I'm trying to update my code to work with the FB Graph 3.0.
The login flow works fine, and I request my permissions and the user grants them. The later bit of PHP code that uses the PHP SDK is meant to post to the user's timeline.
$r = $this->facebook->get('/me/permissions');
$result = $this->facebook->post('/me/feed/', $fbpost);
If I examine $r, I can see that I have the permissions required:
manage_pages: granted
publish_pages: granted
public profile: granted
pages_show_list: granted
Yet when it makes the actual request, it fails with an error: (#200) Requires either publish_actions permission, or manage_pages and publish_pages as an admin with sufficient administrative permission
When I attempt to add the publish_actions grant to my login (using the javascript library) I get an error that it's invalid: Invalid Scopes: publish_actions. despite FB's own documentation showing this exact scope in several example.
Can anyone point out what I'm doing wrong?
EDIT: I'm not all that concerned with the publish_actions scope having changed, though I understand that may be a new change that isn't in the docs-- but I do have the manage_pages and publish_pages permissions, yet I still can't post to my timeline, and the error code seems to say that those permissions are not set.
As explained in the FB v3.0 API /me/feed endpoint documentation you need the user_posts permission (which isn't listed in your granted permissions) to read and publish on this endpoint. Publish_x permissions are only related to pages and group, not personnal feed.
Also check the board of your FB App if there are no review alerts, with the recent changes in legislation (GDPR ...) and Facebook issues (Cambridge Analytica etc...) a lot of changes has been made in the API.
I'm not a FB API expert, however, Twitter recently removed the ability to post automatically to FB-- my assumption is that this automated posting to a user's timeline is no longer possible in the latest FB graph API. At least, it takes a lot more hoops to jump through than a 3rd party developer can expect a non-technical customer to handle.
https://help.twitter.com/en/managing-your-account/link-twitter-to-facebook
Related
Hi I have a 'publish_actions' approved Facebook live App.
It perfectly works for developer accounts and can upload image.
But when any normal user accessing this app, it shows a:
fatal (#200) Requires extended permission: publish_actions
Can any one suggest me solution for this?
Approved in review means that your app can ask normal users for a permission.
It does of course not mean, that the current app user has automatically granted that permission to your app. You still need to ask them for it, via the login flow.
I'm trying to get read_stream and rsvp_event permissions but FB's staff continue rejecting my submissions .. Why is so tricky retrieving permissions for a simple app?
I just need to read my status messages and events and display it on my website.
How do you create permissions submissions for your FB apps?
(I use graph api on my php site)
This is from the docs at https://developers.facebook.com/docs/facebook-login/permissions/v2.1#reference-read_stream
This permission is granted to apps building a Facebook-branded client on platforms where Facebook is not already available. For example, Android and iOS apps will not be approved for this permission. In addition, Web, Desktop and TV apps will not be granted this permission.
So, it's very unlikely that you get this permission approved.
Regarding the events, I think user_events would be the right one: https://developers.facebook.com/docs/facebook-login/permissions/v2.1#reference-user_events
As I understand this is only for the use on your personal website, why don't you generate the Access Token for your user manually via the Graph API Explorer, prolongue it and store it somewhere in your PHP script? You'll need to update the Access Token every 60 days manually as well, but this I think the most pragmatic option you have.
See
https://developers.facebook.com/tools/explorer
https://developers.facebook.com/docs/facebook-login/access-tokens#extending
When I try to get a page_access token with 'manage_pages' permission, i get following warning
The following permissions have not been approved for use: manage_pages. If you make your app public, they will not be shown to people using your app. Submit them for review or learn more.
I am the admin of this facebook page.
Trying to retrieve My Fanpage's reviews in my website, through php sdk v4.
From v2.0 onwards, the permissions other than public_profile, email and the user_friends need to the submitted for review before you can make your app live; else you wont be able to use them. Only the testers/admin/developers of the app will be able to test with those permissions until the permissions are reviewed.
If you want to skip the review process, you can keep your app in the dev mode and use the page access token that will never expire. To generate such token , see the steps mentioned here.
I have a very basic PHP site that I want to use oauth2 authentication against Google Apps, using the example they provided (below is my version), The user on authentication keeps getting prompted to allow my app offline access to their account, Which I don't want.
$this->gapps_api_client = new Google_Client();
// $this->gapps_api_client->setAccessType('online');
$this->gapps_api_client->setApplicationName( GAPPS_APPLICATION_NAME );
$this->gapps_api_client->setClientId( GAPPS_CLIENT_ID );
$this->gapps_api_client->setClientSecret( GAPPS_CLIENT_SECRET );
$this->gapps_api_client->setRedirectUri( GAPPS_REDIRECT_URI );
$this->oauth2 = new Google_Oauth2Service($this->gapps_api_client);
It's worth nothing I have been playing with "setAccessType" however no values seem to have an effect on this offline permission mode.
I've tried leaving it commented out, setting it to "online", "offline" nothing has made a difference.
Anybody else been able to oauth2 authenticate without the user granting your app "Offline access"?
The offline access display is often flagged if you have previously granted an app access, but the app is asking for sign in again (if the consent dialog is being forced or similar). This is due to incremental auth - its trying to hide previously granted scopes.
To test this, try revoking all app access with https://security.google.com/settings/security/permissions and signing in again. You should see the full scopes.
If that is the issue, then it is likely something your users wont see - when they sign in again they should not see a consent dialog unless you are using prompt=force or similar.
You might also want to look at retrieving profile using the Google+ API (this works for all account types): https://developers.google.com/+/api/latest/people/get, and upgrading to the latest version of the PHP library: https://github.com/google/google-api-php-client
I'm currently working on adding Facebook integration into a website of mine via the PHP SDK. I'm requesting and planning to use the offline_access permission so I'm storing the access_token in a database. However, I'm giving the user the option to remove the integration with Facebook after they add it and therefore then removing this access_token from the database. This is where the issue comes in:
The first time they add the integration, my app redirects to Facebook correctly and asks for the permissions, etc. Then, however, if they remove the integration and then re-add it, it doesn't ask for the permissions again (which makes sense since those permissions are still technically given to my app on that user's profile unless they went into Facebook and manually deleted them).
My question is if theres a way to tell Facebook to remove my app and its permissions from that user's Facebook profile so that if they go to re-add the integration, they are once again prompted to accept the permissions.
Perhaps something like $facebook->expireAllAppPermissions() I guess.
You can issue an HTTP DELETE request to /PROFILE_ID/permissions to revoke authorization for an app.
this is because you are just deleting access token from your data base , it will not remove your app from user profile. user is still authenticated with your app. he has to remove the app manually.