I am the administrator of a Facebook group, and I created a site where I use FB login to identify my users; users of the site are supposed to be also members of my FB group.
Before the introduction of version 2.0 of Facebook API I used to store the ID of people logging in through my app in a mySql DB; since API 2.0 app-scoped ID have been created (https://developers.facebook.com/docs/apps/upgrading#), and I've understood how they work.
I've noticed that users who have logged in after the introduction of 2.0 API have the (longer) app-scoped ID, while old ones are keeping the same old ID (as I expected).
Now my question: I'm writing a small code to check if members of FB group I administrate are users of my site too (i.e. if their IDs have already been stored in my site's database), but I've found that a lot of IDs obtained through this code:
$members = $facebook->api('/'.$userGroupId.'/members','GET');
foreach($members['data'] as $data) {
echo $data["id"]."<br>"; }
are different from the ones I've stored in my DB.
The same user seems to be identified with 2 different IDs, one for login and another one for the group.
So, what's going on?
I suppose is something related to app-scoped IDs, but so far I haven't found a clear explaination on how FB group members IDs work...
Hope that someone could help me to better understand the logic behind user IDs on Facebook groups.
Related
What I'm trying to do is implement a "log in with Facebook button" on my site. I think I have understood most of the Facebook JS API, yet I am not certain of how I securely can tie information in my own databases up against a Facebook user. My current theory is:
1. Register Facebook's UID for the user in database for further reference.
2. Tie all further information from the user (the infromation inputted by the user in the application) up to the user ID after verifying the Facebook access token (in the backend), to prevent user from adding/removing information on behalf of another user.
3. When the user makes a query for information, you verify the access token issued by the JS API in your backend up against Facebook's APIs before returning any information related to the user, to prevent the user from spoofing his own ID
Side note: Not sure if Stack Overflow is the correct place to post this question.I know that there is an enormous number of sub sections on Stack Exchange. If this isn't the place then let me know :)
I implemented a login with Facebook module in my recent node project. When the user logs into Facebook successfully, it usually returns a unique Facebook ID (along with a lot of other data). You could then create a relation table in your database that relates the unique Facebook ID with a special user ID for your site.
If you have facebook info you are going to need frequently like profile image... I would grab the url every time and store it in a session variable when the user logs in simply because it can change.
I'm the administrator of a small group on Facebook, it has about 40-50 members. Now I'm building a webpage for the group which will authorize users using Facebook Login (I'm using Laravel + SammyK's LaravelFacebookSDK if that matters).
Everything works fine, there is a problem though. I'd like to restrict login for only those who are members of the Facebook group. The best way would be using the /me/groups API, but that requires user_groups permission, which is restricted.
Of course there are 'hacky' solutions like making each user manually to an App Insight user or writing a script that updates a database on my server every day that contains the list of the group members, but isn't there a simple, elegant way to do this?
I highly doubt Facebook will allow me to use the user_groups permission just for this.
Well the graph API does provide this functionality as you said, you would just need user permission, not facebooks. As you could communicate the need and benefits of this permission, you would just need to write it down, somewhere close to your registration/login. You then need to specify the user_groups inside the scope variable, that your sending with the getLoginUrl Method.
$scope = ['email', 'user_status', 'user_groups']; // it is 'groups' or 'user_groups'
$login_url = $fqb->auth()->getLoginUrl('http://my-callback/url', $scope);
I did not test this code, as I do not have an installation at hand, but from everything I just read, this is how it should work.
Edit: Almost forgot, you would get the data out of your Facebook object using the following notation:
$groups = $fqb->object('me/groups')->get();
Looks like there is only one nice way to achieve this:
Although /me/groups requires user_groups permission to retrieve groups the user is a member of, it can return groups created by the app without it (given there is a valid access token of course).
So - while it's clearly not as nice and seamless as I wanted it to be - my solution was to create a new Facebook group using the app (requires only a POST request) and move current members to this new one.
Edit: moving members is not a possibility, joining an app group is only possible programatically using the SDK. Therefore, when a user is not a member of this group, I'll prompt them to join. It means that everybody can join and I have to manually ban those I don't like instead of manually allowing those I want to, but given the low publicity, I can deal with this.
Yeah this is quite "fun" to implement. I remember being able to do it, but I don't have any specific code to help unfortunately. I can tell you, that it will require multiple tokens.
If I remember correctly, this is the logical flow:
Get the user's own token.
Then the group's token using the user's token.
And then you would control the data the individual is allowed to send to the group from within your application.
In numerous applications I've written, every time I want to give user an opportunity to log in through Facebook, I get their user id after logging in and pair it with my app's user account. However, after an introducion of v2.0, I'm not pretty sure how should I pair them. If I upgrade now without making any changes but changing API endpoints, I end up with duplicate accounts due to inconsistency between User IDs (I'll be searching for a new (APP scoped) used id in database with old IDs). How should I upgrade without losing every user consistency?
To demonstrate how do I retreive their accounts, I'll join a bit of PHP here
<?php
$user = $db->fetchQuery("SELECT * FROM users WHERE fb_id = ".$facebookSDK->getUser());
Consistency should be fine here, within a single app.
If a user has already authenticated with an app prior to 4/30/2014, the id you receive will not change. For new users authenticating on or after 4/30/2014, you'll get an 'app-scoped' id which has the same format but is not the canonical 'fbid'.
For apps owned by the same developer, the Business Manager can provide mappings for users across app-scoped ids in different apps.
https://business.facebook.com/
There is a dirty hack to retrieve original facebook id
http://graph.facebook.com/app-scoped-id this returns facebook public informaton along with username
Then you make another graph api call with username
http://graph.facebook.com/username
This will returns the original facebook id and other public information, instead of app-scoped-id
So I've created an app on foursquare and used this tutorial to get the user to accept my application for their FourSquare account.
Now I was under the impression after I did this I would be able to access their checkin history. I've tried pulling their USER_ID and used this $friend = $fsObj->get('/users/USER_ID_HERE'); to get the users information. But when I access their checkins $friend->response->user->checkins I only see their latest and most recent checkin. Yet their count is greater then one.
I am assuming there is something messed up with them not being an authorized user of my app yet in their profile->settings it shows them that their account is attached to my app.
Any help would be greatly appreciated on how to access their checkin history! Thanks! :)
At the moment the API will only return venue history for the authenticated use (user logged in).
https://developer.foursquare.com/docs/users/venuehistory.html
I am also hoping to be able to see top visited venues by user at some point soon. Foursq folk, any eta on when we'd be able to get at least a top 10 from any friended user of the authenticated profile?
To access the authorized user's checkin history, you need the /users/USER_ID/checkins endpoint. The /users endpoint it appears you're using only shows one checkin that's used by the native apps to populate the "last seen at" information.
https://developer.foursquare.com/docs/users/checkins.html
I'm a new Facebook developer. I'm creating a game and want to include a leader board.
I'd like to build a fairly detailed leader board including the following information:
1) Name
2) Pic_Square or profile_pic
3) A general location (UK, USA or LONDON, NY)
4) Score
I'm aware of how to get a current users basic information from the either the old REST API or the Graph API. However from what I understand of the Facebook rules I can't store the information I want to use from the API.
This leads me to the conclusion I should be polling the Facebook API using the information I can store (FB user ID's). When querying the API for specific user ID's (the ones for the test users I have generated) API methods (user.getInfo and fql.query) return either just the ID of the user or the fields I have requested with null values.
When querying my own ID I can access all the data.
Are there any methods to obtain publicly available data via the any of the APIs?
Thanks for your help!
Ben
Why do you think that you can't store this info? On the user table page it even says:
You can cache this data and subscribe to real time updates on any of its fields which are also fields in the corresponding Graph API version.
If you request offline_access permission you would be able to get user information even when a user is not currently logged in to your app.
You should be able to get any user public info without permissions or access token by going to:
https://graph.facebook.com/<USER_ID>
To display avatar you can use this code:
<img src="https://graph.facebook.com/<USER_ID>/picture"/>
I don't think you would be able to get location without requesting extra permissions.