I am trying to work with Facebook's Graph API v2.8 through the php-graph-sdk.
My main objective right now is to get page ratings.
I setup a Facebook App which I'll call FB Ratings App and I can read ratings on my Facebook pages, but I ran into problems when I try to have other users get ratings through my app, FB Ratings App.
Here's a breakdown:
User A
Owns the Facebook App: FB Ratings App
Owns their Facebook Page: Sample Page A
Can see the Facebook Page data
The Access Token says it does not expire.
User B
Does NOT own the Facebook App: FB Ratings App
Owns their Facebook Page: Sample Page B
Can NOT see the Facebook Page data
The Access Token says it expires in 2 months
When I use the Access Token Debug Tool I see the same expiration time of 2 months for User B for the short lived access token as well as the long lived access token but the token string does change when I send the short token and ask for the long lived token.
Summary
Users (except for myself) are not getting access tokens that do not expire. Is there a way to renew these without the user logging in again or should I be getting a token that doesn't expire?
The same users that are getting access tokens of 2 months are not able to get Page Access Tokens for FB Pages that they own and created.
Here's a couple notes on the Facebook App that I created in the developers area.
It is set to Public with the status, "Your app is currently live and available to the public." However, I have not submitted the app for approval. I wasn't sure if this was necessary or how to go about this. If I need to do this, does my project need to be finished for Facebook to review the code?
These issue maybe related or they could be separate. The Facebook API is by far the most confusing API that I've worked with.
Related
As the title suggests im wondering how i could obtain a never expiring facebook user access token. Which i would need to create a page access token at a later date. I tried using their graph explorer tool but i could only make it go up to 2 months of expiry date and for my use case that wouldnt be ideal.
To shortly explain my use case, on our website im trying to implement a facebook sharing system where each user could share what they wanted i.e posts on their facebook page (we are not using facebook login and the user would just give acces from their own dev tool panel if thats the correct approach). I got this to work BUT only with a acces token that would expire in 2-3months. So a user having to re-authenicate with our service every 2-3 months isnt ideal and wouldnt really work for us. So is there a way i can refresh that token programtically or does the user have to give a new user access token every couple of months.
I have tried following this answer but with no luck Long Lived access token Facebook Page and many similar answers to this. There is also a suggestion that you should contact facebook if you want a never expiring access token which this user suggested Generate permanent access token Facebook API.
Now im wondering if it even is possible do that in 2021 and if there is anything i missed in regards how to generate said tokens or refresh them.
EDIT:
I used the following requests to get the extended access token.
https://graph.facebook.com/oauth/access_token?client_id=<your FB App ID >&client_secret=<your FB App secret>&grant_type=fb_exchange_token&fb_exchange_token=<your short-lived access token>
After i got the token i used
https://graph.facebook.com/me/accounts?access_token=<your long-lived access token>
to get the extended access token.
To get page access token that never expires, take the following steps:
Get user token
Make this token long-lived, e.g. by clicking "Extend access token" at the bottom of the page: https://developers.facebook.com/tools/debug/accesstoken/
Then, use this token to get page access token.
In Access Token Debugger the token will be marked as "Expires: never"
I have built a platform for my local young professionals organization with a PHP backend using Laravel. One of the newest initiatives I am wanting to take on is the integration of our marketing insights and for the board to take a quick look at our marketing efforts without needing to be directly in the software, such as our Piwik setup and FB page insights.
I have pulled the Open Graph/FB SDK and have configured some basic APIs to use in the software. I am wanting to make it so board members without admin access on the FB page can still see the insights. Is it possible to use an app access token to grab the insights? Do all of the board members viewing the PHP page need to be logged into FB with admin access to the page?
This is possible if you use a long-lived (eternal) Page Access Token.First, you'd have to get a User Access Token, for example via the Graph Explorer (https://developers.facebook.com/tools/explorer), with manage_pages and read_insights permissions.
Then, you need to exchange the returned short-lived User Access Token with a long-lived one. Next, request /me/accounts with the long-lived User Access Token and fetch the eternal Page Access Token from the result. Store it your application for further use.
You can check the Access Token with
https://developers.facebook.com/tools/debug/
Have a look at
https://developers.facebook.com/docs/facebook-login/access-tokens#pagetokens
https://developers.facebook.com/docs/facebook-login/access-tokens#extending
https://developers.facebook.com/docs/graph-api/reference/v2.2/page/insights/
https://developers.facebook.com/docs/graph-api/reference/v2.2/insights/
I'm building an application for an event so they can directly post their news messages on facebook. I'm trying to use de php SDK V4 for this but there are some parts of the login process I don't understand (still couldn't find a solution after searching for several hours).
My Problem is in the login process. First you have to specify which applicaton you are and give your application secret. Than you have to login to facebook with an account.
But which account should I use for that? The one of their event? Mine?
(I'm an admin of the events page) (this means that all messages will
be posted from mine account while i'm not the poster...sounds pretty
weird..)
Which method should I use to login into facebook? There is a veriaty of methonds like the FacebookRedirectLoginHelper(), the FacebookCanvasLoginHelper() or the Javascript one. However as far is I understand all these helpers for your users to login to their facebook accounts and that's not what I want.
During my search I found some an example of someone who is making a similar system (Facebook Graph API PHP SDK v4 - Post on Page). He/She uses the folowing piece of code for getting a facebook session:
FacebookSession::setDefaultApplication('{APP ID}','{APP SECRET}');
$session = new FacebookSession('{Page Access Token}');
This suggests that you don't need to login into facebook by user but only need a Page Acces Token. However if I understand it correctly (correct me if I'm wrong), to get a Page Acces Token, you first need an User Acces Token (https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens). To get an User Acces Token you should be logged in, and than we're back to question 1 and 2 in the beginning of my story.
Or can I just get a Page Acces Token using the following api request (according to https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens)
GET /{user-id}/accounts
Using a random user-id as long as the page admin gave this user permission to generate such a token (so the user related to "user-id" shouldn't be logged in while retrieving the Page Acces Token?) .
Sounds like you'll need to use the following flow:
Have the page admin log in with their Facebook account. Make sure to request the manage_pages extended permission. This will give you access to the pages they admin.
Once they grant access to your app, you'll get a short lived user access token. Exchange it for a long lived user access token.
Get the list of the user's pages with /me/accounts. Each page will have an access_token field returned with it. These are all page access tokens. We want to use a long lived user access token to get this list so that all the page access tokens returned will not have an expiration date. They live forever! :)
Use the page access token to post to the wall of the page if you want to post as that page. Use the user access token to post to the wall of the page if you want to post as that user.
And the Facebook Query Builder might make this whole process a lot easier. :)
Hope that helps!
I have PHP site. User can come on that site and connect with Facebook. When user is connected I get user id and access token and store to database. I used that access token to post some things (text, photos, and links on users FB).
Now, I see that access token is expiring after 60 days (extended token) and after that I need to prompt user to connect to Facebook again.
Problem is that my site need to post couple of messages which user wrote after he pass. And user can connect to Facebook for example 1. Sep 2013 and can pass after couple of years.
Is there any way how can I post that messages on that user's Facebook account, without prompting user to connect to Facebook again (of course if user not deny app on Facebook account before that) even token is expired.
Twitter and YouTube has unexpiring tokens which allow me to post on that social networks posts in couple of years (of course if user not deny my app on theirs accounts on twitter and YouTube).
Thanks
For simply posting to the user's wall; you can use the APP ACCESS TOKEN (APP-ID|APP-SECRET) for that.
I'm trying to make a small bot with my facebook app.
I've an Facebook app, people registered to my app through facebook.
I want my bot to check every day checkins of my users (launch with scheduler like cron)
since the bot is not accessed by a user, is there any way to retrieve access token for a user to get checkins information? via graph api?
I read that access_token expires, event offline_token can not be used forever.
I have tried to store fb_uid and user code generated when registering, but that is not working...
This is where offline_access rights are for. You can test this by using the token debugger. Just get a token with offline_access and you will see that the token won't ever expire. Until off course the rights are revoked by the user.