I'm trying to make a small bot with my facebook app.
I've an Facebook app, people registered to my app through facebook.
I want my bot to check every day checkins of my users (launch with scheduler like cron)
since the bot is not accessed by a user, is there any way to retrieve access token for a user to get checkins information? via graph api?
I read that access_token expires, event offline_token can not be used forever.
I have tried to store fb_uid and user code generated when registering, but that is not working...
This is where offline_access rights are for. You can test this by using the token debugger. Just get a token with offline_access and you will see that the token won't ever expire. Until off course the rights are revoked by the user.
Related
I am trying to work with Facebook's Graph API v2.8 through the php-graph-sdk.
My main objective right now is to get page ratings.
I setup a Facebook App which I'll call FB Ratings App and I can read ratings on my Facebook pages, but I ran into problems when I try to have other users get ratings through my app, FB Ratings App.
Here's a breakdown:
User A
Owns the Facebook App: FB Ratings App
Owns their Facebook Page: Sample Page A
Can see the Facebook Page data
The Access Token says it does not expire.
User B
Does NOT own the Facebook App: FB Ratings App
Owns their Facebook Page: Sample Page B
Can NOT see the Facebook Page data
The Access Token says it expires in 2 months
When I use the Access Token Debug Tool I see the same expiration time of 2 months for User B for the short lived access token as well as the long lived access token but the token string does change when I send the short token and ask for the long lived token.
Summary
Users (except for myself) are not getting access tokens that do not expire. Is there a way to renew these without the user logging in again or should I be getting a token that doesn't expire?
The same users that are getting access tokens of 2 months are not able to get Page Access Tokens for FB Pages that they own and created.
Here's a couple notes on the Facebook App that I created in the developers area.
It is set to Public with the status, "Your app is currently live and available to the public." However, I have not submitted the app for approval. I wasn't sure if this was necessary or how to go about this. If I need to do this, does my project need to be finished for Facebook to review the code?
These issue maybe related or they could be separate. The Facebook API is by far the most confusing API that I've worked with.
it seems that this method doesn't work for logging out the user from an app on facebook, i dont want to log the user from facebook itself like with getLogoutUrl, only from the app.
if the user uncheck the email field on the dialogue box the first time he log in with facebook, he needs to logout from the app, in order to log in again without unchecking the email field, so he have a second chance of signing in to my site.
this method doesn't work anymore:i'm on php SDK V4
setcookie('fbs_455857397897935','', time()-100);
// kill the session
session_destroy();
455857397897935 is the app id
You could try to revoke users login using graph API
DELETE /{user-id}/permissions
Quoting from docs:
You can also let people completely de-authorize an app, or revoke
login, by making a call to this Graph API endpoint:
DELETE /{user-id}/permissions This request must be made with a valid
user access token or an app access token for the current app. If the
request is successful, your app receives a response of true. If the
call is successful, any user access token for the person will be
invalidated and they will have to log in again. Because you're
de-authorizing your app, they will also have to grant access to your
app as if they were logging in for the first time.
Hope this helps your usecase.
I've noticed some people storing token and secret key in a user table after a user connects the the app using facebook login.
But I was just wondering, are these values changed constantly or not? Also, are they there to keep the login live or anything?
The Facebook API uses OAuth 2.0. Once a user has granted your application privileges to their account, FB sends you an authorization token that your application needs to store. The reason being is that you need to send that token every time you make a FB API request on behalf of that user. FB checks to see if the token is still valid and if it is then it allows the request to be processed (E.g. making a post to the user's wall).
If you look at the Graph API Explorer, you will notice the "Access Token" field at the top. Click the "Get Access Token" button to generate one for your own account so you can make test calls on behalf of yourself.
I'd just like to ask about a problem I'm facing with Facebook Graph API.
I've connected to Facebook successfully, stored the user ID, and user access_code into my DB
Now when viewing the site I'm building, it's using the access_token stored in my database, but doesn't show my facebook statuses....because the "session has expired"....
Is there anyway I can regenerate the access_token?
Thanks
Example:
$status = 'https://graph.facebook.com/'.$userId.'/statuses?limit='.10.'&access_token='.$app_token;
User access tokens last only 1-2 hours. There is a technique to get a 60 day token for your use. It is explained here: http://dominicminicoopers.blogspot.com/2012/03/facebook-access-tokens-and-offline.html Remember to get this extended access token prior to the short-lived access token expiring. You must pass in a valid working user access token to pass to it. Do this serverside, not clientside because you have to use your app secret.
https://graph.facebook.com/oauth/access_token?
client_id=[APP_ID]&
client_secret=[APP_SECRET]&
grant_type=fb_exchange_token&
fb_exchange_token=[EXISTING_NON-EXPIRED_USER_ACCESS_TOKEN]
Remember to ask for the user_status permission when prompting the user. See: http://developers.facebook.com/docs/authentication/permissions/#user_friends_perms
You cant regenerate it, but you can get a new one by having the user go through the oauth process again, it will return a new token - https://developers.facebook.com/docs/authentication/
You can try to get a long lived token. That will allow you to access the status even when the user is not loged in.
See here
I need help with Facebook OAuth. I am trying to make a facebook news feed gadget for my webpage. What I did is, I created a facebook login page, got the verification code, and then got the access token. There is an expiry parameter in the access token.
My question is, what happens when the token gets expired? Does it become a new token person logs in again. I want to store it in a database, so I can access it anytime I navigate through the webpage.
If I use the access token, will it still get expired? Or does it expire if its not been used for the given expiration time?
The answer to your initial question, is that an access token is only valid whilst the user is logged in. So yes, a new access_token will need to be retrieved every time they log in to your site. This is detailed in the authentication flow documentation.
In order to get an access token which is does not have an expiry (or has a long validity period), you will need to get the user to authorise the offline_access. This should be set in your scope.
Here's a description of the offline_access permission from this documentation:
offline access - Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
This will not however, give you access forever. If the user changes their password, or deauthorises your application, you will need to get the user to reauthorise it to get a new access_token. If you try to use an out of date access token, an error message will be returned. That's why it's important to have a flow which will allow for such eventualities.
From my knowledge you can achieve this by asking for access my information anytime permission (offline_access) while a user does fconnect.
For Detail information please refer
For Permissions: http://developers.facebook.com/docs/reference/api/permissions/
For expired Token: http://developers.facebook.com/blog/post/500/