We have a challenge in the office. We are developing a script that can post content from our database automatically on the wall. The problem is that we do not have access as soon as the user logs out.
Is there anyone here who has experience with this and possibly have solved it?
We is aware of https://developers.facebook.com/roadmap/offline-access-removal/ - Do you think facebook has ruled out the possibility completely?
As long as you are using Scenario 5 mentioned on that page you should be fine. https://developers.facebook.com/roadmap/offline-access-removal/
The page token shouldn't expire.
Check out the link on how to handle expired access tokens and extend tokens
http://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
Related
I'm working on integrating the Facebook PHP SDK into a website I am building, and I have a question (maybe a problem, not sure yet...).
Initially I was planning on setting all the permissions in the initial login to allow my users to post to their feeds/page feeds through my site depending on which route they prefer, BUT I read on the FB SDK pages that requiring permissions at initial login that are not essential at that moment is bad practice.
My question is how do you add more permissions later using the PHP SDK? I scoured the internet for two days now looking for an example, and haven't been able to find one. Maybe I am looking in the wrong places. I don't know. I just haven't had any luck.
My thought is that you check if the permission is set, and if not, log the user in with that permission, and use the new access token. The issue for me is that doing it this way, I will have to write the form data to the session, then call it back when the FB login sequence is done.
Is my thinking correct, or is there a way to do this better? Should I just stack all the permissions right off the bat, or should I do it the way Facebook suggests?
The whole reason that my site is using facebook is to allow users to automatically share their posts (it is an art site) when they upload a piece to the site, instead of uploading a piece then having to go to that piece and click a share button on the page.
Hopefully this rambling makes sense!
My question is how do you add more permissions later using the PHP SDK?
Same way, as you asked for the initial permissions:
By calling the login dialog again, with those additional permissions in the scope.
I built a curl script to post on fb pages a month ago; it was working fine as of today (30/04/2015) but the behaviour has changed. Earlier it was posting as the page on its feed but today it is posting as me, not as the page on its feed.
Has Facebook made any changes in its API that could have caused this?
NB:
I have extended my access token by using below code and have debugged it, as publish_action, publish_page, user_user_status access too
https://graph.facebook.com/oauth/access_token?client_id=XX& client_secret=XZ&grant_type=fb_exchange_token&fb_exchange_token=XXX
It's clearly stated in the docs at https://developers.facebook.com/docs/graph-api/reference/v2.3/page/feed/#pubperms that you need to use a Page Access Token if you want to post as Page:
A page access token with publish_pages permission can be used to publish new posts on behalf of that page. Posts will appear in the voice of the page.
Remember, today is the day that Graph API v1.0 gets deprecated!
Have a look at
https://developers.facebook.com/docs/facebook-login/access-tokens#pagetokens
on how to get a Page Access Token.
For me it was combination of both of the things. Now the facebook has fixed his bug, I have given manage_page rights to my app & my code starts working again.
Thank you all responding
For us our API suddenly stop working this morning and after almost 12 hrs of debugging we found that facebook has introduced a bug (which itself was a surprise to me)
Now waiting for fix to come
https://developers.facebook.com/bugs/380833342117530/
I'm trying to implement login and registration on a page using the Facebook API for both JS and PHP SDK 4.0. The 4.0 SDK seems relatively new and have changed a lot in recent time. There aren't a lot of answers out there. The documentation also seems pretty poor.
I already have a page with standard login using php/mysql. This will just be another option of login/registration for users.
After a couple of years just reading on Stackoverflow, this is my first post. Sorry in advance if it's in some way inadequate.
This is how I figure I would like to set this up:
A Facebook-button next to the login with a JS Facebook-login dialog connected to it.
If the user authorizes: send the result with an ajax-request to a php-page
Use FacebookJavaScriptLoginHelper to set up a session.
Get a long life access-token with getLongLivedSession.
Make a request for /me. Check if the email for this account is already a user on my site.
If not already a user: Ask for a username, register the user with info from Facebook.
Connect the account by saving the internal userid and the access-token in my database
Questions so far:
Am I supposed to send the token with my AJAX-call from the client, or would this be a security risk? I could just fetch the token with the PHP SDK instead.
Should i store the token with $_SESSION? Should I even store this manually myself? If so, is there built in functionality for this in the PHP SDK? Couldn't find any.
When a user has gone through this process I want to be able to check server side directly on page load if the user has authorized my app (and is logged in on FB).
Am I supposed to acquire the access-token using $_SESSION, or is there functionality for this? Isn't there any built in functionality to do a standard check if the user is authorized already?
When doing this in PHP, should I use the FacebookRedirectLoginHelper? Seems a bit odd since I'd never want to redirect with PHP, when my login dialogs will be with JS.
Maybe I've gotten the gist of this all wrong. My main concern is if I really would have to be storing the token with $_SESSION. I've seen a lot of people doing it in tutorials, but found nothing about it in Facebooks docs.
Thank you for your detailed post. Not a lot of people put so much effort in their first post ;)
The token you refer to is automatically stored in the cookie by the JS SDK. You can instantiate a session on the PHP side in the following way:
$js_helper = new FacebookJavaScriptLoginHelper($app_id);
$session = $js_helper->getSession();
Or: https://developers.facebook.com/docs/php/FacebookJavaScriptLoginHelper/4.0.0
You don't have to store the token by yourself, since it's already stored in the cookie.
Does this make the situation more clear?
I am having trouble figuring this out. Facebook is implementing a new policy https://developers.facebook.com/roadmap/offline-access-removal/ that no longer allows for the simpler "offline_access" tokens that you used to be allowed to get. I am developing an application that needs to access the Graph API every 3 hours with a cronjob, and I am not sure how to set this up so that I dont need to login to access it, since I cant login with a cronjob if I am redirected to a login page. I am assuming I need to use some sort of a Curl call within a php script to get this working. I dont need to post anything, all I am doing is grabbing posts from a few public pages. Any Ideas? I already have a script in place that can do what I want it to, given that I log in first with the login_url. Just need this working with a cronjob.
First of all a reply to the first question - there is nothing to be done on your side. The facebook's change simply means that this kind of applications is no longer possible. The best thing you can do is to request an extended token, which then lasts around 30 (or 60, not sure) days. To request it you need to call the fb api - as shown here and here (albeit not python examples, they are useful pointers). Official FB's explanation is here.
However, this token is going to be invalidated on every occasion the user changes their password, remove the app or log out of facebook. You would need to have a look which requests failed and manually notify the users to renew the token at your side and store the new one.
To your second question about crawling public posts - do you even need an access token? Try using the Graph API without it and see if you can get to the information you are interested in.
We have a Flash site that integrates heavily with Facebook. When users sign up we get them to allow a Facebook app that ties into the site. This is done through the AS3 Facebook API library from Adobe.
When users have done this, they should then be able to sign up, submitting some personal details and so on. The Flash sends this request to our PHP which then checks to see if the user is actually logged into Facebook, and has allowed our app.
The problem we're having is that when a user goes to do this, the PHP facebook library says that the user is not logged in. If we then refresh the page and try signing up again, everything works fine.
I'd imagine it's a cookie thing, but we're really banging our head against a wall here and can't figure out why it's not working.
Cheers,
Mark.
Are you using OAuth (good example here by chirs coenraets)
Regardless, you may need to use a flash php/js proxy (php i presume since thats what your using) to deal with any crossdomain policy issues.