I have a Facebook app that I want to use to post on my customer's Facebook Page Walls on their behalf. I have it setup now so that when they authenticate my app I get the Access token, but when I go to post to the wall I am getting the following error: "OAuthException: Error validating access token: The session is invalid because the user logged out."
How can I post from my script without being logged in?
Here is my code:
include_once('fb-php-sdk/src/facebook.php');
$facebook = new Facebook(array(
'appId' => 'XXX',
'secret' => 'XXX',
));
try {
$page_id = '215133535279290'; //page id of the customer's facebook page
$args = array(
'access_token' => 'XXX', //access token received when user authenticated app
'message' => 'A test message'
);
$post_id = $facebook->api("/$page_id/feed","post",$args);
} catch (FacebookApiException $e) {
echo "Error:" . $e;
}
The new facebook API has what is called an extended access token (it replaces offline access: https://developers.facebook.com/roadmap/offline-access-removal/ I think) which I believe lasts upto 60 days (or something like that). To use it simply get the access token when the logs in through your website:
$token = $facebook->getAccessToken();
Save it to Db and use this token later:
$facebook = new Facebook();
$facebook->setAccessToken($accessTokenFromDB);
Then you should be able to continue as though the user is logged in.
As for the user being logged out part, make sure you are using the latest version of the API and not an old version and also make sure the stuff under the "Scenario 2: If you have been previously requesting offline_access - updated 4/30/2012" heading of the page I linked.
You could carry on using offline_access until 3rd of October, but then why if it's being turned off for real in 2 months time and would have to rewrite your code.
Get the publish_stream extended permission. Once you have this permission you can post feed stories using your app access token while the user is offline. There is no need for offline_access permissions or saving and using a user access token in this scenario.
Related
I have built a site with codeigniter and implemented facebook login for users. Everything is working great there. App is connected user tokens beig saved the whole nine yards. What I am having trouble doing is having the website itself NOT the logged in user post to the connected company facebook page on a user post completion. essentially the user posts a listing. the website then on submit of that posting posts to my facebook company page NOT the logged in users facebook wall. (i have that working already. Can i leave the website logged into Facebook to post to the wall while a user is logged on as well?
You will need to get the Appid, App secret and an access token. You can extend the access token so that it doesn't expire.
$graphUrl = 'https://graph.facebook.com/oauth/access_token?client_id='.APPID .'&client_secret='.APPSECRET.'&grant_type=fb_exchange_token&fb_exchange_token='.ACCESS_TOKEN;
$accessToken = #file_get_contents($graphUrl);
parse_str($accessToken); //get the access_token param in the string and would be named $access_token
if(!$access_token) $access_token = $accessToken; //if cannot be extended then just return the access token with 2 hours expiry
In order to post as your company page, you will need their page id.
Here is part of my script that I used to get all this working. Its not codeigniter, but you will be able to see how it works.
$config = array(
'appId' => APPID,
'secret' => APPSECRET,
);
$facebook = new Facebook($config);
$facebook->setAccessToken(ACCESS_TOKEN);
// Get User ID
$user = $facebook->getUser();
if ($user) {
try {
$page_id = '************'; //
$page_info = $facebook->api("/$page_id?fields=access_token");
if(!empty($page_info['access_token']) ) {
// do your code stuff
}
} catch etc etc
Hope this is helpful to you
I have been trying for several days now to successfully post to a client's Facebook Page wall from their website. I need to be able to do this without having a user logged in, which I was able to achieve with an extended access token generated by going to the URL provided in the docs.
What I am trying to do is to fetch an extended token using the PHP SDK as in this question - Facebook PHP SDK: getting "long-lived" access token now that "offline_access" is deprecated, however I receive the following error:
(#200) The user hasn't authorized the application to perform this action
The debug of the auth token generated by the Graph API Explorer shows myself as the User and includes the needed manage_pages and status_update scopes. However, if I run me/accounts, the perms array does not list these under the data for the page in question - not sure if this is relevant.
Here is the code that I have attempted to use:
$facebook = new Facebook(array('appId' => 'xxxxxxx', 'secret' => 'xxxxxx'));
$pageID = 'xxxxxxxx';
$facebook->setExtendedAccessToken();
$accessToken = $facebook->getAccessToken();
try {
$page_info = $facebook->api("/$pageID?fields=access_token");
print_r ($page_info);
} catch (FacebookApiException $e) {
echo $e->getMessage();
}
if( !empty($accessToken) ) {
$args = array(
'access_token' => $accessToken,
'message' => "Catch phrase!"
);
$facebook->api("/$pageID/feed","post",$args);
} else {
// Handle error
}
UPDATE
I found that if I echoed the output of getAccessToken() the result was the app ID and the secret separated by an | - is this what I should be receiving? Seems odd to me since all of the other tokens I have seen are random and much longer.
ANY help at all would be appreciated, I have wasted so much time on this so far. It just seems to work for everyone else.
UPDATE 2
Hi Warren! Looks like you're new around these parts, welcome! Thanks for your research into this, do I need to save these tokens into a DB table and check to see if they are expired every time I try to post? I am ONLY posting to a Page as the Page, apparently this requires the Page access_token rather than what I am assuming is the USER access_token. I believe I also read somewhere that the Page access token never expires, although it changes if I refresh the Graph API Explorer page or request a new user token. Very puzzling.. do not know if I even need to deal with getting new tokens in this app or just use a Page access_token that appears to work?
Also just looking at the base_facebook.php file and the following function:
/**
* Returns the access token that should be used for logged out
* users when no authorization code is available.
*
* #return string The application access token, useful for gathering
* public information about users and applications.
*/
protected function getApplicationAccessToken() {
return $this->appId.'|'.$this->appSecret;
}
Shows what you are experiencing the function setExtendedAccessToken() calls getAccessToken() which calls the function above to do the following inside setExtendedAccessToken:
$access_token_response = $this->_oauthRequest(
$this->getUrl('graph', '/oauth/access_token'),
$params = array(
'client_id' => $this->getAppId(),
'client_secret' => $this->getAppSecret(),
'grant_type' => 'fb_exchange_token',
'fb_exchange_token' => $this->getAccessToken(),
)
);
the return of this function is then {"error":{"message":"No user access token specified","type":"OAuthException","code":1}} but because there is no access_token the function just returns false
the fb_exchange_token can not be the app id and app secret combined.
I have done some testing and what I have found out is if you get the user to login, you can get there access token. If you pass this token into setAccessToken then run setExtendedToken. If you then save the toke by running getAccessToken you can use this token later when the user is logged out.
$facebook->setAccessToken($facebook->getAccessToken());
$facebook->setExtendedAccessToken();
$access_token = $facebook->getAccessToken(); // save this for later use
You need to get the user to login to ask them for permission to get access to there account. If you need to get access to a facebook page make sure they are an admin and ask for the manage_page permission.
Hope this helps
From what I have found so far the extended token that is returned when the user is logged in does not expire as you do not get back a unix timestamp so you would have no way of knowing when it expires.
This is what I have done in my application.
Request the user to login to facebook and except the access permissions. Use getAccessToken to get the current access token. With this I pass into getExtendedAccessToken then run getAccessToken again to finally get the extended access token which I store in a database for later use.
$facebook = new Facebook(array(
'appId' => 'YOURAPPID',
'secret' => 'YOURSECRET',
));
$params = array(
'scope'=>'publish_stream,manage_pages'
);
$loginUrl = $facebook->getLoginUrl($params); // Use this to request them to login in then when they are do the following you will need them to return to your app
$facebook = new Facebook(array(
'appId' => 'YOURAPPID',
'secret' => 'YOURSECRET',
));
$facebook->setAccessToken($facebook->getAccessToken());
$facebook->setExtendedAccessToken();
$access_token = $facebook->getAccessToken(); // store $access_token for later use
My client has a e-commerce website where they sell their products and they also have facebook page for that website. I want to to publish wall post on that page when ever the product price is reduced or new product is lunched. But i want to make this automatic, so i want to authorize facebook automatic, means that i don't want any login dialog box. the script should authorize itself. now the code i am using is as below but it ask me for log in. and also tell me which method is good(easy) to publish page wall post?
require 'API_Library/Facebook/src/facebook.php';
$page_id = '111111111111111';
$appId = '111111111111111';
$appSecret = 'aaaaaaaaaaaaaaaaaaaaa22222222222';
$facebook = new Facebook(array(
'appId' => $appId,
'secret' => $appSecret,
'cookie' => true
));
$session = $facebook->getAccessToken();
$me = NULL;
if($session)
{
try
{
$me = $facebook->api('/me');
$facebook->api('me/feed', 'post', array(
'message' => 'Hello World!'
));
}
catch(FacebookApiException $e)
{
echo $e->getMessage();
}
}
OUTPUT:
(#200) The user hasn't authorized the application to perform this action
In order to post something to a page, you will need the administrator of the page to be authenticated with the application. You cannot post to a page without being authenticated. So there will be some user interaction required before you can set this up automatically.
The process would be as follows:
Setup a Facebook App to get a App ID and app secret - you'll need this to query the API and post updates to the page
As the page administrator, login to your app with the manage_pages permission.
After logging in, an API call to /me/accounts will give you an access_token to access the page and publish updates
Using the page's accesss_token, you can then POST updates using /{page_id}/feed
Hope this helps.
I use the following PHP code to publish random messages from my database to my Facebook fan page:
require_once('src/facebook.php');
$appid = 'MY_APP_ID';
$appsecret = 'APP_SECRET';
$pageid = 'MY_PAGE_ID';
$token = 'MY_ACCESS_TOKEN';
// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
'appId' => $appid,
'secret' => $appsecret,
));
$message = 'Hello World';
//Information that makes up the facebook page post
$attachment = array(
'access_token' => $token,
'message' => $message
);
//Try to post to the facebook page
try{
$res = $facebook->api('/'.$pageid.'/feed','POST',$attachment);
} catch (Exception $e){
echo $e->getMessage();
}
And here is src/facebook.php - https://github.com/facebook/facebook-php-sdk/blob/master/src/facebook.php
But it return the error message something like this:
Error validating access token: Session has expired at unix time 1339020000. The current unix time is 1339022625.
So my question is what changes should I do in my code ?
P.S: I also looked relevant questions about session expiration, but none of them helped me.
Thanks in advance.
I'm assuming that you are using your user access token and not a page access token in this case.
You should be authenticating against the application with the manage_pages permission which will give you access to retrieve access tokens for your page. These have a longer expiration period.
After authorizing this permission and retrieving a valid access token for the current user, you should make a request to the following endpoint to retrieve a list of pages and applications you manage:
https://graph.facebook.com/me/accounts?access_token=USER_ACCESS_TOKEN
In this response is included an access token for these pages and applications:
{
"data": [
{
"name": "PAGE_TITLE",
"access_token": "PAGE_ACCESS_TOKEN",
"category": "PAGE_CATEGORY",
"id": "PAGE_ID"
},
You can see more information about this here:
https://developers.facebook.com/docs/authentication/pages/
Updated
For expired access token you will need to reauthenticate your user by accessing your app via a browser and following the authentication flow.
The documentation on how to handle this is here:
http://developers.facebook.com/docs/authentication/access-token-expiration/
You can then request a longer lived access token these do still expire. You can see information about how to request one of these here under scenario 4:
http://developers.facebook.com/roadmap/offline-access-removal/
I am building a web app (PHP) that uses FB connect. I successfully register / sign in user with the help of the PHP lib provided by facebook. Also I can post to wall, using this code
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYPEER] = false;
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYHOST] = 2;
$facebook = new Facebook(array(
'appId' => $fb_key,
'secret' => $fb_secret,
'cookie' => true, // enable optional cookie support
));
$session = $facebook->getSession();
if ($session)
{
$facebook->api('/me/feed', 'POST', array('message'=>$message, 'link'=>$link['href'], 'name'=>$link['text']));
}
However, if I manually go to my browser's cookie manager and delete the cookie that stores FB session, the code doesn't work. The only thing I have is user's FB ID which I store in DB. Is there any way to post to user's wall even if FB sessions is lost? Does it make sense to store user's FB access token in DB to post to wall later or is the access token relatively short-lived?
Here's an example situation that might happen in my app:
user clicks fb button, authorizes my app, gets redirected back to my site where I automatically create an account based on data provided by FB, also I store user's FB ID so that I could sign in this user later. Now he browses site, enters some info and this info gets posted to his wall. Everything is fine so far because user's browser holds the cookie created by FB. Now user leaves the site and contacts site admin. Admin opens his own browser, goes to admin interface and posts something on behalf of this user. Now, having that user's FB ID and assuming that user hasn't revoked permissions, can I still post this to his wall?
With the Facebook PHP SDK v3 (see on github), it is pretty simple to ask and use a user offline access token. Here is how you do that.
Get the offline access token
First you check if the user is logged in or not :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
$user = null;
}
}
If he is not, you generate the "Login with Facebook" URL asking for the offline_access permission :
if (!$user) {
$args['scope'] = 'offline_access';
$loginUrl = $facebook->getLoginUrl($args);
}
And then display the link in your template :
<?php if (!$user): ?>
Login with Facebook
<?php endif ?>
Then, when the user is logged in, you can retrieve the offline access token and store it. To get it, call :
if ($user) {
$token = $facebook->getAccessToken();
// store token
}
Use the offline access token
To use the offline access token when the user is not logged in :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$facebook->setAccessToken("...");
And now you can make API calls for this user :
$user_profile = $facebook->api('/me');
Hope that helps !
UPDATE: This answer is no longer valid as offline_access is deprecated.
You need to request the offline_access permission. Check the permissions doc.
EDIT Per the update and comments - some info on the removal of the offline_access can be found here.