I have created a simple Facebook application some weeks ago. I was getting user information through the Facebook API by asking permission from the users. But it stopped working last week out of nothing and I have been looking for an answer since then.
Basically I used to use file_get_contents to get the user information from Facebook API. But I tried changing it to cURL after it started failing, but still not working. I tried using the Facebook PHP-SDK, even debugged the code to makeRequest method, but I get the same return in all methods.
When a cURL request is made to Facebook Open Graph URL, the request fails either with error number 7 or 28. They are both error codes for unable to connect to the site or getting time out.
My site is on a shared hosting, I have tried using cURL to get other sites, and It works fine. But when I try to get even http://www.facebook.com, cURL returns FALSE.
The hosting has SSL certificate, has cURL enabled etc. And it was working fine some time ago. I have read through various threads and posts about this, tried many different cURL options, and none of them seem to work.
Any ideas?
index.php
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($GLOBALS['canvas_page']) . "&scope=publish_stream,email";
$signed_request = $_POST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
$_SESSION['oauth_token'] = $data['oauth_token'];
$_SESSION['user_id'] = $data["user_id"];
$user = new User($_SESSION['user_id'], $_SESSION['oauth_token']);
User class
function __construct($fid, $at) {
$this->facebook = new Facebook(array(
'appId' => "<APP_ID>",
'secret' => "<FACEBOOK_SECRET_ID>",
));
$this->fid = $fid;
$this->token = $at;
if ($data = $this->getGraph()) {
...
}
}
public function getGraph() {
$session = $this->facebook->getUser();
if ($session) {
try {
$access_token = $this->facebook->getAccessToken();
$attachment = array('access_token' => $access_token);
//$result = $this->facebook->api('/' . $this->fid, 'GET', $attachment);
$result = $this->facebook->api('/' . $this->fid, 'GET');
return $result;
} catch (FacebookApiException $e) {
return false;
}
}
}
Notes:
After checking the Facebook PHP SDK methods, I've realized that I do not need to send access token, as it will set it if access token is not in the $params.
It goes down to makeRequest() method in sdk, and returns false from the curl_exec.
Apparently this is related with the round-robin DNS structure of Facebook. I guess one of the addresses of the Facebook failed and the server was still trying to connect to that address because of the DNS cache.
The hosting provider had to clear their DNS caches to resolve the problem.
For more information about the round-robin DNS, you may visit http://en.wikipedia.org/wiki/Round-robin_DNS.
Related
I have an issue with redirection uris, signed requests and mobile web Facebook apps and I just cant pin point where I am screwing this up.
I have a canvas app at example.com running an app that uses signed request to grab its users data. I decided to launch a mobile version so that my mobile users could use the app so I created a new directory example.com/m and made a mobile version.
At the moment the normal app is working perfectly, but the mobile app is stuck in an infinite loop once the user allows the oauth privileges. I have tried experimenting with different URLS but I haven't been able to figure it out. For the mobile the signed request is empty and I cant figure out why.
In my Facebook settings I have this set as the canvas url:
example.com
this set as the mobile web url
example.com/m
In my normal browser app I am using the following code to get the oath from Facebook:
$redir = "https://apps.facebook.com/example";
if(isset($_REQUEST["signed_request"]))
{
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
}
if (empty($data["user_id"]))
{
$fb -> go("https://www.facebook.com/dialog/oauth?client_id={$app["appid"]}&redirect_uri=$redir&scope={$app["permissions"]}&response_type=token");
exit;
} else
{
$fb -> access_token = "access_token=" . $data["oauth_token"];
}
This code is working fine, in my mobile version i have this code (I have tried a lot of different urls here and there but still cant get around the issue)
$redir = "https://apps.facebook.com/example/m";
if(isset($_REQUEST["signed_request"]))
{
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
}
if (empty($data["user_id"]))
{
$fb -> go("https://www.facebook.com/dialog/oauth?client_id={$app["appid"]}&redirect_uri=$redir&scope={$app["permissions"]}&response_type=token");
exit;
} else
{
$fb -> access_token = "access_token=" . $data["oauth_token"];
}
I am having trouble finding the right access_tokens.
I have tried all ways that I have found on Google and developers.fb, but for this application(I have done it before, and made it work for another app) I just don't seem to be succesful.
I am aware that FB is constantly renewing their API's so maybe I just have found outdated solutions.
There seem to be different types of access tokens: user access tokens, and page access tokens. I find some answers in facebook documentation, but none that I understand.
The app I'm trying to create is something similar to a birthday-reminder, so it needs to be able to send offline messages(fex. be runned by a cron-job, and post to just one fb-page, owned by me, just in the name of the app itself)
I have registered the app with the page-tab on this address:
--https://www.facebook.com/dialog/pagetab?app_id=MY_APP'S_ID&display=popup&next=MY_URL--
and can now find it from the Facebook-page's settings.
Then I get to the part where i need the access token.
I dont know which of the URL's that give me what kind of access token, so I have tried both:
I have visited this URL:
(I write all links duplicate, the answer from tutorials, and my re-written link)
(of course all code pointing to my app and webpage is replaced for security reasons)
--https://www.facebook.com/dialog/oauth?client_id=0123456789011121&redirect_uri=http://www.example.com&scope=read_stream,publish_stream,offline_access--
--https://www.facebook.com/dialog/oauth?client_id=MY_APP_ID&redirect_uri=MY_REDIRECT_URL&scope=read_stream,publish_stream,offline_access--
and got:
http://www.example.com/?code=XXXXX1x1X1xxXxxX1xXxXxX1X111xX11XXXXX1XXXXXxX_XxXxxXxX1xxxXx1xXxXx-x1XxXXXxXXx1xXxXXXxXl1xX-111xXxxxXxxx1xXxxx1xXx1X1X1Xx-xxxXXXxXXXX1XXXXxx1Xxx1_xXxXxxxXx1x1XxXxxXx1XXxX-x1x1xxxXXxXxX1XX1XX1x1-xxXxxxx1Xx1XxXXXxxX#_=_
in other words(as I believe), retrieved the code:
XXXXX1x1X1xxXxxX1xXxXxX1X111xX11XXXXX1XXXXXxX_XxXxxXxX1xxxXx1xXxXx-x1XxXXXxXXx1xXxXXXxXl1xX-111xXxxxXxxx1xXxxx1xXx1X1X1Xx-xxxXXXxXXXX1XXXXxx1Xxx1_xXxXxxxXx1x1XxXxxXx1XXxX-x1x1xxxXXxXxX1XX1XX1x1-xxXxxxx1Xx1XxXXXxxX#_=_
As I have found on Google, it seems as I need to get another code as well, so then I have visited this URL(of course I have tried the first code I got first):
https://graph.facebook.com/oauth/access_token?client_id=0123456789011121&redirect_uri=http://www.example.com&client_secret=1x1111xx11111xXXx11x111111111x11&code=XXXXX1x1X1xxXxxX1xXxXxX1X111xX11XXXXX1XXXXXxX_XxXxxXxX1xxxXx1xXxXx-x1XxXXXxXXx1xXxXXXxXl1xX-111xXxxxXxxx1xXxxx1xXx1X1X1Xx-xxxXXXxXXXX1XXXXxx1Xxx1_xXxXxxxXx1x1XxXxxXx1XXxX-x1x1xxxXXxXxX1XX1XX1x1-xxXxxxx1Xx1XxXXXxxX#_=_
--https://graph.facebook.com/oauth/access_token?client_id=MY_APP_ID&redirect_uri=MY_REDIRECT_URL&client_secret=MY_APP_SECRET&code=THE_CODE_I_GOT_FROM_THE_PREVIOUS_RUN--
But when i try to run the app I get this error message:
Result: {"error":{"message":"Malformed access token XXXXX1x1X1xxXxxX1xXxXxX1X111xX11XXXXX1XXXXXxX_XxXxxXxX1xxxXx1xXxXx-x1XxXXXxXXx1xXxXXXxXl1xX-111xXxxxXxxx1xXxxx1xXx1X1X1Xx-xxxXXXxXXXX1XXXXxx1Xxx1_xXxXxxxXx1x1XxXxxXx1XXxX-x1x1xxxXXxXxX1XX1XX1x1-xxXxxxx1Xx1XxXXXxxX#_=_","type":"OAuthException","code":190}}
I have tried with different types of the ending of the access token(#=), because I dont recognize it from the other, working access token I retrieved last week, to a fully working app that I have built. That one did not have that ending, as I remember.
I also post the script here, if that is of any interest. I have found it in a tutorial, and it is quite simple code:
<?php
// CURL function to send with post method
function send_post_curl($url, $postdata = “”) {
$ch = curl_init($url);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$data = curl_exec ($ch);
curl_close ($ch);
return $data;
}
// setup the message
$fburl = 'https://graph.facebook.com/THE_FB_PAGE_ID/feed';
$fbtoken = 'THE_ACCESS_TOKEN';
$fbmsg = 'Great API to auto status, this is the message.
Thank to WebDDR
http://webddr.net/tips-and-tricks/facebook-offline-access-step-by-step-explanation/';
$fbpcurl = 'access_token='. $fbtoken;
$fbpcurl .= '&message='. str_replace('&', 'and', urlencode($fbmsg)) ;
$result = send_post_curl($fburl, $fbpcurl);
echo 'Result: '. $result;
?>
I really hope someone can help me, I am doing this as an job I have choosen to do for my education at the university.
/Johan
PS.
Sorry, had to wrangle with the links, --link-- because the forum thought it was spam
Ds.
Try this code :
<?php
session_start();
$facebook_appid = "facebook_appid"; // Facebook appplication id
$facebook_secret = "facebook_secret"; // Facebook secret id
$redirect_uri = "https://localhost/facebook_page/events.php"; // return url to our application after facebook login ## should be SAME as in facebook application
$scope = "user_photos,email,user_birthday,user_online_presence,offline_access,manage_pages,publish_stream,user_events,friends_events"; // User permission for facebook
$code = $_REQUEST["code"]?$_REQUEST["code"]:"";
if(empty($code)) {
$_SESSION['state'] = time(); // CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id=". $facebook_appid . "&redirect_uri=" . urlencode($redirect_uri) . "&state=". $_SESSION['state'] . "&scope=".$scope;
header("location:".$dialog_url);
}
if($_SESSION['state'] && ($_SESSION['state'] == $_REQUEST['state'])) {
$token_url = "https://graph.facebook.com/oauth/access_token?". "client_id=" . $facebook_appid . "&redirect_uri=" . urlencode($redirect_uri). "&client_secret=" . $facebook_secret . "&code=" . $code;
$response = #file_get_contents($token_url);
$params = null;
parse_str($response, $params);
echo $params['access_token'];
echo "<br>";
//$offer_url = "https://graph.facebook.com/".$dt->id."/conversations?access_token=".$dt->access_token;
//$off = #file_get_contents($offer_url);
//$dto = json_decode($off);
//echo "<pre>";
//print_r($dto);
}
?>
Since the offline_access Permission is deprecated in Facebook's Authentication flow, we have problem getting the so called long lived access tokens without that permission.
In Facebook's document about the deprecation it says, that server side OAuth generated access tokens will be long lived, but they are not.
Am I missing something? Some setting in app settings? Some special code I need to use to extend expiration time of access tokens? As I understand the documentation, for server side authentication, the access token which can be accessed by getAccessToken() method of PHP SDK when the user is logged in is long lived.
Edit (August 14th 2012):
A week ago the official Facebook PHP SDK was updated. The function name was changed to setExtendedAccessToken, and it was decided we actually needed to destroy the session afterwards, to remove the risk of having two active sessions.
Also, the function no longer actually returns the token, but instead stores it within the persistant data. You can therefore get the new access token with the public function getAccessToken afterwards. Grab the new SDK from official Facebook PHP SDK github page to make sure you're up to date.
Original Answer:
I have added a new public function to the base_facebook.php file, which returns an new access token which expires in 60 days. You can make a request to this function after you've received the normal access token. I've not tested, but I assume you also need to enable 'deprecate offline_access" in your Advanced settings of the Developer App.
Just add this to your base_facebook.php inside the facebook class and make a call to it. It works for me.
public function getExtendedAccessToken(){
try {
// need to circumvent json_decode by calling _oauthRequest
// directly, since response isn't JSON format.
$access_token_response =
$this->_oauthRequest(
$this->getUrl('graph', '/oauth/access_token'), array(
'client_id' => $this->getAppId(),
'client_secret' => $this->getAppSecret(),
'grant_type'=>'fb_exchange_token',
'fb_exchange_token'=>$this->getAccessToken()
)
);
} catch (FacebookApiException $e) {
// most likely that user very recently revoked authorization.
// In any event, we don't have an access token, so say so.
return false;
}
if (empty($access_token_response)) {
return false;
}
$response_params = array();
parse_str($access_token_response, $response_params);
if (!isset($response_params['access_token'])) {
return false;
}
return $response_params['access_token'];
}
Actually what was said:
If the access_token is generated from a server-side OAuth call, the resulting access_token will have the longer expiration time. If the call is made while there is still a valid access_token for that user, the returned access_token from this second call will remain the same and only the expiration time will be extended. Again, calling this multiple times during the same day will result only in the first call extending the expiration time.
Which means that it will be just longer than client-side generated token, and to receive extended token (60 days) you need do it manually by issuing request to:
https://graph.facebook.com/oauth/access_token?
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN
This token can still became invalid for several reasons, and how to handle this described in How-To: Handle expired access tokens blog post.
Update:
As of Aug 07, 2012 you can use setExtendedAccessToken method to extend access_token instead of manually constructing URL and retrieving details.
//using a javascript for popup for facebook login
FB.login(function(response) {
if (response.authResponse) {
var accessToken = response.authResponse.accessToken;
//got the accesstoken with 1-2 hours expire time
//got the accesstoken into a controller called facebook controller
$request = $this->getRequest();
$params = $request->getParams();
$token=$params['accessToken'];
//taking the access token to extend to 60days
$conf = $this->getConfigs();
$appid = $conf['fbdetails']['appid'];
$secret = $conf['fbdetails']['secret'];
$baseurl = $conf['app']['baseurl'];
//After the execution of below code , we will have a response with acess token expire time to 60days.
$token_url = "https://graph.facebook.com/oauth/access_token?client_id=".$appid."&client_secret=".$secret."&grant_type=fb_exchange_token&fb_exchange_token=".$token;
// Above response is given for parsing.
$c = curl_init();
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($c, CURLOPT_URL, $token_url);
$contents = curl_exec($c);
$err = curl_getinfo($c,CURLINFO_HTTP_CODE);
curl_close($c);
$paramsfb = null;
parse_str($contents, $paramsfb);
//after the parsing the contents in the above execution code the new extended accesstoken is stored.
$user_session = new Zend_Session_Namespace('fbuser');
$user_session->access_token = $paramsfb['access_token'];
//stored to session.
$this->_redirect('/home');
//Have a nice coding
An access token generated through a server-side OAuth call will be of the extended (longer) kind and you don't need to exchange it. It is already an extended token.
The only thing you must do is enable "Deprecate offline access" in your app settings. This is of course only necessary if "Deprecate offline access" was previously disabled.
Then, when you authenticate users through Facebook you will receive an access token that lives for 60 days. Authenticating multiple times during the same day will result only in the first authentication extending the expiration time.
Should you need an access token that NEVER expires for a PAGE, see my answer to a similar question here
From the developers page:
By using a long-lived user access token, querying the [User
ID]/accounts endpoint will now provide page access tokens that do not
expire for pages that a user manages.
this is for extending pages access token to expiring never, and extending the life of user access tokens expiring after 2 months(the 'new access token').
Ok so it took about a week of research but here is my solution.
in the https://developers.facebook.com/tools/explorer/ make sure that you have manage_page as part of your access_token. after that use this code with your app id, secret, and redirect:
<?php
app_id = "APP_ID";
$app_secret = "APP_SECERET";
$post_login_url = "REDIRECT_URL";
$code = $_REQUEST['code'];
//Obtain the access_token with publish_stream permission
if(empty($code)){
$dialog_url= "http://www.facebook.com/dialog/oauth?"
. "client_id=" . $app_id
. "&redirect_uri=" . urlencode( $post_login_url)
. "&COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES";
echo("<script>top.location.href='" . $dialog_url
. "'</script>");
}
else {
$token_url="https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id
. "&redirect_uri=". urlencode($post_login_url)
. "&client_secret=" . $app_secret
. "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token'];
echo 'access token: ' . $access_token.'<br>';
if($access_token){
$token_url="https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id
. "&redirect_uri=". urlencode($post_login_url)
. "&client_secret=" . $app_secret
.'&grant_type=fb_exchange_token'
. "&fb_exchange_token=" . $access_token;
$response = file_get_contents($token_url);
$access_token = $params['access_token'];
echo 'new access token: '.$access_token;
}
}*/
?>
After that copy the 'new access token' and go back to https://developers.facebook.com/tools/explorer/ When you get there past in your new access token into the the access token field.
Then click submit. After that in the node you will see a +____ click on this and scroll down to the accounts and click that. find the page that you need the access token for and copy and paste it into the access key field. click debug and you will see that it will never expire. save that token it will stay valid as long as you do not reset your apps secret.
Inspired by previous answers, I wrote a simple token self-renewal program. First, just put your current token in the 'token.sec' file.
This program will read a token from the file, and update with a new token if everything is OK. In other programs, you just need to use the token:
$access_token = file_get_contents("token.sec");
Here we are:
<?php
$app_id = "<your app id>";
$app_secret = "<your app secret>";
$access_token = file_get_contents("token.sec");
$token_url="https://graph.facebook.com/oauth/access_token?"
. "grant_type=fb_exchange_token"
. "&client_id=" . $app_id
. "&client_secret=" . $app_secret
. "&fb_exchange_token=" . $access_token;
$ch = curl_init($token_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if($response === false) {
die ('Curl error: ' . curl_error($ch));
}
// Close handle
curl_close($ch);
// parse the output
parse_str($response, $params);
if(!isset($params['access_token'])) {
die("No access token");
}
echo ("New token: $access_token\n");
// eveything looks OK
rename("token.sec", "token.sec.back"); // just in case
$myfile = fopen("token.sec", "w") or die("Unable to open file!");
fwrite($myfile, $access_token);
fclose($myfile);
?>
Finally, we can add this in our crontab to renew the token once per momth:
0 0 1 * * cd /home/<path>; php exchangeToken.php
I need to get the User ID of a user hitting a Facebook iFrame application. While sifting through all of the bogus and outdated information, I think I've come across the correct info.
When the user hits the page, I need to have them authorize the app. In my PHP I do this:
$facebook = new Facebook($appData);
$user = $facebook->getUser();
if(!$user) {
echo '<script>top.location.href="'.$facebook->getLoginUrl().'";</script>';
die();
}
This gives me the authorization request, but then pushes me back to my server, not the iFrame App's URL (http://app.facebook.com/blah). I manually constructed the URL and tried to set the URL to the app.facebook.com URI but then it I get an error saying the URL is not valid for the app.
How do you get it to redirect back to the app after authorization? This app will live inside Facebook, not be generally accessible outside, so I'm not looking for Facebook Connect login.
Edit
This is the exact error I get when I fiddle with the request_uri:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri: Given URL is not allowed by the Application configuration.
Have you tried setting the redirect_uri parameter.
if(!$user) {
$params = array('redirect_uri' => 'http://app.facebook.com/blah/');
die('<script>top.location.href="'.$facebook->getLoginUrl($params).'";</script>');
}
Go to:
http://developers.facebook.com/apps
In the your developer application settings on you need to change the URL settings so that Facebook knows your app is a canvas app. In the settings, be sure to delete all the URLs that are in the Web tab and then make sure that all the URLs are appropriately set in the On Facebook tab.
You can following sample code to authorize facebook application in an iframe app using graph api
<?php
ob_start();
session_start();
/*
* App Config
*/
$config= array(
'appId' => 'APPID',
'secret' => 'APPSECRET',
'canvas'=>"http://apps.facebook.com/sampleapp/");
$GRAPH_URL = "https://graph.facebook.com/";
$scope = "publish_stream,email";
$auth_url = "https://www.facebook.com/dialog/oauth?client_id=".$config['appId']."&redirect_uri=".urlencode($config['canvas']). "&scope=" . $scope;
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if(is_array($data)){
$authToken = $data['oauth_token'];
$userId = $data['user_id'];
$_SESSION['auth_token'] = $authToken;
//check for permission//
$permissions = json_decode(curl_get_file_contents($GRAPH_URL . "me/permissions?access_token=" . $authToken), TRUE);
if(array_key_exists('publish_stream', $permissions['data'][0]) ) {
$post = array('client_id'=>$config['appId'],'redirect_uri'=>$config['canvas'].'','client_secret'=>$config['secret'],'type'=>'client_cred');
$token_url="https://graph.facebook.com/oauth/access_token";
$response = curlpost($token_url,$post);
$params = explode('&',$response);
if(isset($params[0])){
$token = explode('=',$params[0]);
if($token[0]=='access_token'){
$access_token = $token[1];
$_SESSION['access_token']=$access_token;
$_SESSION['authorized']=1;
echo("<script> top.location.href='" . $config['canvas']."home.php'; </script>");
}
}else{
echo("<script> top.location.href='" . $config['canvas']."error.php'; </script>");
}
}else{
$url='https://graph.facebook.com/oauth/authorize?client_id='.$config['appId'].'&redirect_uri='.urlencode($config['canvas']).'&display=page&scope=publish_stream,email&type=user_agent';
echo("<script> top.location.href='" . $url. "'</script>");
}
}else{
echo("<script> top.location.href='" . $config['canvas']."error.php';</script>");
}
?>
Check this link for details
http://forum.bharathlisting.com/showthread.php?tid=13&pid=20#pid20
The question is: is it my brain? Or Facebook's infuriating API?
Intention:
Return my facebook album information and my user information
result: empty data set for album information, full result's for user information
{
"data": [
]
}
<?php
/****************************************************************************
Application settings
****************************************************************************/
$app_id = '123456';
$app_secret = "4543163864";
$my_url = "http://www.myurl.com/app";
$canvas_page = 'http://apps.facebook.com/my_canvas_page/';
# authorize the user using oauth protocol (including required permissions)
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page)."&scope=user_photos,friends_photos";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$fb_user_session = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
# if authorization failed, kick back to auth_url
if (empty($fb_user_session["user_id"]))
{
echo("<script> top.location.href='" . $auth_url . "'</script>");
}
else
{
/****************************************************************************
User successfully logged in.
****************************************************************************/
$my_albums = "https://graph.facebook.com/me/albums?access_token=".$fb_user_session['oauth_token'];
$my_info = "https://graph.facebook.com/me?access_token=".$fb_user_session['oauth_token'];
echo "<a href='$my_albums'>my album information</a><br>";
echo "<a href='$my_info'>my user information</a>";
### ignore this, just testing iframe call ###
exit;
echo("<script> top.location.href='" . $my_albums . "'</script>");
}
?>
Additional information:
Testing an 'album' request from http://developers.facebook.com/docs/reference/api/user/ while logged in works! It successfully returns all my album info. But I noticed the authorization token in the test URL is different from my retrieved application token ($fb_user_session['oauth_token']). What is going on here?
Am I missing some kind of authorization step? Why would my application return empty data for my albums using the exact same call & token while Facebook's test call returns a full set? If anyone can help solve this problem once and for all, that would be awesome.
Any ideas?
Try adding "user_photo_video_tags" to the list of scopes requested. Also, try calling the permissions api call to make sure you have access to the user's photos by checking the "user_photos" permission.
The url is: https://graph.facebook.com/me/permissions?access_token=...