i use open graph for access member to register and login with facebook account in codeigniter, and i have idea to create automatic password with access token for every user, but i dont exactly know is it access token facebook is static or will different every time user access with other IP or something?
Thankyou
The access token is valid for 2 months (if you request an extended token, otherwise only a few hours). It will remain the same until the user deletes the app from his/her account or changes his/her password. Then you need to re-authenticate by sending the user to FB again through your app.
IP address does not matter.
Related
What I'm trying to do is basically have a system that allows people to post to Tumblr via this website using Tumblr's API. I think it would work something like:
Get the user to grant our application permission on Tumblr; get the token and secret from Tumblr.
If this user has never authenticated before, store the OAuth token, OAuth secret, and the user those belong to in a database.
If the user has authenticated before, check the OAuth token and secret that Tumblr just gave us against the ones already stored in the database to re-authenticate this user.
So, do I need to re-authenticate with OAuth on every single page? Or in other words, I need to contact Tumblr every time the user loads a page to make sure they're still the person they say they are?
I have a php app where my registered users login to facebook. I use $facebook->getLogoutUrl();. Then I retieve all their albums and display their id and names in an HTML select tag. The user select one and the id of the album is stored in the DB.
Here everything works great.
Then an anonymous user visit my website and I want him to see my registered user photos (public photos of the albums selected by the registered users) (they are not logged in my site, they are not logged in facebook). At the moment it only works if the anonymous user is logged in facebook. But I want to diplay photos even if the anon is not logged in facebook.
$photos = $facebook->api('/'.$idAlbum.'?fields=id,name,link,photos.fields(id,picture,source)');
I have tried a lot for 2 weeks but nothing seems to work. I have tried without login, I have tried with an app access token, I have tried:
https://graph.facebook.com/oauth/access_token?client_id=XXXXXX&client_secret=YYYYYY&grant_type=client_credentials
Can anyone help me? or tell me if is not possible to my app to retireve photos from an album. I searched a way to login my app but I only find app access token (https://developers.facebook.com/docs/howtos/login/login-as-app/) but as it say it can make requests as the app, not as a user
In order to access a users information, you're going to need a valid access token for that user. An application access token can't be used to do anything on behalf of a user.
Access tokens expire after a while and that prevents applications from searching though the users information when the user is not actually using the application.
If you want to go all the way - just download all the photo's from the album and store them on your server... If you can't do that, then you'll have to look into extending the album owner's access token so that you can use it when querying their album. As far as the application is considered, with that extended access token, it is in actual fact the album owner who is making the request.
Taken from the Facebook docs:
Extending client-side user access tokens
When a person completes a client-side auth flow and you retrieve their
user access token, by default the token is only valid for one to two
hours.
You can exchange this token for a longer-lived one that's valid for up
to 60 days by passing it to the /oauth endpoint from your server with
a grant_type parameter of fb_exchange_token. [Note that it must be
sent from the server so that the App Secret is not exposed.] Here's
what that looks like:
https://graph.facebook.com/oauth/access_token?
grant_type=fb_exchange_token&
client_id=APP_ID&
client_secret=APP_SECRET&
fb_exchange_token=SHORT_LIVED_ACCESS_TOKEN
The response from this endpoint will include the long-lived access token. This will be a
different string to the original token, so if you're storing these
tokens, replace the old one.
Basically you'll have to do this as soon as any (registered) user performs a succesful login and store the token in your database.
I am having a problem obtaining the twitter users access token and secret token without sending a username and password. I would like to get the access token by just sending the twitter_id, once the user has already authenticated my application before.
So the scenario is:
A user logs into my site (using custom login), he already gave my application permission to read/write his tweets. Now I need to load this users access token and secret access token.
Database:
CustomUID : 1 , Twitter_ID: 123456.
So Since I know CustomUID 1 is logged in, I need the access token/secret from Twitter_ID:123456.
The Problem is I canĀ“t find an API function that would let me get the access token without being redirect to Twitter Callback function (Twitter landing page), where the user has to type in his/her username and password, once again because the Request Tokens are obtained by the URL.
How can I solve this problem? I am used to the Facebook API, where user which have already authorize my app, allow me to receive their accesstoken just bei sending getAccessToken($ID).
Thank you very much for help!
You have to save, possibly in your DB, the OAuth token and access token after the first time the user authenticates. Then retrieve the token the next time you need to perform a query on behalf of that user.
I'd just like to ask about a problem I'm facing with Facebook Graph API.
I've connected to Facebook successfully, stored the user ID, and user access_code into my DB
Now when viewing the site I'm building, it's using the access_token stored in my database, but doesn't show my facebook statuses....because the "session has expired"....
Is there anyway I can regenerate the access_token?
Thanks
Example:
$status = 'https://graph.facebook.com/'.$userId.'/statuses?limit='.10.'&access_token='.$app_token;
User access tokens last only 1-2 hours. There is a technique to get a 60 day token for your use. It is explained here: http://dominicminicoopers.blogspot.com/2012/03/facebook-access-tokens-and-offline.html Remember to get this extended access token prior to the short-lived access token expiring. You must pass in a valid working user access token to pass to it. Do this serverside, not clientside because you have to use your app secret.
https://graph.facebook.com/oauth/access_token?
client_id=[APP_ID]&
client_secret=[APP_SECRET]&
grant_type=fb_exchange_token&
fb_exchange_token=[EXISTING_NON-EXPIRED_USER_ACCESS_TOKEN]
Remember to ask for the user_status permission when prompting the user. See: http://developers.facebook.com/docs/authentication/permissions/#user_friends_perms
You cant regenerate it, but you can get a new one by having the user go through the oauth process again, it will return a new token - https://developers.facebook.com/docs/authentication/
You can try to get a long lived token. That will allow you to access the status even when the user is not loged in.
See here
I need help with Facebook OAuth. I am trying to make a facebook news feed gadget for my webpage. What I did is, I created a facebook login page, got the verification code, and then got the access token. There is an expiry parameter in the access token.
My question is, what happens when the token gets expired? Does it become a new token person logs in again. I want to store it in a database, so I can access it anytime I navigate through the webpage.
If I use the access token, will it still get expired? Or does it expire if its not been used for the given expiration time?
The answer to your initial question, is that an access token is only valid whilst the user is logged in. So yes, a new access_token will need to be retrieved every time they log in to your site. This is detailed in the authentication flow documentation.
In order to get an access token which is does not have an expiry (or has a long validity period), you will need to get the user to authorise the offline_access. This should be set in your scope.
Here's a description of the offline_access permission from this documentation:
offline access - Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
This will not however, give you access forever. If the user changes their password, or deauthorises your application, you will need to get the user to reauthorise it to get a new access_token. If you try to use an out of date access token, an error message will be returned. That's why it's important to have a flow which will allow for such eventualities.
From my knowledge you can achieve this by asking for access my information anytime permission (offline_access) while a user does fconnect.
For Detail information please refer
For Permissions: http://developers.facebook.com/docs/reference/api/permissions/
For expired Token: http://developers.facebook.com/blog/post/500/