I am using LinkedIn API.
I have done all process to retrieve access token.
but never show anywhere to remove/revoke access token from the LinkedIn.
Please Help.!
Once you store the secret in your DB simply delete it and the access will be revoked.
I believe that if you wish for the user to revoke access to your app the user must to go linkedin and do it, much like Facebook.
As confirmed here: http://developer.linkedin.com/forum/how-really-revoke-apps-oauth-access-token linkedin does not have a programmable API for what you wanna do.
But before you remove it from DB you can invalidate the token which is like an extra step to take by cURLing https://api.linkedin.com/uas/oauth/invalidateToken with your token I believe.
Edit
As #Paul corrects, it is actually quite important to invalidate the tokens with LinkedIn. So doing that and then removing from DB is, as he says, the correct way.
Related
As the title suggests im wondering how i could obtain a never expiring facebook user access token. Which i would need to create a page access token at a later date. I tried using their graph explorer tool but i could only make it go up to 2 months of expiry date and for my use case that wouldnt be ideal.
To shortly explain my use case, on our website im trying to implement a facebook sharing system where each user could share what they wanted i.e posts on their facebook page (we are not using facebook login and the user would just give acces from their own dev tool panel if thats the correct approach). I got this to work BUT only with a acces token that would expire in 2-3months. So a user having to re-authenicate with our service every 2-3 months isnt ideal and wouldnt really work for us. So is there a way i can refresh that token programtically or does the user have to give a new user access token every couple of months.
I have tried following this answer but with no luck Long Lived access token Facebook Page and many similar answers to this. There is also a suggestion that you should contact facebook if you want a never expiring access token which this user suggested Generate permanent access token Facebook API.
Now im wondering if it even is possible do that in 2021 and if there is anything i missed in regards how to generate said tokens or refresh them.
EDIT:
I used the following requests to get the extended access token.
https://graph.facebook.com/oauth/access_token?client_id=<your FB App ID >&client_secret=<your FB App secret>&grant_type=fb_exchange_token&fb_exchange_token=<your short-lived access token>
After i got the token i used
https://graph.facebook.com/me/accounts?access_token=<your long-lived access token>
to get the extended access token.
To get page access token that never expires, take the following steps:
Get user token
Make this token long-lived, e.g. by clicking "Extend access token" at the bottom of the page: https://developers.facebook.com/tools/debug/accesstoken/
Then, use this token to get page access token.
In Access Token Debugger the token will be marked as "Expires: never"
I am planning to come up with a website to access the profile information of my friends on Facebook. The first step being is to authenticate a friend with their facebook user name and password. I am reading up on the docs on manually authenticating a user. I am unable to understand that once I have a access_token, what steps I need to take to get a user information, in this case, even me?
What I also do not understand is the website states to provide the app_id and app_secret to generate the access_token. My understanding was that access_token would be needed for user. So where does the example code authenticate a user? I am guessing that I haven't understood the login flow properly. If there are any other references, please let me know.
After getting the access token, simply use it with your calls. For eg:
$res = json_decode(file_get_contents(https://graph.facebook.com/me/friends?access_token=ACCESS_TOKEN));
EDIT
The token: APP_ID|APP_SECRET is the app access token, not the user access token; so it has nothing to do with the user and it wont understand /me. And its power is just.
The other token that is received by the login flow (as mentioned in the link you've mentioned in the question) is the user access token, and it understands /me. It has the power to do anything that user has granted the app to.
I'd like to make simple fb app, but I cant find how access token shoud be kept.
I mean that when user login i got 60days access token and its cool, but what if user changes password? What is the better way to valid access token, and get new one ?
Facebook has a post on their blog that may help you called How-To: Handle expired access tokens
Source: https://developers.facebook.com/blog/post/2011/05/13/how-to--handle-expired-access-tokens/
I'd just like to ask about a problem I'm facing with Facebook Graph API.
I've connected to Facebook successfully, stored the user ID, and user access_code into my DB
Now when viewing the site I'm building, it's using the access_token stored in my database, but doesn't show my facebook statuses....because the "session has expired"....
Is there anyway I can regenerate the access_token?
Thanks
Example:
$status = 'https://graph.facebook.com/'.$userId.'/statuses?limit='.10.'&access_token='.$app_token;
User access tokens last only 1-2 hours. There is a technique to get a 60 day token for your use. It is explained here: http://dominicminicoopers.blogspot.com/2012/03/facebook-access-tokens-and-offline.html Remember to get this extended access token prior to the short-lived access token expiring. You must pass in a valid working user access token to pass to it. Do this serverside, not clientside because you have to use your app secret.
https://graph.facebook.com/oauth/access_token?
client_id=[APP_ID]&
client_secret=[APP_SECRET]&
grant_type=fb_exchange_token&
fb_exchange_token=[EXISTING_NON-EXPIRED_USER_ACCESS_TOKEN]
Remember to ask for the user_status permission when prompting the user. See: http://developers.facebook.com/docs/authentication/permissions/#user_friends_perms
You cant regenerate it, but you can get a new one by having the user go through the oauth process again, it will return a new token - https://developers.facebook.com/docs/authentication/
You can try to get a long lived token. That will allow you to access the status even when the user is not loged in.
See here
I am using Oauth to create a way for users of our website to login
using their twitter account. However, It's quite annoying that
everytime they click to sign in with their twitter account they have
to grant access each and every time.
Couldn't it work so that if it has been granted once they don't have
to keep granting access? Therefore removing a step. I'm using the
steps found in:
http://net.tutsplus.com/tutorials/php/how-to-authenticate-users-with-twitter-oauth/
Thanks for any feedback!
I found the answer after talking to some developers on twitterapi irc
Bascially I was going to https://twitter.com/oauth/authorize with all my oauth, what I need to do was go to https://twitter.com/oauth/authenticate instead. That then gives forever authorization.
When the users connects, you receive an access token and a secret token, which are used every time you ask anything to the Twitter API.
If you wan't your users to stay connected to twitter, you only have to save in your database those two tokens. (They are user specific, don't use one token for every user).
When you know these tokens, you don't need to ask the user to grant access, you can directly use them to call the API.
If a user removes rights for your application, you won't be able to use his tokens any more, and you will have to ask him to grant access a new time.
You need to start the token / token secret you get in a database or other long term storage method. Then you pass it into the object that does the OAuth authentication so you don't have to keep asking your user. With PHP you can store them in a MySQL or similar database and load them into $_SESSION when the user logs in to pass the values.