I have a facebook app and I have also created a page for that app and I have linked them together. Now using apps key and secret I want to get that page's access token in my php code without login (script runs in cron). Logically authentication should be unnecessary since since I need app admin permission and admin permissions on the page side in order to link them together. Is there a way to ask for the pages linked to the app?
Related
I am developing an application using the YouTube API that allows users to browse their account (Uploads, favorites etc.) from an external site. The current site is setup as a WordPress multi-site network (which is only important here for the URL structure).
Each site is installed into a sub-directory, so for example the main site would be
http://www.mainsite.com
and each site URL structure would be:
http://www.mainsite.com/site-1/
http://www.mainsite.com/site-2/
I've setup a channel for each of the sites in the network so each site can view separate videos.
For each site I've installed I've setup a separate Google Project and am using a unique API key. I can authenticate on one site and store the refresh token in the database for later use.
That all works, but when I go to authenticate on a second site, the first site's refresh/access tokens get revoked and the second site works while the first does not.
I receive a response from the API on the first site "Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }'". I can then revoke the tokens, and re-authenticate and things work again until i try and authenticate on a different iste.
How come I can only have one site authenticated at a time if they are each using separate api keys and access tokens to hit the API? Is it because all of the JavaScript origins originate from the same URL?
If so, is there a work around where I can have all of the sites in the network connected without having to re-authenticate each time I want to view the channel? Is there some sort of limitation here that I'm overlooking?
It seems like only one site in the network can be communicating with the API at a time even tho the access tokens and api keys are unique to each site.
Use an api key:
client->setDeveloperKey('key goes here');
You can get the key from your api console, set it as a server key.
For my web application - I need to fetch all the data for a particular facebook page. What kind of permissions do I need. Do I really need to create a canvas app for it?
I dont intend to do anything on FB - but use some of the data available to arrive at some conclusions in my web based application which will be hosted on a server outside of FB.
Facebook's API documents should provide everything you need:
https://developers.facebook.com/docs/graph-api/reference/v2.1/page
According to the permissions section, you'll need either an App token or a User token. Since you're talking server-to-server (I'm assuming this is server-to-server on account of the PHP tag), you're going to want to use an App token:
https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
You should be able to create a Facebook App from within your Facebook account, which will provide you with an App ID and App Secret. You can use those to make calls directly to the API.
I am developing the application by Facebook PHP SDK.
If a user uninstalls this application from the Facebook page, I'm going to delete related data from my app. Is there any way of recognizing uninstallation of an application by PHP?
From the docs on authentication:
App Deauthorization
When a user of your app removes it in the App Dashboard or blocks the
app in the News Feed, your app can be notified by specifying a
Deauthorize Callback URL in the Developer App. During app removal we
will send an HTTP POST request containing a single parameter,
signed_request, which contains the user id (UID) of the user that just
removed your app. You will not receive an user access token in this
request and all existing user access tokens will be automatically
expired.
You can access updates about your app using Facebook Realtime Updates. These are webhooks - urls you provide on your server - which facebook POSTs information to when various actions happen, such as the user uninstalling your app.
I'm currently working on adding Facebook integration into a website of mine via the PHP SDK. I'm requesting and planning to use the offline_access permission so I'm storing the access_token in a database. However, I'm giving the user the option to remove the integration with Facebook after they add it and therefore then removing this access_token from the database. This is where the issue comes in:
The first time they add the integration, my app redirects to Facebook correctly and asks for the permissions, etc. Then, however, if they remove the integration and then re-add it, it doesn't ask for the permissions again (which makes sense since those permissions are still technically given to my app on that user's profile unless they went into Facebook and manually deleted them).
My question is if theres a way to tell Facebook to remove my app and its permissions from that user's Facebook profile so that if they go to re-add the integration, they are once again prompted to accept the permissions.
Perhaps something like $facebook->expireAllAppPermissions() I guess.
You can issue an HTTP DELETE request to /PROFILE_ID/permissions to revoke authorization for an app.
this is because you are just deleting access token from your data base , it will not remove your app from user profile. user is still authenticated with your app. he has to remove the app manually.
I've created a simple Facebook app that doesn't need any data/info from users. When I try to view the app on Facebook, it's requesting permission to access my personal info.
I want the app to display without this request, for both logged in and not logged in users.
What's the code to do this?
Edit with more info:
I have a working Facebook app which I want to leave alone, I've duplicated the apps code and created a new app through the Facebook dev area. I've changed the relevant App ID, API ID and Secrets throughout the code. The original app works without any permission needed, but my duplicated version for some reason requests permission.
Simple solution is to create the app in the developers area, do all the settings to an iframe and create the application path to your website. Now in your website remove all the PHP code related to FACEBOOK GRAPH API and let it be a simple website that is independent of facebook. This will make what you want.