For my web application - I need to fetch all the data for a particular facebook page. What kind of permissions do I need. Do I really need to create a canvas app for it?
I dont intend to do anything on FB - but use some of the data available to arrive at some conclusions in my web based application which will be hosted on a server outside of FB.
Facebook's API documents should provide everything you need:
https://developers.facebook.com/docs/graph-api/reference/v2.1/page
According to the permissions section, you'll need either an App token or a User token. Since you're talking server-to-server (I'm assuming this is server-to-server on account of the PHP tag), you're going to want to use an App token:
https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
You should be able to create a Facebook App from within your Facebook account, which will provide you with an App ID and App Secret. You can use those to make calls directly to the API.
Related
I've developed a website with the usual crud functionalities in Codeigniter and MySQL. I'm now tasked with creating a mobile app (with the same functionalities ) in Ionic 2.
To access my database with Ionic, I created a REST api -- which I was able to manipulate smoothly.
My questions are:
How, or can I, use my MySQL users' credentials to log in on my Ionic 2 app?
How can my web and mobile can share the same database?
I've been reading a lot about Fire base,etc. However, my tiny brain is unable to comprehend whatever I read. If anyone can point me to right direction, I would highly appreciate it. Thanks!
When developing an Ionic App you have to think of it as if you were developing a regular website. The only difference is that you have access to native device features with cordova plugins, but the whole flow is almost exactly like in a regular website (it is an angular application after all).
This means you can use your API just like you use it in your website. There is no need to use firebase. (Firebase is kind of like a database itself that you could use INSTEAD of your MySQL backend)
Totally agree with #Andreas. When you build a modern application that supports on the different platforms such as web or mobile, you need to design a standard API and then next step is to build a web application/mobile app to consume this API. And because of all the web/devices are all consuming from the same API, they are interacted with the same database. Unless they are using different API.
Can refer to the image below for easy understanding.
So talk about how authentication and authorization can be done from the mobile app or from the web app. You should take a look at OAuth2. It is a protocol for securing API services from untrusted devices, and it provides a nice way to authenticate mobile users via what is called token authentication.
The workflow will look like below, on both web and mobile app.
A user opens up your mobile app and is prompted for their username or email and password.
You send a POST request from your mobile app to your API service with the user’s username or email and password data included (OVER SSL for sure. If you don't know about it, google it).
You validate the user credentials, and create an access token for the user that expires after a certain amount of time.
You store this access token on the mobile device, treating it like an API key which lets you access your API service.
Once the access token expires and no longer works, you re-prompt the user for their username or email and password.
Reference
REST API from PHP
The ultimate guide for Mobile Security
I'm working on a custom wordpress plugin for my site. I have multiple accounts so I'll need multiple feeds. I'm using the Fascebook SDK v3 (My server has an older version of PHP that the newest SDK doesn't work on). I've downloaded and included the correct files, no errors.
I then logged into one of my accounts and created a new app to get the App ID and Secret Key. However, my plugin doesn't work because it says it's not "live".
I need to do a submit and review that requires icons, screenshots, etc. However, I don't want my app available to everyone just my page.
You don't need to create a Facebook app for this. Apps are for situations where you need to access or modify information on other users' accounts. In situations like this one, where you only need to work with information which you personally have access to, the Facebook Graph API should be sufficient.
You will need to create a page access token for the page in question, then access endpoints related to the page to get information on the page, or read its posts.
I'm currently trying to wrap my head around a rather complex OAuth2 use case. I have two servers, one is a client side web server, which serves a website, the other is an API server, which is used to interface with all our backend data.
Currently users use a basic UserCredentials flow which creates an access token on our API server, which is then used to sign all requests from the webserver to the API
Is there a way I can allow users to log in using Google or Facebook, and either use the access token generated to sign API requests in the same way as above, or alternatively create an access token on our API which is then used the same way as above?
In a word: NO.
Let me try and explain why. Lets start by looking at Google, to access google you need to register your application in Google Apis console. When you ask a user to give you access to there google data you do it using the client id and secret you got from apis console. Then google goes about createing your application an access token for there api this info is all stored on there servers. When you then try and use that access token they know which user gave you access to there data via the api.
Now the same holds true for Facebook, and your service as well. They are all diffrent APIs offered by diffrent companys. They create the Access tokens Google cant create you an access token to access data on Facebook any more then Facebook could to Google. Things just dont work that way.
I'm trying to implement a transient oAuth authentication for a web app I'm creating. Essentially, the user needs to login with the Service each time they visit my web app. Primarily it's to enable using the web app without me having to store any of the user's authentication data. I'm trying to use the Tumblr API.
My platform of choice is PHP. However I've never really worked with oAuth before and and am still learning. The following scenario illustrates what I'm trying to achieve:
The scenario assumes that:
The user has already authorized my application in their Tumblr account.
Using my Tumblr Consumer Key, Tumblr Consumer Secret, I call to get request_token, which I later display to the user via a link.
Now on clicking the link above, I expect Tumblr to NOT to ask user to allow the app again (authorize in their account) and simply redirect user back and returning some info that will allow me to distinguish the user. There is no $_SESSION as user is trying login to the website using Tumblr
Is this even possible? If yes, can you help me figure out how to get this done?
Ps. I'm a complete oAuth Noob so please be gentle :)
If you are trying to use Tumblr in a way similar to Facebook Connect, Tumblr does not offer this feature at the moment. ie: you can not use Tumblr to log into your site.
Tumblr's OAuth implementation will allow you to have the user allow access for your app to the users account indefinitely. Which means that your app will always be able to access the users account, whether they are logged into your site or not. They will still have to log into your site each time they want to access your app.
Here is a solid guide to OAuth. Tumblr uses OAuth 1.0 :
http://hueniverse.com/oauth/
I've created a simple Facebook app that doesn't need any data/info from users. When I try to view the app on Facebook, it's requesting permission to access my personal info.
I want the app to display without this request, for both logged in and not logged in users.
What's the code to do this?
Edit with more info:
I have a working Facebook app which I want to leave alone, I've duplicated the apps code and created a new app through the Facebook dev area. I've changed the relevant App ID, API ID and Secrets throughout the code. The original app works without any permission needed, but my duplicated version for some reason requests permission.
Simple solution is to create the app in the developers area, do all the settings to an iframe and create the application path to your website. Now in your website remove all the PHP code related to FACEBOOK GRAPH API and let it be a simple website that is independent of facebook. This will make what you want.