I am doing a Canvas app inside the facebook page.
My very simple question is this: With the newest facebook SDK (just downloaded today), if a user has not yet granted access permission to your app, will the facebook class within the SDK automatically determine that and attempt to get authorization?
I can manually get auth for my app by going here:
https://graph.facebook.com/oauth/authorize?client_id=<myClientID>&redirect_uri=<myRedirectURL>&type=user_agent&display=page&scope=publish_stream,%20user_about_me,%20user_likes,%20email
That all works just fine... but when I attempt to do what the example.php does in the SDK, it returns an error:
Fatal error: Uncaught OAuthException: Invalid OAuth access token signature. thrown in /public_html/bridge/base_facebook.php on line 1107
Thus my question is: Am I supposed to be getting a valid OAuth access token, or am I setting up the facebook PHP SDK wrong?
Here is my complete PHP code that generates the error:
<?php
require 'facebook.php';
$facebook = new Facebook(array(
'app_id' => '<my app id>',
'app_secret' => '<my app secret>',
));
$user = $facebook->getUser();
$jared = $facebook->api('/jaredmark');
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
This code is essentially a direct copy/paste from the example, with a few minor edits.
It doesn't seem to be the case that the PHP SDK will display an authentication pop up without you manually causing it to do so by redirecting to that specific page. sigh
Related
I am trying to log users out from my website while they are using facebook login.
I am using "Facebook login php sdk v5".
i used fb-callback to log in:
<?php
session_start();
# login-callback.php
require_once 'facebook-sdk-v5/autoload.php';
$fb = new Facebook\Facebook([
'app_id' => 'XXXXXXXXXXXXX',
'app_secret' => 'XXXXXXXXXXXXXX',
'default_graph_version' => 'v2.5',
]);
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
if (isset($accessToken)) {
// Logged in!
$_SESSION['facebook_access_token'] = (string) $accessToken;
header('Location: index.php');
// Now you can redirect to another page and use the
// access token from $_SESSION['facebook_access_token']
}
?>
so i guees to check if some one is logged in i just check if the $_SESSION['facebook_access_token'] is set but to log them out do i "manually" put null inside the $_SESSION['facebook_access_token']?
If you paste how you log your users it would be helpful. I will assume you use default example code from facebook (FB) for login with their php sdk. It works sending a request to a RESTful api (from your server to facebook graph api) so theres actually no session (RESTful approach), everything is managed through an access_token. When a user logs in to your site through FB, it passes to your callback URL a response wich contains an access_token field, then you can use that access_token only once, generally to get FB user's profile, then you validate that information to log in your user in your server. Why all this explanation? because you should understand how this process works.
The short answer to this is, you handle the logout manually (Session::destroy() for example), you don't need the FB php sdk for logout
Logging People Out
You can log people out of your app by undoing whatever login status indicator you added, for example deleting the session that indicates a person is logged in. You should also remove the stored access token.
Logging someone out is not the same as revoking login permission (removing previously granted authentication), which can be performed separately. Because of this, build your app so it doesn't automatically force people who have logged out back to the Login dialog.
(THANKS FACEBOOK DOCS)
I need to read the posts on facebook. I had create the application and the program works if I log with my credential. But when I log with another credential ( like another profile that I have just created) the program doesn't work anymore. This is my login page:
$config = array(
'appId' => APPID,
'secret' => APPSECRET,
'allowSignedRequest' => false // optional but should be set to false for non-canvas apps
);
$facebook = new Facebook($config);
$user_id = $facebook->getUser();
if(!empty($_SESSION)) {
if($user_id) {
try {
$user_profile = $facebook->api('/me','GET');
$login_url = $facebook->getLoginUrl(array('scope' => 'user_posts'));
$access_token=$facebook->getAccessToken();
$facebook->setAccessToken($access_token);
} catch(FacebookApiException $e) {
error_log($e->getType());
error_log($e->getMessage());
}
}
} else {
$login_url = $facebook->getLoginUrl(array('scope' => 'user_posts'));
header("Location: ".$login_url);
}
when I login I obtain the access token and I call graph api:
https://graph.facebook.com/******/posts?access_token=**
This is operation work if I m who is logged in the application. If another login in the app this is not work.
Maybe it's a authentication problem. Maybe I forget some operation that I must do to authentica with another account. Anyone can help me?
You need to submit your App to Facebook then Facebook will check and pass you app then you can access you app other account. If you want to check App Functionality you can use Facebook App test user Id. Below I have Explained how to get test user
Goto App Page.
Click on Roles.
Click on to Right Corner Test users.
It will show your test user details.
Use this details and access you App.
You have to make your app public for all users from here: https://developers.facebook.com
have a look on it:
Use /me/feed instead of /me in your API call
see example below
Permissions
Your app needs user_posts permission from the person who created the post or the person tagged in the post. Then your app can read:
Timeline posts from the person who gave you the permission.
The posts that other people made on that person Timeline.
The posts that other people have tagged that person in.
If you attempt to read data from a feed that your app has not been authorized to access, the call will return an empty array.
please read this thread https://stackoverflow.com/questions/30719556/read-post-from-facebook-home/30732874#30732874
READING
/* PHP SDK v4.0.0 */
/* make the API call */
$request = new FacebookRequest(
$session,
'GET',
'/me/feed'
);
$response = $request->execute();
$graphObject = $response->getGraphObject();
/* handle the result */
Background:
I'm an employee of a public figure who is constantly getting facebook scam impersonations. I'm going to automate the process of checking facebook for new scams by having a script search facebook each day and report any new users and pages for his name. I'm modifying an old FB app that I created years ago to run the process.
Problem:
I noticed that I can search for "page" on facebook's graph api with my app, but "user" comes back with: "Fatal error: Uncaught OAuthException: A user access token is required to request this resource." I assume this is a permissions error so I try to add an &Access_Token= with all permissions from (https://developers.facebook.com/tools/explorer) to the URL with no luck.
Here's my PHP script:
require '../src/facebook.php';<BR>
$facebook = new Facebook(array(
'appId' => '**I_removed_this_code**',
'secret' => '**I_removed_this_code**'));
$access_token = $facebook->getAccessToken();
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');<BR>
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
$fb_response = $facebook->api('/search?q=**Public_Figure_Name**&type=page'); //<--change this to user and it doesnt work
print_r(array_values($fb_response));
The basic issue is that only users an app has access to are either users of the app or (given proper friend permissions) friends of users of the app.
However, if you were to act as you, using an SSO token, 'you' would have a user token and can do graph searches.
PS. I would have added this as a comment but my rep's not high enough.
If I try the following in the Graph Explorer, it works without problem:
/search?q=Tom%20Cruise&type=user
https://developers.facebook.com/tools/explorer?method=GET&path=search%3Fq%3DTom%2520Cruise%26type%3Duser&version=v2.2
The Search API is documented at https://developers.facebook.com/docs/graph-api/using-graph-api/v2.2#search which describes exactly your behaviour (distinction between page and user search).
My code cannot display the permission dialog when a user connect to my Facebook application. Instead of the login page, I got a 404 error.
My code:
require 'src/facebook.php';
require './config.php';
$facebook = new Facebook(array(
'appId' => $fb_app_id,
'secret' => $fb_secret,
'cookie' => true,
));
$userData = null;
$user = $facebook->getUser();
if ($user) {
try {
$userData = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
} else {
$loginUrl = $facebook->getLoginUrl(array(
'scope' => 'publish_stream',
));
}
<div id="loginWrapper">
<?php if ($user): ?>
Logout
<?php else: ?>
Login with Facebook
<?php endif ?>
</div>
I have also tried to put directly an personalized URL (like bellow) and I got the same 404 error.
$loginUrl = "http://www.facebook.com/dialog/oauth?client_id=".$fb_app_id."&redirect_uri=".$fb_app_url."&scope=publish_stream";
UPDATE 1:
Otherwise when I try to Login directly through the server (from http://mydomain/application/index.php), I got a redirection to Facebook website to the URL below and got this error message:
https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxxxxxx&redirect_uri=http://apps.facebook.com/myapplication&state=f8cd945d8a9aefcd0b439fecd8515a68&canvas=1&fbconnect=0&scope=publish_stream
UPDATE 2:
Here my application configuration:
And the message I got when I try to access directly from the app link: apps.facebook.com/myapplication/ without be logged
I would appreciate any help.
The status_update permission you are using in the scope for the loginUrl is not a valid permission. Take a look at the docs.
That could be your problem.
Also remember, that if a user has already authorized your app, they will not see the permission dialog again on subsequent logins. They will only be taken through the facebook login procedure.
EDIT:
Take a look at the image I've attached, facebook will on redirect to the url you specify in the site url field in app settings:
Regarding the update of your post: Go to the Developer App and select the App you're getting this error for. Click edit settings and enter the domain your App is hosted on/you're redirecting to into the "App Domain" field. Now just save and it should work.
Edit (solution from comment above): If it just doesn't work when you're not logged in, may it be that your App runs in Sandbox Mode? You can check if it's enabled in the "Advanced Settings" of your App.
I've been trying for couple days now without luck, I managed to use the example.php that comes with PHP-SDK and worked perfectly. I just need to store the returned session and use it later on so I could access without re-authenticating.
I tried storing the sessions in a serialized field in a database and then, restoring the data, unserializing it and using setSession function in the php-sdk to retrieve the authentication. Unfortunately, that did not work,
Here is a link to a previous question with the code samples..
Facebook OAuth retrieve information based on stored session
Please advice?
Update: Offline Access in now deprecated. Use something else instead.
If you want to use the access token of the user even after he has logged out of your app, you have to ask for the offline_access permission.
With the Facebook PHP SDK v3 (see on github), it is pretty simple. To log someone with the offline_access permission, you ask it when your generate the login URL. Here is how you do that.
Get the offline access token
First you check if the user is logged in or not :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
$user = null;
}
}
If he is not, you generate the "Login with Facebook" URL asking for the offline_access permission :
if (!$user) {
$args['scope'] = 'offline_access';
$loginUrl = $facebook->getLoginUrl($args);
}
And then display the link in your template :
<?php if (!$user): ?>
Login with Facebook
<?php endif ?>
Then you can retrieve the offline access token and store it. To get it, call :
if ($user) {
$token = $facebook->getAccessToken();
// store token
}
Use the offline access token
To use the offline access token when the user is not logged in :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$facebook->setAccessToken("...");
And now you can make API calls for this user :
$user_profile = $facebook->api('/me');
Hope that helps !