I have PHP site. User can come on that site and connect with Facebook. When user is connected I get user id and access token and store to database. I used that access token to post some things (text, photos, and links on users FB).
Now, I see that access token is expiring after 60 days (extended token) and after that I need to prompt user to connect to Facebook again.
Problem is that my site need to post couple of messages which user wrote after he pass. And user can connect to Facebook for example 1. Sep 2013 and can pass after couple of years.
Is there any way how can I post that messages on that user's Facebook account, without prompting user to connect to Facebook again (of course if user not deny app on Facebook account before that) even token is expired.
Twitter and YouTube has unexpiring tokens which allow me to post on that social networks posts in couple of years (of course if user not deny my app on theirs accounts on twitter and YouTube).
Thanks
For simply posting to the user's wall; you can use the APP ACCESS TOKEN (APP-ID|APP-SECRET) for that.
Related
I am trying to work with Facebook's Graph API v2.8 through the php-graph-sdk.
My main objective right now is to get page ratings.
I setup a Facebook App which I'll call FB Ratings App and I can read ratings on my Facebook pages, but I ran into problems when I try to have other users get ratings through my app, FB Ratings App.
Here's a breakdown:
User A
Owns the Facebook App: FB Ratings App
Owns their Facebook Page: Sample Page A
Can see the Facebook Page data
The Access Token says it does not expire.
User B
Does NOT own the Facebook App: FB Ratings App
Owns their Facebook Page: Sample Page B
Can NOT see the Facebook Page data
The Access Token says it expires in 2 months
When I use the Access Token Debug Tool I see the same expiration time of 2 months for User B for the short lived access token as well as the long lived access token but the token string does change when I send the short token and ask for the long lived token.
Summary
Users (except for myself) are not getting access tokens that do not expire. Is there a way to renew these without the user logging in again or should I be getting a token that doesn't expire?
The same users that are getting access tokens of 2 months are not able to get Page Access Tokens for FB Pages that they own and created.
Here's a couple notes on the Facebook App that I created in the developers area.
It is set to Public with the status, "Your app is currently live and available to the public." However, I have not submitted the app for approval. I wasn't sure if this was necessary or how to go about this. If I need to do this, does my project need to be finished for Facebook to review the code?
These issue maybe related or they could be separate. The Facebook API is by far the most confusing API that I've worked with.
I want to be able to connect an existing user account to his twitter account.
I want to give the option for the user to connect his twitter account. After that is done once, I would like to be able to auto-tweet to his account.
How can I achieve this?
When the user logs in using their twitter credentials you retain an oAuth token that will allow you to call twitter APIs with the permissions the user granted when the token was generated.
This token can be revoked by the user at any time.
The twitter site has loads of great documentation on this area:
https://dev.twitter.com/docs/auth/obtaining-access-tokens
I have a php app where my registered users login to facebook. I use $facebook->getLogoutUrl();. Then I retieve all their albums and display their id and names in an HTML select tag. The user select one and the id of the album is stored in the DB.
Here everything works great.
Then an anonymous user visit my website and I want him to see my registered user photos (public photos of the albums selected by the registered users) (they are not logged in my site, they are not logged in facebook). At the moment it only works if the anonymous user is logged in facebook. But I want to diplay photos even if the anon is not logged in facebook.
$photos = $facebook->api('/'.$idAlbum.'?fields=id,name,link,photos.fields(id,picture,source)');
I have tried a lot for 2 weeks but nothing seems to work. I have tried without login, I have tried with an app access token, I have tried:
https://graph.facebook.com/oauth/access_token?client_id=XXXXXX&client_secret=YYYYYY&grant_type=client_credentials
Can anyone help me? or tell me if is not possible to my app to retireve photos from an album. I searched a way to login my app but I only find app access token (https://developers.facebook.com/docs/howtos/login/login-as-app/) but as it say it can make requests as the app, not as a user
In order to access a users information, you're going to need a valid access token for that user. An application access token can't be used to do anything on behalf of a user.
Access tokens expire after a while and that prevents applications from searching though the users information when the user is not actually using the application.
If you want to go all the way - just download all the photo's from the album and store them on your server... If you can't do that, then you'll have to look into extending the album owner's access token so that you can use it when querying their album. As far as the application is considered, with that extended access token, it is in actual fact the album owner who is making the request.
Taken from the Facebook docs:
Extending client-side user access tokens
When a person completes a client-side auth flow and you retrieve their
user access token, by default the token is only valid for one to two
hours.
You can exchange this token for a longer-lived one that's valid for up
to 60 days by passing it to the /oauth endpoint from your server with
a grant_type parameter of fb_exchange_token. [Note that it must be
sent from the server so that the App Secret is not exposed.] Here's
what that looks like:
https://graph.facebook.com/oauth/access_token?
grant_type=fb_exchange_token&
client_id=APP_ID&
client_secret=APP_SECRET&
fb_exchange_token=SHORT_LIVED_ACCESS_TOKEN
The response from this endpoint will include the long-lived access token. This will be a
different string to the original token, so if you're storing these
tokens, replace the old one.
Basically you'll have to do this as soon as any (registered) user performs a succesful login and store the token in your database.
I am working on a simple Facebook App that will allow me to post from my client's website to my client's Facebook Fan Page.
Right now I set the access token with $facebook->setAccessToken( EXTENDED_ACCESS_TOKEN_IN_DB ); after creating my application instance with the PHP SDK. I am using the 60 day long-lived extended access tokens so the client does not have to login to Facebook each time they want to post to the Fan Page.
At some point, the access token will become invalid for any number of reasons.
Under ideal circumstances this would be once every 60 days. At the same time it would be nice if we could continue to publish to the Fan Page from the website through the app until the day arrives that the user de-authorizes the app.
Is there anyway to get a new access token once it has expired without asking the user to login to Facebook?
Is there anyway to get a new access token once it has expired without asking the user to login to Facebook?
No. That’s the whole point of deprecating offline_access – that apps can’t go on “forever” doing stuff in the user’s name.
Maybe you want to get a page access token instead of a user access token? The former ones don’t have a default expiry date.
I'm trying to make a small bot with my facebook app.
I've an Facebook app, people registered to my app through facebook.
I want my bot to check every day checkins of my users (launch with scheduler like cron)
since the bot is not accessed by a user, is there any way to retrieve access token for a user to get checkins information? via graph api?
I read that access_token expires, event offline_token can not be used forever.
I have tried to store fb_uid and user code generated when registering, but that is not working...
This is where offline_access rights are for. You can test this by using the token debugger. Just get a token with offline_access and you will see that the token won't ever expire. Until off course the rights are revoked by the user.