I have offline_access and manage_pages permission but I keep getting all sorts of OAuth errors - with the code below I get
Fatal error: Uncaught OAuthException: Error validating access token:
The session has been invalidated because the user has changed the
password.
I saved both the user access token and the page access token in a database and then try to use it to update a page the user is admin of when the user is offline. I cannot seem to make this work:
$access_token = User token got when user was logged in;
$news_token = Page token got when user was logged in;
// $accounts_url = "https://graph.facebook.com/me/accounts?" . $access_token;
$page_info = $facebook->api("/$news_page?fields=access_token");
$args = array(
'access_token' => $news_token,
'message' => $u,
'link' => $news_url,
'description' => $u,
'name' => $news_title,
'picture' => $image
);
$post_id = $facebook->api("/$page_id/feed","post",$args);
echo $news_source."(Offline): ".$u."<br />\n";
The commented out line above shows another thing I tried to no avail.
Can anybody help?
offline_access is deprecated.
http://developers.facebook.com/roadmap/offline-access-removal/
Related
I'm trying to post on user's Facebook wall from my app. The user granted the permissions to the app to post on his wall, and I have userid in db. I need to send the post automatically, without the user logging in again.
My code is:
try{
require_once(dirname(__FILE__) . '\lib\facebook-php\src\facebook.php' );
}
catch(Exception $o){
print_r($o);
}
$config = array(
'appId' => '123456',
'secret' => '454544',
'allowSignedRequest' => false // optional but should be set to false for non-canvas apps
);
$facebook = new Facebook($config);
$user_id = $facebook->getUser();
$user_id = '123456';
if($user_id) {
// We have a user ID, so probably a logged in user.
// If not, we'll get an exception, which we handle below.
try {
$ret_obj = $facebook->api('/me/feed', 'POST',
array(
'access_token' => $facebook->getAccessToken(),
'link' => 'www.example.com',
'message' => 'Posting with the PHP SDK!'
));
echo '<pre>Post ID: ' . $ret_obj['id'] . '</pre>';
// Give the user a logout link
echo '<br />logout';
} catch(FacebookApiException $e) {
// If the user is logged out, you can have a
// user ID even though the access token is invalid.
// In this case, we'll get an exception, so we'll
// just ask the user to login again here.
var_dump($e);
$login_url = $facebook->getLoginUrl( array(
'scope' => 'publish_stream'
));
echo 'Please login.';
error_log($e->getType());
error_log($e->getMessage());
}
} else {
// No user, so print a link for the user to login
// To post to a user's wall, we need publish_stream permission
// We'll use the current URL as the redirect_uri, so we don't
// need to specify it here.
$login_url = $facebook->getLoginUrl( array( 'scope' => 'publish_stream' ) );
echo 'Please login.';
}
This throws An active access token must be used to query information about the current user. error and asks for login. After I click login, the post is sucesfully posted.
How can I get the access token with userid without the user logging in?
This happens when the active access token is not available while calling the API end point /me
There are two solutions to get rig of this
use the userid instead of /me
set the access-token prior sending the api call
For the first you can make the call as
ret_obj = $facebook->api('/'.$user_id.'/feed', 'POST',
array(
'link' => 'www.example.com',
'message' => 'Posting with the PHP SDK!'
));
You dont need to send 'access_token' => $facebook->getAccessToken(),
The Second option is to do as
$access_token = $facebook->getAccessToken();
$facebook->setAccessToken($access_token);
ret_obj = $facebook->api('/me/feed', 'POST',
array(
'link' => 'www.example.com',
'message' => 'Posting with the PHP SDK!'
));
NOTE: publish_stream scope must be send while doing the login
Deprecation Notice :publish_stream was replaced by publish_actions, check the facebook doc for permission
you have to get permission .
Check it out here
https://developers.facebook.com/docs/reference/login/
I have this facebook app to show fb notifications in my website. Then i had this problem, Assume two users Alice & Bob. Alice is my website's regular user and she recommended it to Bob. She made him register on to my site from her own laptop. When bob tried to add the app, Alice's fb notifications shown up. Actually when Bob clicked the login link, since alice was already logged onto facebook it just pulled her details (same session), how to tackle this situation, Do we have to make Alice logout from facebook and make Bob login, Something like "Alice already logged in, sign in as a different user", Could somebody please suggest some solutions and how to do it.
The following is the piece of code am using for login
require_once('sdk/src/facebook.php');
$facebook = new Facebook(array(
'appId' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'cookie' => true
));
// Get User ID
$user = $facebook->getUser();
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
//check permissions list
if ($user) {
$permissions_list = $facebook->api('/me/permissions','GET', array('access_token' => $access_token));
//check if the permissions we need have been allowed by the user
//if not then redirect them again to facebook's permissions page
//
$permissions_needed = array('manage_notifications','publish_stream', 'read_stream');
$login_url_params = array(
'scope' => 'manage_notifications,publish_stream,read_stream',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
foreach($permissions_needed as $perm) {
if( !isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1 ) {
$login_url_params = array(
'scope' => 'manage_notifications,publish_stream,read_stream',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
echo $login_url;
header("Location: {$login_url}");
exit();
}
}
//if the user has allowed all the permissions we need,
//get the information about the pages that he or she managers
$accounts = $facebook->api(
'/me',
'GET',
array(
'access_token' => $access_token
)
);
}
else {
//if not, let's redirect to the ALLOW page so we can get access
//Create a login URL using the Facebook library's getLoginUrl() method
$login_url_params = array(
'scope' => 'manage_notifications,publish_stream,read_stream',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
//redirect to the login URL on facebook
$facebook_login = $login_url;
echo "<a href='$login_url'>Login Facebook</a>";
The best thing to do would be the following:
When a user comes to your site, detect whether they are logged into Facebook and whether they are auth'd for your app using the Javascript SDK and the FB.getLoginStatus method.
If they aren't auth'd, prompt them with the Permissions dialog and encourage them to sign up.
If they are auth'd and logged in to FB, then automatically log them into your website. To avoid the Alice/Bob confusion, show an indicator somewhere on your website that they've been logged in as "Alice" and maybe have a link underneath that says 'Not you? Click here to login as someone else' or similar
If they click on this link, or they click on a Logout link on your site call the FB.logout method in the Javascript SDK which will invalidate the current access token for that user but also log them out of Facebook.
Then, you can push them back to the login/registration page after this and they will be prompted to login to their Facebook account.
As far as I know, the new user has to log the previous user out of Facebook and log him or herself in first.
We have no control over the login/auth popup nor the locally stored Facebook session data so when Bob hits login and sees Logged in as Alice (Not You?) he's just supposed to hit 'not you?', which will log Alice out of Facebook and prompt Bob to login and then authorize. This is problematic though because when Bob leaves and Alice goes to Facebook.com she will be logged into Bob's account.
One possible solution is to grab the current logged in user's name and profile picture, and to display it next to the Login with Facebook button. That might help clarify things to the user. You should be able to display this info without being authenticated and could even provide your own link to log out of Facebook.
After authenticating a user and posting to their wall, it gives the user a choice to logout or continue back to the homepage logged in. If they logout and try to log back in, I get this error.
Fatal error: Uncaught OAuthException: An active access token must be used to query
information about the current user. thrown in ...
If they stay logged in they are fine.
After logging out the script using FB.logout from the jdk it is setting the $_SESSION['active'][$access_token] to null, so when I come to connect page again from the facebook login, I get a above for-mentioned error. However the script is not clearing out the userdata
$user = $facebook->getUser(); returns the previous userID, which I assume is part of my problem.
Here is the code
<?php
//include the Facebook PHP SDK
include_once 'facebook.php';
//instantiate the Facebook library with the APP ID and APP SECRET
$facebook = new Facebook(array(
'appId' => '162628977190080',
'secret' => '**MADE PRIVATE**',
'cookie' => true
));
//Get the FB UID of the currently logged in user
$user = $facebook->getUser();
//if the user has already allowed the application, you'll be able to get his/her FB UID
if($user) {
//start the session if needed
if( session_id() ) {
} else {
session_start();
}
//do stuff when already logged in
//get the user's access token
$access_token = $facebook->getAccessToken();
//check permissions list
$permissions_list = $facebook->api(
'/me/permissions',
'GET',
array(
'access_token' => $access_token
)
);
//check if the permissions we need have been allowed by the user
//if not then redirect them again to facebook's permissions page
$permissions_needed = array('publish_stream', 'email');
foreach($permissions_needed as $perm) {
if( !isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1 ) {
$login_url_params = array(
'scope' => 'publish_stream,email',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
header("Location: {$login_url}");
exit();
}
}
//if the user has allowed all the permissions we need,
//get the information about the pages that he or she managers
$accounts = $facebook->api(
'/me/accounts',
'GET',
array(
'access_token' => $access_token
)
);
//save the information inside the session
$_SESSION['access_token'] = $access_token;
$_SESSION['accounts'] = $accounts['data'];
//save the first page as the default active page
$_SESSION['active'] = $accounts['data'][0];
//redirect to manage.php
header('Location: ../facebook_result.php');
} else {
//if not, let's redirect to the ALLOW page so we can get access
//Create a login URL using the Facebook library's getLoginUrl() method
$login_url_params = array(
'scope' => 'read_stream,email',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
//redirect to the login URL on facebook
header("Location: {$login_url}");
exit();
}
?>
Solved it by getting rid of the a lot of the php and using the javascript sdk, took less than three hours to rewrite to do what I wanted.
I have built an app that allows users to update their status' externally. It uses the PHP SDK.
Is it possible to automatically login for registered users once they have initially authorised their facebook account via the app? I do not want them to have to login for every new session. Id like that once they have been authenticated the first time, they are always connected and not asked to login multiple times. Possibly by storing the access token in a database and this using this to connect somehow. Is this possible? I have noticed other apps that do this, but have no idea how they do this eg. ping.fm
Below is what I have so far, but this requires the user to select the "login" link when the session expires.
//instantiate the Facebook library with the APP ID and APP SECRET
$facebook = new Facebook(array(
'appId' => 'appid',
'secret' => 'secret',
'cookie' => true
));
//Get the FB UID of the currently logged in user
$user = $facebook->getUser();
//if the user has already allowed the application, you'll be able to get his/her FB UID
if($user) {
//start the session if needed
if( session_id() ) {
} else {
session_start();
}
//do stuff when already logged in
//get the user's access token
$access_token = $facebook->getAccessToken();
//check permissions list
$permissions_list = $facebook->api(
'/me/permissions',
'GET',
array(
'access_token' => $access_token
)
);
//check if the permissions we need have been allowed by the user
//if not then redirect them again to facebook's permissions page
$permissions_needed = array('publish_stream', 'read_stream', 'offline_access');
foreach($permissions_needed as $perm) {
if( !isset($permissions_list['data'][0][$perm]) || $permissions_list['data'][0][$perm] != 1 ) {
$login_url_params = array(
'scope' => 'publish_stream,read_stream,offline_access',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
header("Location: {$login_url}");
exit();
}
}
//if the user has allowed all the permissions we need,
//get the information about the pages that he or she managers
$accounts = $facebook->api(
'/me',
'GET',
array(
'access_token' => $access_token
)
);
//save the information inside the session
$_SESSION['access_token'] = $access_token;
$_SESSION['accounts'] = $accounts['data'];
$facebookAuth = TRUE;
} else {
//if not, let's redirect to the ALLOW page so we can get access
//Create a login URL using the Facebook library's getLoginUrl() method
$login_url_params = array(
'scope' => 'publish_stream,read_stream,offline_access',
'fbconnect' => 1,
'display' => "page",
'next' => 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']
);
$login_url = $facebook->getLoginUrl($login_url_params);
//redirect to the login URL on facebook
$facebook_login = $login_url;
}
if (isset($_GET['submit'])){
if ($_GET['facebook']){
//get the info from the form
$parameters = array(
'message' => $_GET['message']/*,
'picture' => $_POST['picture'],
'link' => $_POST['link'],
'name' => $_POST['name'],
'caption' => $_POST['caption'],
'description' => $_POST['description']*/
);
//add the access token to it
$parameters['access_token'] = $_SESSION['active']['access_token'];
//build and call our Graph API request
$newpost = $facebook->api(
'/me/feed',
'POST',
$parameters
);
if ($newpost){
echo 'posted to facebook';
} else {
echo 'not posted to facebook :0( ';
}
}
I did not check how ping.fm does it.
But after looking at the extended permissions list here:
http://developers.facebook.com/docs/reference/api/permissions/
xmpp_login (Provides applications that integrate with Facebook Chat the ability to log in users.)
Otherwise, i dont think its possible.
Even desktop Apps need to redirect the user to a browser for authentication.
This also may depend on whether the user has the "keep me logged in" checkbox marked on log-in.
Since you have the offline_access, then you basically can perform the actions regardless if the user is logged in or not.
I'm testing out scores api on my test app.
So...I've singed up my app with the following permissions.
publish_stream,
publish_actions,
user_status,
user_photos
After logged in, I'm requesting the following api in PHP
$loggedUser = $Facebook->getUser();
$scoreUpdate = $Facebook->api('/'.$loggedUser."/scores", 'post', array('score'=> 100));
I get the following error.
This method must be called with an app access_token
So I've checked what the sdk is sending to facebook, and I've confirmed that it is sending 'access_token' along with my params.
What's the problem in this case?
app access_token you can simple make it like this:
$facebook->api('/me/scores', 'POST', array(
'score' => 100,
'access_token' => $facebook->getAppId().'|'.$facebook->getApiSecret()
));
voila
Now there are two tokens, a User token...and an Application token. You need the later.
Now the PHP-SDK will append the user access_token if it finds one which is I think your case. I suggest you read the official Facebook how-to for publishing scores
Example taken from my tutorial:
$APPLICATION_ID = "APP_ID";
$APPLICATION_SECRET = "APP_SECRET";
$token_url = "https://graph.facebook.com/oauth/access_token?" .
"client_id=" . $APPLICATION_ID .
"&client_secret=" . $APPLICATION_SECRET .
"&grant_type=client_credentials";
$app_token = file_get_contents($token_url);
$ret_obj = $fb->api( '/' . $fb->getUser() . '/scores', 'POST', array(
'score' => 100,
'access_token' => $fb->getAppId().'|'.$fb->getApiSecret()
));
If you specify the app access token in the access_token parameter, you will eventually lose the ability to use /me, so you have to be specific about the user ID. Otherwise you get this error: "OAuthException: An active access token must be used to query information about the current user", as explained here : facebook Uncaught OAuthException: An active access token must be used to query information about the current user