Is there any update on the ability to manage Facebook groups through the OpenGraph API. I am trying to delete members from my group using the API but I need the manage_groups permission.
Whenever I try to add it I get an API error stating it doesn't recognize it.
Has anyone had any success getting this to work?
Try using the permission "user_groups" and in automatically grant the manage_groups permission
user_groups permission to retrieve any groups that the session user is a member of.
The user_managed_groups permission can be used to read the group content for a group in which the user is an admin. This permission also allows the app to post as the user in the group if the app is also granted the publish_actions permission.
https://developers.facebook.com/docs/graph-api/reference/v2.3/group
The bad new is that faceboook will request you a submit a review and
it doesnt allow that permission for almost anyone platform. I made an web app with PHP and when i sent the review they refuse that permission with following answer:
The user_groups permission is only granted for apps building a Facebook-branded client on platforms where Facebook is not already available.
For example, Android and iOS apps will not be approved for this permission. In addition, Web, Desktop, in-car and TV apps will not be granted this permission.
Related
I've created an application in https://apps.dev.microsoft.com (Platforms: Web)
This app needs the admin consent for certain permissions. I remember, in the past, accessing https://login.microsoftonline.com/{tenant name}/adminconsent?client_id={application id}&state={some state data}&redirect_uri={redirect uri} with an admin account in order to give permission to access resources in our organization that only an admin can grant. From there, users needed to give user-level consent in order to use the application.
Now, I can successfully login with an admin account and the app works as expected BUT I still get a prompt, for users, with the following message:
You can't access this application
APP NAME needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it.
Have an admin account? Sign in with that account
Return to the application without granting consent
The error message is: AADSTS90094: The grant requires admin permission. which doesn't seem to be documented anywhere..
If I click on the Have an admin account? Sign in with that account and sign in with an admin account, it works but trying again with a regular user account I get the above message again.
EDIT:
So I stripped permissions down to a bare minimum.
Scopes in my application are now: openid, profile, user.read
And Microsoft Graph Permissions are now, for Delegated Permissions: Mail.Send, User.Read. Nothing in Application Permissions and I STILL get the above message for regular users!
Anybody from Microsoft have some info on the AADSTS90094 error code?
OK, so I ended up contacting Microsoft support for this since, as of this date, there is no information on this error message.
To put it briefly, Microsoft has made some recent changes with regards to permissions. In the past, if your app required any of the openid, profile or offline_access, you could just place them in your app as scopes, they weren't available on https://apps.dev.microsoft.com. An admin would've given consent and your app would function properly.
What you should now do is mirror your app's scopes with the permissions you have on https://apps.dev.microsoft.com or else you'll keep on getting that error message so make sure you have the same thing on both sides now, especially if you're used to the old behavior.
Those three scopes/permissions (openid, profile and offline_access) can now be selected for your app on the dev portal.
The admin consent endpoint doesn't help in dynamic scope and dynamic consent scenario .
Using the admin consent endpoint will grant the permissions registered in the app registration portal . You can locate Microsoft Graph Permissions section, and then add the permissions that your app requires. After doing admin consent by using the admin consent endpoint , your app can gather permissions for all users in a tenant, including admin-restricted scopes .
I am using MSAL and the 2.0 endpoint (login.microsoft...), I am developing a Multi-Tenant Application.
My Organization has 2 Tenants
One of them is essentially our Dev instance (and I have global admin rights). I registered my app in the Tenant that I don't have Admin Rights on and performed Admin Consent for said app in the Tenant where I can perform the Consent myself. My users can Login Successfully and have consent to the resources they need.
However, when I created the App Registration (all Converged Apps on apps.dev.mic) from the account where I have global admin rights, the login for my users gets the AADSTS90094 Error.
The only way I've come to "resolve" this error is,
On Initial Login to the application the scope would be openid the user then consents to that, when that is completed I have to do another login with the scope defined for the application and everything works. Obviously that UX is wonky to say the least.
I'm using Microsoft Graph API for integration of microsoft/outlook calendar in my app.
API reference is here
I want to revoke user's access of their calendars from my app but didn't find any way to do so. I tried with following api but no luck:
DELETE https://graph.microsoft.com/v1.0/users/{user_id}
Well, that command would delete the user entirely. So while that would certainly remove them from the calendar, I'm guessing this isn't the outcome you're looking for. :-)
If you're looking to remove the permission for your app, there are a couple of ways to trigger this:
Simply stop requesting that user's calendars from your app. This won't revoke permission to the calendar however so this likely isn't sufficient.
Drop Calendars.Read and Calendars.ReadWrie from your list of requested scopes.
In order to ensure this change is reflected in the user's account, you'll need to re-authenticate the user with the query param prompt=consent auth URI.
Have the user revoke permission for your application entirely. This is done by visiting https://myapps.microsoft.com.
There are certain apps that a user cannot directly revoke. These are apps who were granted access at the organization level. To revoke these, an Administrator will need to do this in the Azure Portal.
Hi I have a 'publish_actions' approved Facebook live App.
It perfectly works for developer accounts and can upload image.
But when any normal user accessing this app, it shows a:
fatal (#200) Requires extended permission: publish_actions
Can any one suggest me solution for this?
Approved in review means that your app can ask normal users for a permission.
It does of course not mean, that the current app user has automatically granted that permission to your app. You still need to ask them for it, via the login flow.
I have an application, that is registered in facebook, and I want to ask the users for manage_pages permission. I failed to do obtain the token both with the PHP facebook SDK
$loginUrl = new FacebookRedirectLoginHelper($myLoginUrl)->getLoginUrl(['manage_pages']);
And using just plain HTTP:
https://www.facebook.com/dialog/oauth?scope=manage_pages,user_tagged_places&client_id=MY_CLIENT_ID&redirect_uri=MY_REDIRECT_URI
The first signal that something is wrong is that the facebook popup asks
only for public_profile, second signal is that once I obtain the access_token token and run it through https://graph.facebook.com/debug_token?input_token=OBTAINED_TOKEN
it only displays public_profile
Do I need to change the settings of my Facebook application to ask users for manage_pages?
The problem was that the application is not yet reviewed by facebook and the accounts I was testing it do not have any role in the app.
Relevant documentation part: more here
If your app requests this permission Facebook will have to review how your app uses it. You can grant this permission on behalf of people listed within the Roles section of your App's Dashboard without review by Facebook.
I'm trying to get read_stream and rsvp_event permissions but FB's staff continue rejecting my submissions .. Why is so tricky retrieving permissions for a simple app?
I just need to read my status messages and events and display it on my website.
How do you create permissions submissions for your FB apps?
(I use graph api on my php site)
This is from the docs at https://developers.facebook.com/docs/facebook-login/permissions/v2.1#reference-read_stream
This permission is granted to apps building a Facebook-branded client on platforms where Facebook is not already available. For example, Android and iOS apps will not be approved for this permission. In addition, Web, Desktop and TV apps will not be granted this permission.
So, it's very unlikely that you get this permission approved.
Regarding the events, I think user_events would be the right one: https://developers.facebook.com/docs/facebook-login/permissions/v2.1#reference-user_events
As I understand this is only for the use on your personal website, why don't you generate the Access Token for your user manually via the Graph API Explorer, prolongue it and store it somewhere in your PHP script? You'll need to update the Access Token every 60 days manually as well, but this I think the most pragmatic option you have.
See
https://developers.facebook.com/tools/explorer
https://developers.facebook.com/docs/facebook-login/access-tokens#extending