I have an facebook application which sends links to fan page walls. Everything is working when i call the .php file from my browser but when i call the same page from cronjob it can't run the facebook application because of the authorization problem. I don't want to enter my username/password to the php file. Is there a setting to authorize the cronjob and post to page walls?
I don't think you can authorize any facebook application using cronjobs, you have to authorize manually and then create a cron job with your wall posting link!
cron knows absolutely NOTHING about Facebook and Facebook credentials, and this is a good thing. If you want a script to do things automatically with Facebook, you'll need to embed your credentials in the script, or give the script access to some place the credentials are stored.
If this is a per user thing, you would need to have a user authenticate with your application, and request offline_access extended permission (in addition to other permissions you might need), and store the resulting access token in some kind of database. You could then publish as that user using that access token at any time (unless the token gets deactivated by them changing their password or revoking access).
If you just need to do this for your own account, you would do the same process of getting an offline_access token but you could just embed this access token into the code of your application.
Related
I am creating an application which aims at automatically creating Spotify Playlists in a central Spotify account (not the account of the end users).
I have set up this account and created the developer app for the secret and the client_id.
On the backend side, I am using PHP to authorize this central user, and it is working as long as I am logged in myself with that account.
Users that visit my website should be able to create playlists via that interface through the Spotify Web API without the need to authorize their account nor being logged in at all.
If I'm trying to open the same page on a separate device (without having any account logged in), it just gives me the following error:
User not registered in the Developer Dashboard
Is it somehow possible to perform this authorization process only on the backend side without the need for the user to authorize it?
Eventually, I want to send the playlist URL created in the central Spotify Account to the user who can open it in their own app or share with others, if they want to.
I try to avoid that multiple users must authorize for my app, since I don't need to access personal information from their account, anyways.
I used the 3-step process for authorization as described in this Stackoverflow Post: Spotify oauth2 with PHP curl. How to get authorization code?
If necessary, I will provide more information.
Do you have any idea, how I can implement this authorization process for the single account on the backend side, without the user even showing any authorization process of the Spotify Web API at all?
EDIT1: I am not trying to login on the behalf of my users, just automatically for my own account without the interactive login with Spotify. Is that even possible?
I received valuable feedback from the Spotify Developer Community that helped me finding a solution to the problem.
When you let the central Spotify account login to your app, you'll [get] an access_token (that will expire in 1 hour) and a refresh_token.
When the access_token of that account expires, let your server send a POST request to the Accounts service /api/token endpoint, but use the refresh_token in place of the access_token.
A new access_token will be returned.
A new refresh_token might be returned too. (I don't think that's even needed)
You can read more about it here.
I have an application that needs to be able to refresh the oauth2.0 access token every 59 days through a cron job. I don't want to have the user perform the authenticate again on the front end, I just want this to happen on the backend using a cron. Is this even possible? The main problem with the cron is that to get another valid oauth2.0 access token there needs to be a redirect. Does this redirect send information back to the cron for execution?
Overall, at a high level I only want the user to grant permissions once for my app to get a valid oauth2.0 access token. I will store this in my database and after 59 days and I will execute a cron job to retrieve another one (without the user ever having to do anything). Therefore the app works seamlessly and the user will never have to be authenticated again.
Thanks,
Kyle
I don't think you need a cron job for this. Once you have the initial access token (you might also have a refresh token at that time) you can refresh that anytime, at the same time your app initiates a connection to the external service. So right before you attempt to read or write data from the external service, refresh the token first, then proceed with the API requests.
I'm using OAuth 2.0 Google API for google calendar service authentication. Each time when a users logs in the application, it prompts for Allow access even if the user has already allowed access on previous visits to the application.
How can I code it so that it remember the application and user for allowed access by users in past and so do not prompt for "Allow access" again for that same application.
I assume you are using Google PHP API. Setting client object to use auto for approval promt does the trick for me.
$client = new apiClient();
$client->setApprovalPrompt('auto');
When making the OAuth request make sure your "access_type" request:
"access_type" : "offline"
This means the user gives you offline access, and you can continue to make requests with their account.
Using offline also means you'll receive a "refresh_token". Once your access has expired, your application can automatically trade in the "refresh_token" for continued access, without the client having to "allow" again.
$client->revokeToken($accessToken);
If you are using this line somewhere then removing it might help.
Basically what I've figured out is that if the access token is revoked prior to it's expiration, google takes it as an act to reset the permissions as well.
I might be wrong, but I've have not come across a better conclusion yet.
my company have about a hundred of facebook app and more than 200 facebook pages.
My job is to get via FQL insights all statistics about applications, pages, and domains.
After many tries it seems my code don't work because my app need to have "manage_pages" permission from all facebook pages administrators, because my apps need to impersonate them.
Even if I can contact directly my administrator they need to authorize all my applications for every page one by one.
So I think I have to write a php page able to automatically get authorization from administrators for all pages under their responsibility.
Please consider, I'm able to have a list of all pages id and app id.
Does anyone please suggest me how automatically let applications to get manage_pages permissions in a straightforward way?
Do you know if there are PHP examples?
Thank you for your time
You could do it by automating curling through the login screen. When you go after an authorization token the user is required to enter credentials via a login screen. If you have user/pass words you can curl through it I suppose. While your getting permissions make sure to get the offline access permission too, so that you receive a persistent token that can be used when the account is not logged in. Good luck.
Edit: The last time I did this, I kept notes on the whole authentication process if you want a copy PM me and I'll email them to you. They are step-by-step getting authorization tokens to write to a fan page.
Use the JS SDK to login the admins into your app, with the offline_access and read_insights permission.
The read_insights permission will allow you to access the insights for each page and application.
The offline_access will give you a permanent access_token that you can use to update the insights without having to wait for the admins of the pages and apps to log-in again.
Store the insights in a database, so you can keep the insights in memory without having to query the APIs all the time (it's time consumming)
It's basically what Social-Insights is doing (http://insights.social-insights.net/) and it's workign pretty good.
I'm currently working on adding Facebook integration into a website of mine via the PHP SDK. I'm requesting and planning to use the offline_access permission so I'm storing the access_token in a database. However, I'm giving the user the option to remove the integration with Facebook after they add it and therefore then removing this access_token from the database. This is where the issue comes in:
The first time they add the integration, my app redirects to Facebook correctly and asks for the permissions, etc. Then, however, if they remove the integration and then re-add it, it doesn't ask for the permissions again (which makes sense since those permissions are still technically given to my app on that user's profile unless they went into Facebook and manually deleted them).
My question is if theres a way to tell Facebook to remove my app and its permissions from that user's Facebook profile so that if they go to re-add the integration, they are once again prompted to accept the permissions.
Perhaps something like $facebook->expireAllAppPermissions() I guess.
You can issue an HTTP DELETE request to /PROFILE_ID/permissions to revoke authorization for an app.
this is because you are just deleting access token from your data base , it will not remove your app from user profile. user is still authenticated with your app. he has to remove the app manually.