I'm using the PHP SDK of Facebook to retrieve all sorts of information.
If you don't know, facebook keeps a temporary link for every video hosted on it and that link becomes inactive after a few days.
Therefor, I query FB using PHP with a vid to get it's url.
The problem is that I have to do that action even if a current user that's viewing my page isn't connected to my app.
Do you have any creative solution for me to query FB with a vid (video ID) even if the current user that's browsing my website isn't connected to my app?
(I could use an existing user token but now I have to control which tokens are alive and so on...)
Thanks!
If you're only going to query publicly accessible videos use your App Access token. Unlike an access token you obtain from a user, your app access token will not expire unless you reset your secret key. Take a look at this: https://developers.facebook.com/docs/opengraph/howtos/publishing-with-app-token/
Related
I'm building an application for an event so they can directly post their news messages on facebook. I'm trying to use de php SDK V4 for this but there are some parts of the login process I don't understand (still couldn't find a solution after searching for several hours).
My Problem is in the login process. First you have to specify which applicaton you are and give your application secret. Than you have to login to facebook with an account.
But which account should I use for that? The one of their event? Mine?
(I'm an admin of the events page) (this means that all messages will
be posted from mine account while i'm not the poster...sounds pretty
weird..)
Which method should I use to login into facebook? There is a veriaty of methonds like the FacebookRedirectLoginHelper(), the FacebookCanvasLoginHelper() or the Javascript one. However as far is I understand all these helpers for your users to login to their facebook accounts and that's not what I want.
During my search I found some an example of someone who is making a similar system (Facebook Graph API PHP SDK v4 - Post on Page). He/She uses the folowing piece of code for getting a facebook session:
FacebookSession::setDefaultApplication('{APP ID}','{APP SECRET}');
$session = new FacebookSession('{Page Access Token}');
This suggests that you don't need to login into facebook by user but only need a Page Acces Token. However if I understand it correctly (correct me if I'm wrong), to get a Page Acces Token, you first need an User Acces Token (https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens). To get an User Acces Token you should be logged in, and than we're back to question 1 and 2 in the beginning of my story.
Or can I just get a Page Acces Token using the following api request (according to https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens)
GET /{user-id}/accounts
Using a random user-id as long as the page admin gave this user permission to generate such a token (so the user related to "user-id" shouldn't be logged in while retrieving the Page Acces Token?) .
Sounds like you'll need to use the following flow:
Have the page admin log in with their Facebook account. Make sure to request the manage_pages extended permission. This will give you access to the pages they admin.
Once they grant access to your app, you'll get a short lived user access token. Exchange it for a long lived user access token.
Get the list of the user's pages with /me/accounts. Each page will have an access_token field returned with it. These are all page access tokens. We want to use a long lived user access token to get this list so that all the page access tokens returned will not have an expiration date. They live forever! :)
Use the page access token to post to the wall of the page if you want to post as that page. Use the user access token to post to the wall of the page if you want to post as that user.
And the Facebook Query Builder might make this whole process a lot easier. :)
Hope that helps!
I have an application "Tipsters Corner" and a page ,also called Tipsters Corner.
I want to post on that page.I managed to do this using the token obtained from the graph explorer.
But I do not understand the difference between all the tokens.
I have a dropdown ,with the following options :
Graph Explorer
Tipsters Corner Application
I click Get Token.I get a token,a different one depending on what I selected in the dropdown.
I can post to my facebook application using any of the tokens.What is the difference between them.
Also,if I enter me/accounts I see my page/pages and another access token over there.What is that ?
Is that the token for the user?
The tokens that you retrieve from the Graph Explorer are short duration User Access Tokens which are generated different for different applications and different permissions.
The Access tokens that you retrieve when navigating to /me/accounts end point are the Page Access tokens for various Pages you administer or are associated with. These access tokens do expire, but if retrieved from the /me/accounts end point using long lived access token these do not expire (documented here) and can impersonate things done by application as the Page itself.
You may further like to give the documentation about access token a read.
I have a php app where my registered users login to facebook. I use $facebook->getLogoutUrl();. Then I retieve all their albums and display their id and names in an HTML select tag. The user select one and the id of the album is stored in the DB.
Here everything works great.
Then an anonymous user visit my website and I want him to see my registered user photos (public photos of the albums selected by the registered users) (they are not logged in my site, they are not logged in facebook). At the moment it only works if the anonymous user is logged in facebook. But I want to diplay photos even if the anon is not logged in facebook.
$photos = $facebook->api('/'.$idAlbum.'?fields=id,name,link,photos.fields(id,picture,source)');
I have tried a lot for 2 weeks but nothing seems to work. I have tried without login, I have tried with an app access token, I have tried:
https://graph.facebook.com/oauth/access_token?client_id=XXXXXX&client_secret=YYYYYY&grant_type=client_credentials
Can anyone help me? or tell me if is not possible to my app to retireve photos from an album. I searched a way to login my app but I only find app access token (https://developers.facebook.com/docs/howtos/login/login-as-app/) but as it say it can make requests as the app, not as a user
In order to access a users information, you're going to need a valid access token for that user. An application access token can't be used to do anything on behalf of a user.
Access tokens expire after a while and that prevents applications from searching though the users information when the user is not actually using the application.
If you want to go all the way - just download all the photo's from the album and store them on your server... If you can't do that, then you'll have to look into extending the album owner's access token so that you can use it when querying their album. As far as the application is considered, with that extended access token, it is in actual fact the album owner who is making the request.
Taken from the Facebook docs:
Extending client-side user access tokens
When a person completes a client-side auth flow and you retrieve their
user access token, by default the token is only valid for one to two
hours.
You can exchange this token for a longer-lived one that's valid for up
to 60 days by passing it to the /oauth endpoint from your server with
a grant_type parameter of fb_exchange_token. [Note that it must be
sent from the server so that the App Secret is not exposed.] Here's
what that looks like:
https://graph.facebook.com/oauth/access_token?
grant_type=fb_exchange_token&
client_id=APP_ID&
client_secret=APP_SECRET&
fb_exchange_token=SHORT_LIVED_ACCESS_TOKEN
The response from this endpoint will include the long-lived access token. This will be a
different string to the original token, so if you're storing these
tokens, replace the old one.
Basically you'll have to do this as soon as any (registered) user performs a succesful login and store the token in your database.
I have a fair amount of Facebook development experience, but this had made me pull my hair. It must be something very small, but I can't get it. I recently saw some Facebook pages with welcome tabs that show user's name "Welcome [YOUR NAME]" who visits their page. Example is here:
https://www.facebook.com/Tony.Samaha.Official.Page
As per my knowledge, we cannot get the user id without the permissions by the user. After the permissions we are able to get the user id in the signed request. How do I get the Facebook user id or name, something similar to the above example? How is this working? Can this be achieved?
FYI: I am using iframe tab.
Check out the documentation on signed_requests. When a user visits your application there will be a signed_request posted to your URL. The documentation states :
A signed_request is passed to Apps on Facebook.com when they are
loaded into the Facebook environment
A signed_request is passed to any
app that has registered an Deauthorized Callback in the Developer App
whenever a given user removes the app using the App Dashboard
A signed_request is passed to apps that use the Registration Plugin
whenever a user successfully registers with their app
You will have to decode this request (see the link above for details) and from there you will be able to extract the user_id of the visiting user. Then all you have to do is query the Graph API like this :
https://graph.facebook.com/USER_ID and you will get back the public information for that user which should include the users name.
The user is still using the old static FBML application, so most likely they are using the fb:name tag. Though, I believe this is now deprecated. So really, the page you linked to needs to be updated.
I am integrating GFC with my web app (PHP). In this app I have a list of user IDs and I need to fetch their profile details like their display name, profile pic url etc. using a HTTP call.
For example, I am trying to fetch data of user with id: $userId = 1234567
If a viewer (need not the user with above id) is logged in, I am able to fetch data by making a call to following URL.
http://www.google.com/friendconnect/api/people/$userId/#self?fcauth=$fcauth
But, if viewer is not logged in, the above URL replies the following
Anonymous requests are not allowed to fetch data
Error 401
I would like to know what URL should be used to fetch the user data even if no one is logged in.
Thanks!!
The fcauth mechanism is designed for access while the user is online. The fcauth tokens expire fairly rapidly, and no guarantee is made about how long they're valid for. You should assume that they'll only work while the user is online.
If you need offline access, you need to use OAuth. OAuth tokens are valid until manually revoked.
The API call you're making is the correct one, you just need to do it with OAuth instead of fcauth.