I have a site that needs to post to a user's Facebook wall right away, and at some later point (which can be anywhere from 1 hour to 3 days later, at any time day or night), post another message to the user's wall.
To do this, I explain clearly to the user what's going to happen, then I connect to their Facebook account asking for publishing permissions (generating the permissions dialog for the user). At that point I can post the 1st message to their wall immediately. Later, when it's time to post the 2nd message to their wall (which again could be any time, the user is long gone), my server will receive a message. I will tag this message with some identifying information (for example, the user's Facebook user ID number) so I know whose wall to post to.
My question is, what specifically do I need to save in my local DB about their Facebook connection, so I can make the 2nd post (at some undefined point in the future, when the user is gone)?
I'm using the FB JS API and using FB.login to log into Facebook with the permissions I need, etc. The server side code is in PHP, so after JS retrieves them, I can send whatever credentials I need to save over to PHP code (via Ajax) to store in the local database.
For publishing the 2nd message, it will be all PHP (using the Facebook PHP SDK) since there is no user at the console/no Javascript involved.
I believe the answer I'm seeking should look something like:
When you initially connect to Facebook and the user grants permission to publish, Facebook will return xyz credential data. You need to store that info in your local database. Use the FB user ID as the key.
When you are ready to publish the 2nd message and your PHP script kicks in, retrieve xyz information from the database (using the FB user ID), then use the xyz call in the FB PHP SDK to actually publish what you want to post on their wall.
Thanks!
The steps are quite straight-forward. Let me explain-
Publishing a post, requires an access token; and once a user has authorized your application to post on your behalf, you can post on his behalf using the app access token. That it! So here are the steps-
When user authorized your app successfully to post on his behalf, just save his/her facebook id in your database.
Use the access token which is nothing but app-id|app-secret(beware, dont expose this on client side ever), to publish on his/her wall. Just like-
$response = $facebook->api(
"/me/feed",
"POST",
array (
'message' => 'This is a test message',
....
'access_token' => "app-access-token"
)
);
But things to consider:
While authorizing, the user may/may not give you the permission to post, you can check that with /me/permissions just after the authorization step; so you should act accordingly.
At any time later, the user can delete your app, or remove the permissions of your app from the app settings. In that case your posting script while give you the authorization error; in that case too handle appropriately.
Related
Firstly I am aware that there are a million questions similar to this, but they are all either out of date (Facebook has changed and the instructions no longer work) or don't explain how to do specifically what I am asking.
I'm trying to register an app on Facebook so that I can autopost to the company Facebook page, of which I am an admin.
I'm trying to do this via PHP, with which I have considerable experience (PHP, not Facebook API.)
So far I have registered as a Facebook developer, made a Facebook app, got the appID and secret word, and downloaded the facebook-php-sdk from Github. I have attempted to follow a couple of tutorials but the Facebook developer/app pages have all changed and so the intructions are now invalid.
All I want to do is to be able to post automatically to my page's wall from the server via PHP, as if I posted the status update myself as the page admin. I don't understand how or why this is so difficult.
The Facebook app page has a million settings that I've never heard of and don't seem to be related, then there is no information that gives any direction to do what I want to do.
This is about as far as I've got and I've hit a wall. No idea what to do next. Facebook keeps asking me "Select how your app integrates with Facebook" but their options don't appear to include what I want, which is just to post on my own page. I don't appear to actually be able to use the app yet, as there are various settings its insisting on, like "Canvas URL", which I do not understand, etc. and then I obviously need to set permissions, yet I see no way to do this either.
What do I do?
Setting up an app
You are going to need to authenticate the user who has at least content creator rights on your page. So you need to choose 'Website with Facebook Login' and enter your website url.
You'll also have to enter the domain (website url without protocol)
Keep it in sandbox mode while you test it you can edit that later.
You don't really have to worry about other settings as the permissions to ask can be added directly in your php code.
"Online" Access
To logging and post directly to facebook you'll need to retreive an access token
Getting an access token
Here is a basic run down:
Get user to login and allow app with appropriate permissions (manage_pages, publish_stream) if he hasn't
Retreive user access token
Query /me/accounts with user access token to get the page id & access token
Then all you have to do is make your API call with id & access token to post on facebook
"Offline" Access
In order to post without having to logging (usefull if you aren't the only one posting) you need a permanent extended token. So you basically should have a separate script that you'll run once to retrieve that extended token and store it.
Getting an extended access token
To be able to post without the user being logged in you need a permanent access token for your page.
Here is a basic run down:
Get user to allow app with appropriate permissions (manage_pages, publish_stream)
Retreive user access token
Change user access token for extended user access token
Here is how I do this step (you could also use curl)
$token_url = "https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUT_APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=OLD_TOKEN";
$accessToken = #file_get_contents($token_url);
Then
Query /me/accounts with user extended access token to get the page
Change page access token for extended access token (same code as
above)
(The last step shouldn't be necessary according to the doc as you should get an extended page token when you query /me/accounts with an extended user token but in my case it didn't work)
And you get a permanent access token that only expires if the user changes password or disallows the app. All you have to do is store it with the page's id and retreive it wherever you need an API call to post to facebook.
The php sdk is pretty well documented so you shouldn't run into any problem a google search can't fix. Look for post september 2012 threads the flow hasn't changed since neither did the php sdk much.
We are setting up a website, where users will fill out and submit answers to a surveymonkey survey. After the user submits his survey answers, we will access that data through an API call and generate a report for the user based on that data.
Everything works perfectly, EXCEPT every time I open a new browser and access the website, it takes me to https://api.surveymonkey.net/oauth/authorize?client_id=XXXXXX&redirect_uri=http%3A%2F%2FXXXXXXXXX%2Flogin_with_surveymonkey.php&response_type=code&state=1379358300-12fd31&api_key=XXXXXXXXXX (the X's cover identifying info), where I need to "Authorize user_name to use your SurveyMonkey account" ('user_name' is the SM-developer account login name). Once I input my SM account login and password, the website works perfectly and I can successfully do as many API calls as I want without any issues. However, if I close and reopen the browser window, I need to go through that tedious authorization process again.
Is there any way to permanently grant authorization to my surveymonkey account for my app, so that I don't need to go through this process every time I open a new browser window?
Thanks!
How are you storing the access token for the SurveyMonkey user?
Once you have generated an access token via OAuth for a particular SurveyMonkey user, that token will work until it expires (if it has an expiry time in it) or until the user revokes access. Only when that happens, i.e. you receive an error saying "Client revoked access grant", you should discard the old access token and reauthorize.
The access token is what you get back when you call through to /oauth/token (with the code retrieved from /oauth/authorize).
is it possible to save the user details (the Signed request that facebook sends after validation) to a database for future use?
NOTE: i DO NOT mean adding a random signed request, i merely mean the signed request that facebook sends AFTER user has successfully added your app + signed into facebook.
Yes. You can save it. Once it's on your server, you can do whatever you like with it.
Should you? I think not. That data is supposed to only be available to you while the user is using your app.
One thing to note: if you want to make calls to the Open Graph API on behalf of the user, any tokens you use will expire when they log out (unless you have requested the "offline access" permission).
After the user has authorized your app, you should continue to get a "user" object in your signed_request that includes their FB user id.
I have created a facebook application.
It's working only for my account means i can send message on my account only.
How it will be possible that users inputs their access_token and message and that
will be authenticated via that access_token and message should be
sent on that particular user's account through my facebook application.
In sort I want to post status on facebook using only access_token of a user.
I have done same for Twitter and that is working fine.
Can anyone help me?
Here's the process I have used for one of my Facebook applications to make wall posts from a user [of my application] to one of their friends:
Authenticate the user via the process described in the Authentication section of the documentation
Store the access_token (keyed against the Facebook user ID) returned after your call to https://graph.facebook.com/oauth/access_token
When you need to post to the wall of one of the user's friends, lookup the access_token you stored in Step 2 above and call the Graph API (as described in the "Publishing" sub-section of the Post section of the documentation) with it.
Please note: you will need to request the 'offline_access' extended permission to use the token after the user has logged out of Facebook. Also, Facebook do impose limits for the number of requests you can make per user per day. Theoretically, this should grow with your application but I've experienced problems before where this hasn't happened. You can check your current limits at:
http://www.facebook.com/business/insights/app.php?id=[app_id]&tab=allocations
I almost have facebook connect working the way I need it on my site, I need to work out a couple bugs still, below is from the facebook connect documents, it list the 3 different URL options below in the settings of FB connect. This could be very useful for me because when a user logs in for the 1st time on my site with facebook, I need to create there mysql profile with profile data from facebook.
Ok so I am a bit confused, I understand a Redirect URL just redirects the browser to a page but you can see that 2 of these links I save below are for a Callback URL, so I take it that facebook post data to the URL's I provide? If I am correct, how can I know what data it post back in the Ping?
1)
Post-Authorize Callback URL: Facebook
pings this URL when a user authorizes
your application for the first time.
You can also call users.isAppUser to
determine if the user has authorized
your application.
2)
Post-Authorize Redirect URL: You can
redirect a user to this URL after the
user authorizes your application for
the first time. You can use this URL
only if the user authorizes your
application through login.php and not
the login dialog.
3)
Post-Remove Callback URL: Facebook
pings the URL when a user removes your
application.
When the user redirects in the browser I can run code like this to get there profile data from facebook but I am not sure about when facebook pings data?
$user_details=$fb->api_client->users_getInfo($fb_user, array('last_name', 'first_name', 'proxied_email','birthday_date', 'sex', 'is_app_user', 'current_location', 'about_me', 'activities', 'interests', 'relationship_status', 'pic_big', 'pic_small', 'books'));
$firstName = $user_details[0]['first_name'];
.....
I don't think I completelly understand your question, so I'll try to answer what I can - if there's anything missing, please comment here and I'll edit the answer accordingly.
You're right assuming that Facebook sends POST data when pinging. So, basically what you'd do on the endpoint given (the url you told facebook to ping) is to read the $_REQUEST dict for the data you want. A list of every parameter Facebook sends on ping can be found here.
What would happen is the following:
User clicks to connect with your site with Facebook Connect
A Facebook log-in page shows a confirmation to the user asking if he allows this operation
If allowed, Facebook sends the POST data to the specified URL asap
The same happens when the user removes herself from your site through Facebook Connect.
Please note that you should validate carefully the data received on your endpoint. Since you're creating persistent data on every post request, at least ensure the requests can only be received from facebook.
Alternatively, you can just redirect the user somewhere after the authorization, call users_getInfo and check if is_app_user is true. If so, you go on creating your entities on your database.
1) Post-Authorize Callback is the url Facebook will POST some data to when a user authorizes your application/site. This is through ANY means, not just through Facebook Connect. You should keep the user ID that is passed with this so you can track which users have authorized your application/site. You can then use the user ID to send messages to (i.e. notifications) the user, typical app-to-user messages.
It's "ping" because Facebook ignores any response you send. You don't respond.
2) After a user authorizes your application, you can optionally have Facebook send the user to this URL. For example, a welcome page and/or introduction. This does not happen under Facebook Connect, only under the Facebook platform.
3) Exactly the opposite of #1. Facebook just lets you know that someone removed/deauthorized your application. Again, you don't need to respond.
Items #1 and #2 is how you keep track of which user IDs have authorized your application. You cannot query Facebook for this.
Facebook writes a cookie under your domain if the user is logged into Facebook and has connected with your site. You can always check for this cookie when a user arrives and log them in automatically to your site. You should verify the cookie data, of course. Instructions for doing that are here:
http://wiki.developers.facebook.com/index.php/Verifying_The_Signature