I have 100 Active Facebook access tokens.
For each account I have more than one access token.
I want to keep only one token for each account and want to delete the others.
And i don't want to do this manually so please post a PHP script which check all the tokens and keep only one active token for each account.
In such a case the simplest way to validate an access token is to issue the following request
https://graph.facebook.com/me?fields=id&access_token=#accesstoken
If the provided access token is not valid or expired Facebook will just return an error message of some sort. Such as :
{
"error": {
"message": "Error validating access token: This may be because the user logged out or may be due to a system error.",
"type": "OAuthException",
"code": 190,
"error_subcode": 467
}
}
For a valid access token the result will somehow look like this
{
"id": "ID_VALUE"
}
Related
I am trying to setup authentication with google plus using their tutorial. I followed the directions verbatim, changing the client id and the client secret in signin.php. For the record, the google plus API is enabled in the google developer console. I update file permissions as instructed as well (chmod +x signin.php and chmod -R 555 vendor/). However, upon loading my authentication URL (which happens to be at the auth_test/ sub directory of my domain, and clicking the sign in button, the console throws a 401 (unauthorized) for the get request sent /activites. I have researched the problem and see that this can be caused by an invalid token, but I dont see how that can be because everything has been setup in singin.php. Much help would be appreciated...
You need to reset the state of your app if disconnected to refresh the $tocken.
Google API office Docs on Handling API Errors
401: Invalid Credentials
Invalid authorization header. The access token you're using is either
expired or invalid.
{ "error": {
> "errors": [
> {
> "domain": "global",
> "reason": "authError",
> "message": "Invalid Credentials",
> "locationType": "header",
> "location": "Authorization",
> }
> ],
> "code": 401,
> "message": "Invalid Credentials" } }
Suggested action: Refresh the access token using the long-lived
refresh token. If this fails, direct the user through the OAuth flow,
as described in Authorizing Your App
Also its is clearly commented in singin.php at line no. 98 :
// Normally the state would be a one-time use token, however in our
// simple case, we want a user to be able to connect and disconnect
// without reloading the page. Thus, for demonstration, we don't
// implement this best practice.
//$app['session']->set('state', '');
Thus in your case it appears that your app is disconnected and thus causing the $token to become empty. Hence forcing this code block at line no: 91
if (empty($token)) {
// Ensure that this is no request forgery going on, and that the user
// sending us this connect request is the user that was supposed to.
if ($request->get('state') != ($app['session']->get('state'))) {
return new Response('Invalid state parameter', 401);
}
I am far from the programming and PHP, but got the challenge to get the Fb share count for the website :)
I'm trying to get the proper App Access Token and send the request to Fb
according to this article.
The request should be like this:
https://graph.facebook.com/?ids=http://www.myurl.com/my-page&access_token=myappid|myappsecret
And I getting this error.
{
"error": {
"message": "Invalid OAuth access token signature.",
"type": "OAuthException",
"code": 190,
"fbtrace_id": "FfZKAkCyad1"
}
}
I am going to use it in PHP roughly like this:
function facebook_count($url)
{
$results = #file_get_contents('http://graph.facebook.com/' . $url .'&access_token=myappid|myappsecret');
if ($results) {
$like_array = json_decode($results, true);
if (!empty($like_array['shares']))
return ($like_array['shares']);
}
return 0;
}
My guess, I checked wrong Permissions (scopes) for my App token. Did not found an answer in FB dev page. Checked this for now:
user_likes, read_insights, read_audience_network_insights, public_profile
What Scope do I need to check, if I need only the shares count by the link?
Or in what else could be the problem?
You need to use an App Access Token... So the actual permissions (referring to User Access Tokens!) are irrelevant.
So, hopefully you are replacing myappid|myappsecret with your actual App Id and App Secret. If ynot, there's your error. Furthermore, I think in the file_get_contents call then ?id= part in the URL is missing.
Reading the Facebook documentation on Access Tokens, it's a little unclear how to actually write the PHP code to handle them. Testing reveals a little, but I would like to do this correctly.
So, in my app, I use the Javascript SDK to login, and when that comes back, I make an Ajax call to save the access token. The server that handles that call converts that access token to a long-lived token, and stores it in our DB. So far so good.
But in the future calls to the PHP SDK, I want to handle the access token expiring, or the user invalidating the token. My basic SDK calls are like:
try
{
$request = new Facebook\FacebookRequest( $this->fbApp,
$access_token, . . .);
$response = $this->fb->getClient()->sendRequest($request);
// some processing here
}
catch(Facebook\Exceptions\FacebookResponseException $ex)
{
}
catch(Facebook\Exceptions\FacebookSDKException $ex)
{
}
The documentation suggests that I catch exceptions via capturing "the error messages thrown by the API", and gives this information:
{
"error": {
"message": "Error validating access token: Session has expired at unix time SOME_TIME. The current unix time is SOME_TIME.",
"type": "OAuthException",
"code": 190
}
}
with my only method of determining whether the token expired or the user de-authorized the app being doing a string comparison on the error message, or looking at a subcode (which, of course, are defined somewhere else. blech).
My main question is - will token errors always be thrown as FacebookResponseExceptions? I did a test with de-authorizing the app, and got that exception code of 190, and a message "Error validating access token: The user has not authorized application". Is there a way to get the subcode? Or do I just assume that an error code of 190 always means send them back through the login process?
And what about expired tokens? Tough to test that, will that throw an exception, or will the response from the SDK call be an error?
thanks...
An OAuthException is a pretty sure indicator that either the token is not valid any more, or that you don’t have the permission necessary to perform the desired action – both cases in which you likely want to send the user through the login flow again.
For a list of some possible error codes, and general instructions on how you should generally handle the, see https://developers.facebook.com/docs/graph-api/using-graph-api/v2.5#errors
In case you run into such an OAuthException, you might want to debug the token that you have stored – that will tell you if it is still valid or not: https://developers.facebook.com/docs/facebook-login/access-tokens#debug
And if it is, you might want to do a call for /me/permissions next, to find out what permissions the user has granted your app. You can also check for a specific permission via /me/permissions/permission_name.
Hi i have this to get comment from post it works is there is a years
$json = file_get_contents("http://graph.facebook.com/730350233684840/comments?limit=2500");
echo $json;
but now i have this error in facebook
{
"error": {
"message": "An access token is required to request this resource.",
"type": "OAuthException",
"code": 104
}
}
how i can get all comment from post ?
i have using your code #luschn
my request with true APP ID and App Secret
https://graph.facebook.com/730350233684840/comments?limit=2500&access_token=[APPIS|APPSECRT]
i have this
{
"error": {
"message": "Invalid OAuth access token signature.",
"type": "OAuthException",
"code": 190
}
}
i use chrome to look this error
--
English is not my native language, sorry for any mistakes.
For example:
$json = file_get_contents("http://graph.facebook.com/730350233684840/comments?limit=2500&access_token=[your-access-token]");
The most basic Access Token is an App Access Token, you can create one like this:
$appAccesstoken = $appId . '|' . $appSecret;
Depending on the resource, you may need a User or Page Token though. For that, you will have to authorize the User and it gets a lot more complicated.
More information about Access Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
you have to change the position access token and limit
https://graph.facebook.com/167416583311544_730350233684840/comments?access_token=appId|appSecret&limit=2500
Note: App access tokens are being used here so there is no login or permissions required.
My app access token is valid according to the Facebook App access token debugger
My FQL request is correct according to the Graph API explorer (for FQL)
However when I attempt a FQL search using my app access token:
$fql_query_url = 'https://graph.facebook.com/'.'fql?q='.urlencode($fql_query) . '&access_token=' . urlencode($acctoken);
I get the response:
{
"error": {
"message": "(#200) Must have a valid access_token to access this endpoint",
"type": "OAuthException",
"code": 200
}
}
The code I'm using literally worked two days ago but not it appears to be broken.
Does anyone know what is going on? I've looking into the app access token depreciation after 60 days but surely this would appear as an invalid token in the Facebook access token debugger. Also isn't the error message different if the app access token is depreciated.