the login with a JS Facebook-login dialog connected to it.
If the user authorizes: send the result with an ajax-request to a php-page
Use FacebookJavaScriptLoginHelper to set up a session.
Get a long life access-token with getLongLivedSession.
Make a request for /me. Check if the email for this account is already a user on my site.
If not already a user: Ask for a username, register the user with info from Facebook.
Connect the account by saving the internal userid and the access-token in my database
Questions so far:
Am I supposed to send the token with my AJAX-call from the client, or would this be a security risk? I could just fetch the token with the PHP SDK instead.
Should i store the token with $_SESSION? Should I even store this manually myself? If so, is there built in functionality for this in the PHP SDK? Couldn't find any.
When a user has gone through this process I want to be able to check server side directly on page load if the user has authorized my app (and is logged in on FB).
Am I supposed to acquire the access-token using $_SESSION, or is there functionality for this? Isn't there any built in functionality to do a standard check if the user is authorized already?
When doing this in PHP, should I use the FacebookRedirectLoginHelper? Seems a bit odd since I'd never want to redirect with PHP, when my login dialogs will be with JS.
Maybe I've gotten the gist of this all wrong. My main concern is if I really would have to be storing the token with $_SESSION. I've seen a lot of people doing it in tutorials, but found nothing about it in Facebooks docs.
Thank you for your detailed post. Not a lot of people put so much effort in their first post ;)
The token you refer to is automatically stored in the cookie by the JS SDK. You can instantiate a session on the PHP side in the following way:
$js_helper = new FacebookJavaScriptLoginHelper($app_id);
$session = $js_helper->getSession();
Or: https://developers.facebook.com/docs/php/FacebookJavaScriptLoginHelper/4.0.0
You don't have to store the token by yourself, since it's already stored in the cookie.
Does this make the situation more clear?
I searched in Stack Overflow, Google, etc, but I can't figure out how to show my stuff from my Facebook on my website. I tried some solutions and each one prompted the login dialog and visitors had to log in and accept my application (I've created one to test).
Many answers here were too generic, I didn't understand them that is why I'm asking.
I want something that would let my website "log in" to Facebook and show my status or photos to visitors without them needing to accept an app or log in into Facebook with their account.
I tried a facebook-php-sdk example with my AppID and AppSecret and it asked me to log in.
Also, github.com/facebook doesn't have an SDK for Python similar to facebook-php-sdk
You could write a script (eg. using the FB PHP SDK) that uses a long-lived access token to fetch your FB data and then store the data in your backend database (or other store for your website). To Facebook, your script will look like an app and your machine will be the only 'user' of that app. Note, long-lived access tokens are good for 60 days max. You could also try using an App Access Token to fetch basic info. App Access Tokens don't expire.
This might not be exactly what you are looking for since you posted this with the php and python tag, but it might solve your problem.
If you're website is powered by the wordpress engine you can use If-this-then-that : https://ifttt.com/
It basically allows you to create "recipes" with something like:
if new status on Facebook then create post on wordpress
The post will not require others to log in to Facebook.
This is without writing a single line of code only a couple of mouse clicks. So I'm not sure if this satisfies your needs.
I am having trouble figuring this out. Facebook is implementing a new policy https://developers.facebook.com/roadmap/offline-access-removal/ that no longer allows for the simpler "offline_access" tokens that you used to be allowed to get. I am developing an application that needs to access the Graph API every 3 hours with a cronjob, and I am not sure how to set this up so that I dont need to login to access it, since I cant login with a cronjob if I am redirected to a login page. I am assuming I need to use some sort of a Curl call within a php script to get this working. I dont need to post anything, all I am doing is grabbing posts from a few public pages. Any Ideas? I already have a script in place that can do what I want it to, given that I log in first with the login_url. Just need this working with a cronjob.
First of all a reply to the first question - there is nothing to be done on your side. The facebook's change simply means that this kind of applications is no longer possible. The best thing you can do is to request an extended token, which then lasts around 30 (or 60, not sure) days. To request it you need to call the fb api - as shown here and here (albeit not python examples, they are useful pointers). Official FB's explanation is here.
However, this token is going to be invalidated on every occasion the user changes their password, remove the app or log out of facebook. You would need to have a look which requests failed and manually notify the users to renew the token at your side and store the new one.
To your second question about crawling public posts - do you even need an access token? Try using the Graph API without it and see if you can get to the information you are interested in.
To solve a problem detailed in a question on Stack Exchange Web Applications, I've written a little PHP script that given a page name and a proper access_token spits out the events created by that page as an iCal calendar file. Obviously this file is not supposed to be accessed by humans, but by for example Google Calendar for subscribing.
I created the access_token through the Facebook Graph Explorer and only later realized that it expires. So the question is: can I get a page access_token that does not expire? Failing that, can I get one with a really long expiration that?
If that is not possible - does anyone have a clue what to do? Manually providing an access_token once an hour doesn't feel very feasible.
#CBroe put me on the right track, and #MPaulo helped me further. Here's how I explain the process in the beginning of the script file I've created to solve the problem described in the question I linked to at the beginning of my question above.
To begin with, you will need an access token. This is complicated stuff - getting a regular one is easy, but we want one that lasts permanently. As described in Scenario 5 here: https://developers.facebook.com/roadmap/offline-access-removal/ , we need to:
Get a regular short-lived access token
Exchange it for a long-lived access token
Using our new access token, get a permanent page access token.
First, create a new Facebook app at https://developers.facebook.com/apps/ . It can be named whatever, it's not going to be really used. Fill in a domain - it doesn't matter which, just take one that shows simple HTML and doesn't do any redirects: I used my own static web page, http://jobjorn.se/ , but http://example.org/ may work too.
As instructed by MPaulo on Stack Overflow here: https://stackoverflow.com/a/11238327/564628 , use the app id - from your newly created app - and visit this page:
https://www.facebook.com/dialog/oauth?client_id=MY_APP_ID&redirect_uri=MY_SITE_URL&scope=manage_pages&response_type=token
Be sure to replace "MY_APP_ID" and "MY_SITE_URL".
Then, exchange your short-lived access token for a long-lived access token by visiting this page:
https://graph.facebook.com/oauth/access_token?client_id=MY_APP_ID&client_secret=MY_APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=YOUR_ACCESS_TOKEN
Be sure to replace "MY_APP_ID", "MY_APP_SECRET", and "YOUR_ACCESS_TOKEN" (the last being the access token you received from the first page)
Finally, get your page access token here:
https://graph.facebook.com/me/accounts?access_token=YOUR_NEW_ACCESS_TOKEN
Be sure to replace "YOUR_NEW_ACCESS_TOKEN" (the access token you recieved from the second page)
Paste it below. It should be permanent, but due to a bug it might only last two months - see https://developers.facebook.com/bugs/151056591697025 for details. It seems to have been fixed however. You can test it here: https://developers.facebook.com/tools/debug/access_token
Create an app and use the app's credentials to authenticate. As long as you aren't reading user specific data, you don't need a user access_token.