Hi Im trying to write a facebook application that will post a photo to a users page. Ive pretty much word for word followed this tutorial.
but whenever I try and upload a photo I get this error:
{
"error": {
"type": "OAuthException",
"message": "A user access token is required to request this resource."
}
}
I beleive the problem is coming from this code as I'm sending the AppID, AppSecret and post_login_url (which are all correctly populated) however $response is completely blank:
$token_url= "https://graph.facebook.com/oauth/"
. "access_token?"
. "client_id=" . $app_id
. "&redirect_uri=" . urlencode( $post_login_url)
. "&client_secret=" . $app_secret
. "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token'];
Any help would be appreciated, as always im on a tight deadline
Thanks,
Doug
The Application Access token is used to make API calls on behalf of an app, your underlying issue is likely that the API call you're trying to make has to be made on behalf of a User and needs a user access token produced when a user authorises your app.
The code you have above should be fine for getting an App Access token
Related
I'm following the steps very well described here https://stackoverflow.com/a/18399927/2510225 , but, from my server, I receive the following error:
{"error":{"message":"The access token does not belong to application APP-ID","type":"OAuthException","code":1}}
I can't figure what I'm doing wrong. Anyone knows if the process to get a permanent access token has changed, or is having the same issue?
The access token I'm using in the request is the user access token, which I think is correct.
In other words, I'm using this:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
With the app_id and app_secret of the app I want to publish on a page and the short-lived-token of the user that have created the app. Is that the right way?
Edition (Image to complement answer from #Sahil Mittal)
That's where I'm taking the API_ID (red arrow). That's correct, right?
Ok, That's how I've solved this, combining both solutions given [here][1] with some tries. :
1) Associate the app with the page (It was probably done)
http://facebook.com/add.php?api_key=_APP_ID&pages=1&page=_PAGE_ID
2)Take the CODE given here:
https://graph.facebook.com/oauth/authorize?client_id=_APP_ID_&scope=manage_pages&redirect_uri=http://www.facebook.com/connect/login_success.html
There will be a very fast output on the URL box of your browser, copy that fast. This output should be like this
https://www.facebook.com/connect/login_success.html?code=1234546bigstringwithlotsoflettersandnumbersdfdarsd#_=_
3)Use the CODE to take the short lived access token of the USER (I guess it can be the same get with the Graph API Explorer))
https://graph.facebook.com/oauth/access_token?client_id=_APP_ID_&redirect_uri=http://www.facebook.com/connect/login_success.html&client_secret=_APP_SECRET_&code=_CODE_
4)Convert the short lived access token to a long lived access token (user yet):
https://graph.facebook.com/oauth/access_token?client_id=_APP_ID_&client_secret=_APP_SECRET_&grant_type=fb_exchange_token&fb_exchange_token=_SHORT_LIFE_ACCESS_TOKEN_
You can check if this access token is long lived in
https://developers.facebook.com/tools/debug/accesstoken
4) Go to Graph API Explorer (https://developers.facebook.com/tools/explorer), click on the "X" to clear the access token box, and fill in the long access token that you created in the previous step.
5) On the box bellow, choose /ACCOUNT/, to see all the pages of the user this access token is related with. The acess token of these pages are never expired access token, which can be verified in https://developers.facebook.com/tools/debug/accesstoken
That's how it worked for for me.
You forgot to replace APP-ID with the relevant App ID.
You can get the same from the app settings
To get the short-lived-token:
if(empty($code))
{
$dialog_url= "http://www.facebook.com/dialog/oauth?"
. "client_id=" . $APP_ID
. "&redirect_uri=" . urlencode( $post_login_url)
. "&scope=publish_stream,email";
echo("<script>top.location.href='" . $dialog_url . "'</script>");
}
else
{
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $APP_ID
. "&redirect_uri=" . urlencode( $post_login_url)
. "&client_secret=" . $APP_SECRET
. "&code=" . $_REQUEST["code"];
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token'];
}
I am trying to write a php script that can upload a daily photo to my personal facebook wall. I need this to be done at anytime and not just when I am logged in. I am wondering if it is possible to upload a photo to my wall using php only or do I need to use an app with the right permissions. If so do I have to personally install that app and give correct permissions for my page to make this possible, if it is possible, and can this be done automatically?
What I want to do:
In short I want a users twitter feed to be converted and put on an image. I have the script that automatically does this already. However I would love it if after the twitter user tweets then this calls my script and converts it to an image (again I have done this code already) but...
Now I need a script that can automatically upload this to my personal wall after the image is created. Is this possible?
Well, you can use the extended user access token to get it working for a maximum of 60 days. After that, the token will expire and then you'll have to refresh the token and that is not possible without the user's interaction.
The documentation states the same:
Even the long-lived access token will eventually expire. At any point, you can generate a new long-lived token by sending the person back to the login flow used by your web app - note that the person will not actually need to login again, they have already authorized your app, so they will immediately redirect back to your app from the login flow with a refreshed token - how this appears to the person will vary based on the type of login flow that you are using, for example if you are using the JavaScript SDK, this will take place in the background, if you are using a server-side flow, the browser will quickly redirect to the Login Dialog and then automatically and immediately back to your app again.
After doing the above you will obtain a new short-lived token and then you need to perform the same exchange for a long-lived token as above.
To get the extended token make the following call from your server:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
Code
$app_id = APP_ID;
$app_secret = APP_SECRET;
$post_login_url = APP_URL;
$album_name = 'test';
$album_description = 'desc';
$code = $_REQUEST["code"];
//Obtain the access_token with publish_stream permission
if(empty($code))
{
$dialog_url= "http://www.facebook.com/dialog/oauth?"
. "client_id=" . $app_id
. "&redirect_uri=" . urlencode($post_login_url)
. "&scope=publish_stream";
echo("<script>top.location.href='" . $dialog_url .
"'</script>");
}
else {
// access token
$token_url= "https://graph.facebook.com/oauth/"
. "access_token?"
. "client_id=" . $app_id
. "&redirect_uri=" . urlencode( $post_login_url)
. "&client_secret=" . $app_secret
. "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token']; // <---
// extended token
$extended_token_url= "https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=".$app_id."&client_secret=".$app_secret."&fb_exchange_token=".$access_token;
$response = file_get_contents($extended_token_url);
$params = null;
parse_str($response, $params);
$extended_access_token = $params['access_token']; // <---
// Upload to the photos to the album here
}
That's the complete auth process, incl the extended token. You can find many posts regarding the upload of the photo, simply use the $extended_access_token with your calls.
(In case you are not aware, Graph API Explorer is a fantastic tool of facebook to test the APIs).
Good luck!
I have created a facebook place serach with graph api. But the access key expires every two hours. For this I have implemented the below code
$app_id = "---";
$app_secret = "----";
$my_url = "";
$code = $_REQUEST["code"];
if (isset($code)) {
$token_url="https://graph.facebook.com/oauth/access_token?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret
. "&code=" . $code . "&display=popup";
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token'];
}
$FacebookGraphURL = 'https://graph.facebook.com/search?fields=id,username,name,category,website,likes,location&q='.$keyword.'&type=place¢er='.$center.'&distance='.$radius.'&limit=5&access_token='.$access_token;
$FacebookGraphJSON = file_get_contents($FacebookGraphURL);
But this is giving the below error :
Notice: Undefined index: code in /opt/lampp/htdocs/APIcomparison/facebook_graph.php on line 24
what I am missing ? another thing I don't know what to use $my_url
Thanks is advance.
Are you generating the access token via the Graph Explorer tool? If so, those tokens have a 2-hour expiry time.
You can generate an access token with a 60-day expiry time by going through the Facebook Log In / OAuth process, during which you grant your application access to your (or any user's) Facebook user account by clicking the 'allow' button on the authorization dialog. Once you've obtained an access token you can exchange it for a long-lived token.
Details on Facebook OAuth here: https://developers.facebook.com/docs/reference/dialogs/oauth/
A simple way to generate an access token is to use the Facebook OAuth support provided by Temboo. If you just wanted a single token then you can use the Facebook OAuth wizard, meaning that you won't have to write any code to generate the token. Details here: https://www.temboo.com/library/Library/Facebook/
(Full disclosure: I work at Temboo)
I only get this error on mobile devices. The redirect to the login works correctly and the user is redirected back to the app correctly. I get no error. Then, if I access the app a second time (seconds after the first use) file_get_contents throws back a 400 bad request - here's the code - help HIGHLY appreciated :-)
$code = $_REQUEST["code"];
if(empty($code)) {
$my_url = 'https://m.facebook.com/apps/'.$app_id.'/?sid='.$surveyid.'&country='.$country;
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&scope=user_birthday";
echo("<script> top.location.href='" . $dialog_url . "'</script>");
exit();
}
$my_url = 'https://m.facebook.com/apps/'.$app_id.'/?sid='.$surveyid.'&country='.$country;
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;
$response = file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token="
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
$me['id']=$user->id;
$me['gender']=$user->gender;
$me['first_name']=$user->first_name;
$me['last_name']=$user->last_name;
$me['birhtday']=$user->birthday;
Have you checked if the session is available the second time?
I see that the session variable might be missing
Then, if I access the app a second time (seconds after the first use) file_get_contents throws back a 400 bad request
Had you used the PHP SDK instead of doing requests against the API “manually”, you would’ve gotten an exception with an error message that should have explained what’s going on – please consider using it in the future, it makes a lot of things easier, including debugging.
As for the current problem, it looks like you are trying to exchange the code parameter for a new access token every time – but this will not possible any more in the future, see https://developers.facebook.com/roadmap/#december-2012, “New security restrictions for OAuth authorization codes”:
We will only allow authorization codes to be exchanged for access tokens once
For newly created apps, this migration is enabled by default – you can disable it for now, and it should be working as expected. But after Dec 5th 2012, you’ll have to have a solution that works without trying to exchange the code for an access token multiple times.
I just created a Facebook App and I want to:
1. user logs in --> browse and select video --> upload to own wall.
I have a bit of code from Facebook Dev. examples, but I get an error.
After reading and error nature, I can imagine my problem is somewhere here:
CODE:
$token_url = "https://graph.facebook.com/oauth/access_token?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret
. "&code=" . $code . "&type=client_cred";
$access_token = file_get_contents($token_url);
ERORR:
{
"error": {
"message": "An active access token must be used to query information about the current user.",
"type": "OAuthException",
"code": 2500
}
}
any ideas?
Thanks!
It looks like the access token you have isn't valid for the current user.
Must first redirect to FB to get the token using your app id:
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id=".YOUR APP ID."&redirect_uri=".urlencode(YOUR CALLBACK URL).'&scope=email,publish_stream';
Updated
It's likely that you haven't request enough permissions, see the scope parameter, you will need the have permission to publish_stream in order to post a user story.
After you have this code, you need to grab the actual app access token by making arequest to a URL which is something like:
$token_url="https://graph.facebook.com/oauth/access_token?client_id={APP ID}&redirect_uri=".urlencode(CALLBACK)."&client_secret={SECRET}&code=$code";