To solve a problem detailed in a question on Stack Exchange Web Applications, I've written a little PHP script that given a page name and a proper access_token spits out the events created by that page as an iCal calendar file. Obviously this file is not supposed to be accessed by humans, but by for example Google Calendar for subscribing.
I created the access_token through the Facebook Graph Explorer and only later realized that it expires. So the question is: can I get a page access_token that does not expire? Failing that, can I get one with a really long expiration that?
If that is not possible - does anyone have a clue what to do? Manually providing an access_token once an hour doesn't feel very feasible.
#CBroe put me on the right track, and #MPaulo helped me further. Here's how I explain the process in the beginning of the script file I've created to solve the problem described in the question I linked to at the beginning of my question above.
To begin with, you will need an access token. This is complicated stuff - getting a regular one is easy, but we want one that lasts permanently. As described in Scenario 5 here: https://developers.facebook.com/roadmap/offline-access-removal/ , we need to:
Get a regular short-lived access token
Exchange it for a long-lived access token
Using our new access token, get a permanent page access token.
First, create a new Facebook app at https://developers.facebook.com/apps/ . It can be named whatever, it's not going to be really used. Fill in a domain - it doesn't matter which, just take one that shows simple HTML and doesn't do any redirects: I used my own static web page, http://jobjorn.se/ , but http://example.org/ may work too.
As instructed by MPaulo on Stack Overflow here: https://stackoverflow.com/a/11238327/564628 , use the app id - from your newly created app - and visit this page:
https://www.facebook.com/dialog/oauth?client_id=MY_APP_ID&redirect_uri=MY_SITE_URL&scope=manage_pages&response_type=token
Be sure to replace "MY_APP_ID" and "MY_SITE_URL".
Then, exchange your short-lived access token for a long-lived access token by visiting this page:
https://graph.facebook.com/oauth/access_token?client_id=MY_APP_ID&client_secret=MY_APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=YOUR_ACCESS_TOKEN
Be sure to replace "MY_APP_ID", "MY_APP_SECRET", and "YOUR_ACCESS_TOKEN" (the last being the access token you received from the first page)
Finally, get your page access token here:
https://graph.facebook.com/me/accounts?access_token=YOUR_NEW_ACCESS_TOKEN
Be sure to replace "YOUR_NEW_ACCESS_TOKEN" (the access token you recieved from the second page)
Paste it below. It should be permanent, but due to a bug it might only last two months - see https://developers.facebook.com/bugs/151056591697025 for details. It seems to have been fixed however. You can test it here: https://developers.facebook.com/tools/debug/access_token
Create an app and use the app's credentials to authenticate. As long as you aren't reading user specific data, you don't need a user access_token.
Related
I'm trying to get my own facebook page feed and register a wordpress post for every post on my facebook page. I got it working, but access token keeps expiring. I looked allover and still can't find a definitive answer about this.
Is it still possible to auto generate an access token using php? I have my facebook app id and secret. If so, how can I do this? Preferably without SDK.
You can use an Extended Page Token: https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
It is valid for at least 60 days though, and you cannot auto generate it. After that time, you may have to generate it again. Earlier, it was valid forever - until you changed your Facebook password or invalidate the App Secret.
I searched in Stack Overflow, Google, etc, but I can't figure out how to show my stuff from my Facebook on my website. I tried some solutions and each one prompted the login dialog and visitors had to log in and accept my application (I've created one to test).
Many answers here were too generic, I didn't understand them that is why I'm asking.
I want something that would let my website "log in" to Facebook and show my status or photos to visitors without them needing to accept an app or log in into Facebook with their account.
I tried a facebook-php-sdk example with my AppID and AppSecret and it asked me to log in.
Also, github.com/facebook doesn't have an SDK for Python similar to facebook-php-sdk
You could write a script (eg. using the FB PHP SDK) that uses a long-lived access token to fetch your FB data and then store the data in your backend database (or other store for your website). To Facebook, your script will look like an app and your machine will be the only 'user' of that app. Note, long-lived access tokens are good for 60 days max. You could also try using an App Access Token to fetch basic info. App Access Tokens don't expire.
This might not be exactly what you are looking for since you posted this with the php and python tag, but it might solve your problem.
If you're website is powered by the wordpress engine you can use If-this-then-that : https://ifttt.com/
It basically allows you to create "recipes" with something like:
if new status on Facebook then create post on wordpress
The post will not require others to log in to Facebook.
This is without writing a single line of code only a couple of mouse clicks. So I'm not sure if this satisfies your needs.
I am having trouble figuring this out. Facebook is implementing a new policy https://developers.facebook.com/roadmap/offline-access-removal/ that no longer allows for the simpler "offline_access" tokens that you used to be allowed to get. I am developing an application that needs to access the Graph API every 3 hours with a cronjob, and I am not sure how to set this up so that I dont need to login to access it, since I cant login with a cronjob if I am redirected to a login page. I am assuming I need to use some sort of a Curl call within a php script to get this working. I dont need to post anything, all I am doing is grabbing posts from a few public pages. Any Ideas? I already have a script in place that can do what I want it to, given that I log in first with the login_url. Just need this working with a cronjob.
First of all a reply to the first question - there is nothing to be done on your side. The facebook's change simply means that this kind of applications is no longer possible. The best thing you can do is to request an extended token, which then lasts around 30 (or 60, not sure) days. To request it you need to call the fb api - as shown here and here (albeit not python examples, they are useful pointers). Official FB's explanation is here.
However, this token is going to be invalidated on every occasion the user changes their password, remove the app or log out of facebook. You would need to have a look which requests failed and manually notify the users to renew the token at your side and store the new one.
To your second question about crawling public posts - do you even need an access token? Try using the Graph API without it and see if you can get to the information you are interested in.
I am trying to get a list of all Google Apps users of a domain onto a public PHP website (without visitors of the site needing to login or do anything). I have a basic understanding of what needs to happen but can't quite piece it all together. It can't be as hard as it seems to me... could it?
Authentication and Authorization:
I'm pretty sure it needs to use OAuth 2.0 ... but am unsure whether it needs 2 legged or 3 legged. I got another section of the site working with ClientLogin but that won't pull in Google Apps profiles, only user's first and last names (I need the other profile fields). I have set up the API access within the account and have that side of things all set (I believe).
I have found this page, which shows how to construct a URL request to get all Profiles (in every language except PHP of course) but don't understand how to implement this.
http://code.google.com/googleapps/domain/profiles/developers_guide.html
I also tried this example but it just gives me a 401 after I enter the credentials. http://gdatatips.blogspot.com/2008/11/2-legged-oauth-in-php.html
I don't know which frameworks or includes are needed to accomplish this either. I have tried zend, OAuth.php and a whole bunch of other bootstraps... but keep getting lost as to what each is doing.
If someone could help me by outlining:
Which files/framework I need to upload and include as a bootstrap
What variables within those files I need to update with the Google credentials
How I integrate the Google Profiles "Retrieve all Profiles" request with PHP
An ELI5 (explain it like i'm 5) overview would be very much appreciated... I'm sorry for my apparent incompetence, but I have been reading articles for nearly a week and have not gotten anywhere.
Thank you in advance for any help provided.
Good question.
You'll need to implement the Google OAuth 2.0 process as it's described here (experimental?), because someone (you) will need to give your app the initial permissions to access Google Apps API. Steps are:
Register your domain with google (don't remember the link)
Redirect/send browser to an authentication url: https://accounts.google.com/o/oauth2/auth, with the appropriate request params (see the first link). You'll need access_type=offline, your scope would be https://apps-apis.google.com/a/feeds/user/
Get a code back, then exchange for a refresh_token, an access_token, and a value specifying when the access_token will expire. Store these in a database
Whenever you need to make an API call, check if your access_token has expired or not, and refresh when necessary, which is what the refresh_token is for. The refresh_token is valid as long as you don't revoke the access you gave to the app.
OAuth Playground helps a lot. Good luck.
Hope this doesn't get too complicated. :) thing is..
I'm trying to make my PHP code post notes to Google Buzz using OAuth as authentication mechanism. I'm doing the typical "OAuth dance" (get request token, authorise it, exchange for access token), but i've ran into some problems that seem to be on Google's side. Hope i'm wrong - it would be much easier to fix. :)
To get to the point - oauth_callback parameter doesn't seem to get passed to the authorization form. Authorization URI i'm redirecting to is like:
https://www.google.com/buzz/api/auth/OAuthAuthorizeToken
?domain=<my.domain>
&scope=<urlencode(https://www.googleapis.com/auth/buzz)>
&oauth_token=<request_token>
&oauth_callback=<my.domain/callback>
When redirected, client is asked to authorize site to read/write from/to Buzz. If accepted, Google asks again (but in different form) to allow access to .. after allowing for second time, success message is shown, but it doesn't return any tokens to my site, not redirecting to oauth_callback uri.
Workaround i found is to manually add form field 'oauth_callback=' trough firebug/chrome inspector, and then, after these two confirmations it redirects to my site and i can extract authorized token from response, and exchange it for access token. If i use 'standard' Google's authorization endpoint, i get redirected correctly (one confirmation only), but then the access token i get after that is invalid for Buzz.
So, am i wrong or google?! :D I've implemented OAuth for cooperation with some other services (Facebook, MySpace..) but i've never had this much trouble.
ok, when i got on the problem next morning, with (partially) fresh eyes, solution was pretty easy (but still undocumented).. :) in case anybody else needs answer - oauth_callback parameter should be specified when requesting request token.