I am planning to come up with a website to access the profile information of my friends on Facebook. The first step being is to authenticate a friend with their facebook user name and password. I am reading up on the docs on manually authenticating a user. I am unable to understand that once I have a access_token, what steps I need to take to get a user information, in this case, even me?
What I also do not understand is the website states to provide the app_id and app_secret to generate the access_token. My understanding was that access_token would be needed for user. So where does the example code authenticate a user? I am guessing that I haven't understood the login flow properly. If there are any other references, please let me know.
After getting the access token, simply use it with your calls. For eg:
$res = json_decode(file_get_contents(https://graph.facebook.com/me/friends?access_token=ACCESS_TOKEN));
EDIT
The token: APP_ID|APP_SECRET is the app access token, not the user access token; so it has nothing to do with the user and it wont understand /me. And its power is just.
The other token that is received by the login flow (as mentioned in the link you've mentioned in the question) is the user access token, and it understands /me. It has the power to do anything that user has granted the app to.
Related
Good morning all,
I must create a site in PHP where we enter the url of the facebook profile, and then it must retrieve some information from the profile:
The profile picture
The name
If the profile and verify
I wish I could do it without this connection.
What to give me a clue?
(I succeeded with tiktok, instagram, etc.) but with facebook it's been a while that I'm looking for the solution
This is not possible for 2 reasons:
Scraping is not allowed on Facebook, you must use the API for accessing any data
Any user data is unavailable with the API, unless the user authorizes your App to access his data
The correct way to implement verification is to implement login with the Graph API and let the user authorize your App. Btw, this still does not mean you can verify his profile url, because you will not get the real URL, not even with authorization.
Basically, I'd like my users to be able to register and log into my site using their Soundcloud accounts (much like Google or Facebook).
But I'm following the login flow from their docs (http://developers.soundcloud.com/docs#authentication), and I understand how to redirect them to the Soundcloud connect screen to authorize my app. And from that, I get a code that I can exchange for an access token. But after that the docs state this:
You should now store the access token in a database. Associate it with
the user it belongs to and use it from now on instead of sending the
user through the authorization flow.
So they're assuming that I already have registered users who then connect to Soundcloud through some other function of my app. But what I want, is for them to be able to create their account from their Soundcloud user info. I think this is initally possible, but when they return to log in again, I need that access token to identify them. But I can't get that access token without sending them through the auth flow again.
I'm guessing what I want to do can't be done, but it's also possible I'm overlooking something. Any help would be appreciated!
I've done this with IMGUR OAuth2 API. After you get the access token, make a new request to their /me endpoint. This way, you'll have the SoundCloud id for that particular user. Now you can check if you already saved this user in your database. If you have, just save the new token to make sure this user has granted your app access to their SoundCloud. I'm not sure if I were clear enough. Let me know if you need any further help .
My question is almost the same as this one, but I can't find the answer there.
I just want to show my Facebook albums on a PHP page.
I know that for my site to access a Facebook user's info, I need an Access Token. As the username and password will always be the same, I'd like that my site (or app) could send these informations directly to Facebook and get an Access Token, without any user interaction. I've read this process as a OAuth Username and Password Flow.
Is it possible with Facebook?
No, I do not believe has an OAuth Username and Password Flow.
Each flow by Facebook requires the user to manually grant the app access.
I am always reading about Facebook and Twitter logins for someones website.
The integration using one of theses services is okay, but my questions is how can I access both API´s for one user.
Example:
User is logged in on my website (active session). Now he somehow has to grant me access to his user details etc. on facebook AND twitter. How do I realize that? I don´t want him/her to type in his facebook or twitter credentials everytime he logs in to get his access token (oAuth).
How do I get my own oAuth user access token after using my websites login, so I can interact with Facebook and Twitter´s API.
Is this correct?
Thank you very much, if you can help me.
Facebook
When someone logs into the Facebook account, they stay logged in until they actively log out.
The way to test for this is:
FB.getLoginStatus(function(response){
if response.status === 'connected'{
// The user is logged in
var access_token = response.authResponse.accessToken;
// Do whatever you need to do
} else {
// Get the user to log in
}
});
See here for more details:
https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
Twitter
The process is a little more complex for Twitter, but if you only want to display tweets, consider Web Intents.
Otherwise, follow these steps:
https://dev.twitter.com/docs/auth/3-legged-authorization
Both platforms have the ability to check whether or not the user is logged in first, so you shouldn't have to worry about someone having to log in every time they use your site. However, you cannot use the same oAuth token on both sites - you must get a separate one for each.
Each individual API will need a popup to authenticate, which will redirect to the appropriate api for authorisation, and then once you have the token after the authorisation redirects back to your popup.
You will then end up with a token that you can pass back to the calling page "window.opener" and store the token for that api in a Javascript variable by alling a Javascript funcation on the main page.
window.opener.getInstagramData("self", oauth_token);
Each authentication needs to have its own token and needs to be a button that the user should click on.
I am using this method to get Facebook, Twitter, LinkedIn Foursquare and GooglePlus account info.
Hope this helps.
I am using LinkedIn API.
I have done all process to retrieve access token.
but never show anywhere to remove/revoke access token from the LinkedIn.
Please Help.!
Once you store the secret in your DB simply delete it and the access will be revoked.
I believe that if you wish for the user to revoke access to your app the user must to go linkedin and do it, much like Facebook.
As confirmed here: http://developer.linkedin.com/forum/how-really-revoke-apps-oauth-access-token linkedin does not have a programmable API for what you wanna do.
But before you remove it from DB you can invalidate the token which is like an extra step to take by cURLing https://api.linkedin.com/uas/oauth/invalidateToken with your token I believe.
Edit
As #Paul corrects, it is actually quite important to invalidate the tokens with LinkedIn. So doing that and then removing from DB is, as he says, the correct way.