I'm sorry if this is a re-post but no matter what search terms I use I can't find what I am looking for.
First, I'm developing in PHP, but the graph api just uses url calls so that shouldn't matter. I would like to avoid using the REST api.
I have an application that requires publish_stream and offline_access. The app is pointless for a user to install if they deny these permissions. How do I make them required?
I know I can check to make sure if the user has the permissions later, but that is a hassle and I'm trying to avoid it. But if this isn't possible that is what I'll have to do.
You don't have to use the REST API to authenticate, but you do need to check if the use has authenticated or not.
https://developers.facebook.com/blog/post/534/
You can use the javascript SDK instead of the REST API to prompt for authentication. You can use javascript for almost everything, not URL redirects needed.
https://developers.facebook.com/docs/reference/javascript/
There was actually a recent Facebook blog post about how to check for permissions, which is also helpful.
https://developers.facebook.com/blog/post/576/
If the user isn't authenticated, then place them on a page that has a button to prompt for authorization. Once granted, then you can redirect to the real page.
Related
I am trying to build a project using CodeIgniter and for sign up purposes, I am using Hybrid Auth library. I am using a link similar to "http://localhost/project/hauth/endpoint?hauth.done=Google" as my redirect URI for facebook and google.
app is working fine with it. But the problem is I can't understand what this "hauth.done" means.
As soon as I allow the permission, it redirects me to the above provided link where I don't know how to receive data/userprofile information.
Here is updated library which works with the latest HybridAuth (v2.10) and CodeIgniter (v3.x)
https://github.com/ApacheEx/CodeIgniter-HybridAuth
hauth.done uses for finishing authorization via Hybrid_Endpoint::process(); which calls processAuthDone to save all needed tokens for later API requests.
It is because you should provide proper redirect URL when call an api and after that when Hauth redirect to your desire page you can retrieve your information according to your code reference.
Otherwise as you are using Codeigniter, in my advice use git reference where you can find complete code for your application directory. In that code they already getting user profile info.
Git repo
I am working on my first wordpress plugin and posting to facebook. I have been looking for the last few days for ways to authenticate with facebook. I have found numerous sites that use the method of having the user create an App and then input the AppID and App Secret. However, I have used plugins before that use Oauth (I think) as it opens a pop up and the user basically logs into facebook and then says this app (your wordpress site) wants to control things.
Does anyone know of any resources for authenticating with Facebook without the user having to go through the trouble of creating apps?
Examples I have found but they require APPid and App Secrets.
http://www.sanwebe.com/2012/02/post-to-facebook-page-wall-using-php-graph http://www.pontikis.net/blog/auto_post_on_facebook_with_php
My anticipation is that they set up a website and create a single app for that. Then the plugin calls that website, gets the access token, and sends it back?
The wordpress documentation is quite confusing to me.
Creating an app takes about 5min, so I don't really see an obstacle here.
IMHO there's no other way than either
Using an app with FB Login to obtain the permission to post on a user's/page's behalf, or,
Getting an access token via the Graph Explorer and use this for your plugin
Please be aware that user access tokens expire after max. 60 days.
For my web application - I need to fetch all the data for a particular facebook page. What kind of permissions do I need. Do I really need to create a canvas app for it?
I dont intend to do anything on FB - but use some of the data available to arrive at some conclusions in my web based application which will be hosted on a server outside of FB.
Facebook's API documents should provide everything you need:
https://developers.facebook.com/docs/graph-api/reference/v2.1/page
According to the permissions section, you'll need either an App token or a User token. Since you're talking server-to-server (I'm assuming this is server-to-server on account of the PHP tag), you're going to want to use an App token:
https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
You should be able to create a Facebook App from within your Facebook account, which will provide you with an App ID and App Secret. You can use those to make calls directly to the API.
I'm trying to develop a PHP script to synchronize files with a Dropbox folder that I own.
I'm trying to connect using the Core API and OAuth 2, and it seems that a user needs to get an authorization code from an approval page, but my script needs to be stand alone without any user interaction.
My question is : is it possible ?
I didn't find anything to the Dropbox API documentation to achieve this.
Thanks in advance for any link, help or alternatives.
As #dev-null-dweller said in a comment, you certainly need to authorize the app once, but you can just store the token and keep reusing it.
You might want to use my app http://dbxoauth2.site44.com/ to get an OAuth token for yourself and then just hardcode it in your script.
I'm currently working on adding Facebook integration into a website of mine via the PHP SDK. I'm requesting and planning to use the offline_access permission so I'm storing the access_token in a database. However, I'm giving the user the option to remove the integration with Facebook after they add it and therefore then removing this access_token from the database. This is where the issue comes in:
The first time they add the integration, my app redirects to Facebook correctly and asks for the permissions, etc. Then, however, if they remove the integration and then re-add it, it doesn't ask for the permissions again (which makes sense since those permissions are still technically given to my app on that user's profile unless they went into Facebook and manually deleted them).
My question is if theres a way to tell Facebook to remove my app and its permissions from that user's Facebook profile so that if they go to re-add the integration, they are once again prompted to accept the permissions.
Perhaps something like $facebook->expireAllAppPermissions() I guess.
You can issue an HTTP DELETE request to /PROFILE_ID/permissions to revoke authorization for an app.
this is because you are just deleting access token from your data base , it will not remove your app from user profile. user is still authenticated with your app. he has to remove the app manually.