I am a bit of a catch 22 situation here.
When you load your app into a tab and ask for permission you need to send with it a callback url.
The callback url is a bit of a mission because on a page http://www.facebook.com/pages/<PAEG NAME>/<PAGE ID>?sk=app_<APP ID> the only way to get the <PAGE ID> is to get it out of the signed request:
parse_signed_request($_REQUEST['signed_request'], $APPSecret)
which you can only do when the user has given permission. And you need the ID to be able to get the <PAGE NAME>, which basically means I cannot construct the callback url...
Does anyone know of a better way or different way to Ask for permissions immediately as the page loads and then reload the page?
It seems that you are a bit confused, here are some points:
Your callback (redirect) url should be something relative (or identical) to the Tab url you specify in the application settings. Something like:
http://www.example.com/canvas/tab/index.php
So no need for the page id.
Even if the page id is not needed, you'll still receive it (even without authorization) in the signed_request!
Read the Facebook documentation related section carefully:
When a user selects your Page Tab, you
will received the signed_request
parameter with one additional
parameter, page. This parameter
contains a JSON object with an id (the
page id of the current page), admin
(if the user is a admin of the page),
and liked (if the user has liked the
page). As with a Canvas Page, you will
not receive all the user information
accessible to your app in the
signed_request until the user
authorizes your app.
So the thing that you'll not receive is the USER ID not the page id which is kind of obvious since the admin "allowed" the application.
Hope this will clear things out for you.
Use JavaScript SDK
http://developers.facebook.com/docs/reference/javascript/
And use this allow dialog
http://developers.facebook.com/docs/reference/javascript/FB.login/
This way you don't even need to refresh.
Also, you can get page_id in signed_request even without user allowing it. You're talking about user_id and oauth_token which won't get passed unless signed-in user doesn't allow your app.
Related
I'm relatively certain after reading the facebook Open Graph documentation that I can't have a web site 'subscripe' to a public page, unless that page installs my app. Let me know if that is wrong.
What I am trying to make is a photo gallery, pretty simple, but it grabs photos from a public 'page' such as a college or university.
I would like it to update itself anytime there is a change. I was hoping I could do it through the API, possibly using API updates/subscription
Facebook App Subscriptions -
but I don't think that will work. I'm using PHP, are there other ways to listen and see if there has been a change? Other than just firing off a function every now and then, using CRON or some other such server tool. I would think that facebook would probably also not like that behavior, though I'm not sure.
As of right now, I am able to grab JSON from a public page's photo gallery using the API and the photo gallery works just fine, I'm mostly just wondering what the optimal of having it update itself automatically is.
You are correct in assuming that real-time updates for pages require admin access to the page to work. You need a page access token to be able to subscribe to updates for a specific page, and such a page access token you can only get from users that have admin privileges for that page. (The page does not need to install your app as a tab any more, they changed the subscription process in that regard; but the page access token is still necessary. Basically you can say, you can not subscribe to updates for just any arbitrary page, it has to be “your” page.)
Apart from that, all you can do is check for new content by requesting the current data in a sensible interval.
you need to get page access token, which is granted when the user is one of the Page Admin, check the documentation on Facebook
https://developers.facebook.com/docs/graph-api/reference/page
look for this line
"access_token": "The access token you can use to act as the Page. Only visible to Page Admins"
There is so much documentation on facebook apps, both through the official docs and through discussions, however I still cannot find a solid answer to this.
I have a facebook tab app that should have 3 pages: a landing page that requires no authorization, an interior page that does require authorization, and a final page that displays the results of what happened on page 2 (also requires authorization).
My plan was to simply POST data between each page and dynamically include files based on a variable. The problem, however, is that I lose my signed_request after POSTing. Should I just use 100% AJAX to load new pages and post back to the server? Thanks.
When user loads your canvas url: https://apps.facebook.com/your_app, in both case you'll get signed_request by authorized user and non-authorized user.
But if user auhtorized signed_request will included user's facebook id and access token to query on graph api.
By using facebook javascript api, you'll get cookies including signed_request.
For the first page load, by signed_request you recognized the user.
For successive calls you use cookie
For your case:
Landing page: you got signed_request "anonymous"
Page 2:
Either you can ask authorization by javascript methods then you got cookies
for successive pages you can do whatever you want
Or you can redirect to authorization page and at the returning you got signed_request including users info and access token, for next page either you pass it by http param or by cookie written by you or by cookie written by facebook javascript sdk
.
Note: sorry for long answer :/
I have an app that creates dynamic pages for users with like buttons.
The button works on all of the pages, but when I refresh the pages some of them don't "remember" the like count (or that I liked the page a second ago), while others work perfectly.
Here's an example of a page that remembers the like count: www.teespring.com/teespring
And one that doesn't work: www.teespring.com/brownrugby
The problem lies the value of the meta tag fb:admin. Here is what you have published -
"102628019845885" is not a valid Facebook user id. Please correct it and your users would be able to "Like" your page.
Well, you can debug such issues yourself, just go to Facebook tool - http://developers.facebook.com/tools/debug
I figured it out earlier today after spending few hours while debugging a similar issue for my app http://www.jokeshive.com
If you monitor your network traffic while you click the like button, you can an XHR request to Facebook to create the Like for the user.
You will see when you click the like button, Facebook makes this request, and returns a JSON string with the status. Yours actually fails and here's the relevant part of the returned response.
"payload":{"requires_login":false,
"error_info":{"brief":"App ID does not match domain",
"full":"The app ID specified within the \"fb:app_id\" meta tag is
not allowed on this domain. You must setup the Connect Base Domains
for your app to be a prefix of http:\/\/teespring.com\/brownrugby.","errorUri":"\/connect\/connect_to_node_error.php?
title=App+ID+does+not+match+domain&body=The+app+ID+specified+within+the+\u002522fb\u00253Aapp_id\u002522+meta+tag+is+not+allowed+on+this+domain.+You+must+setup+the+Connect+Base+Domains+for+your+app+to+be+a+prefix+of+http\u00253A\u00252F\u00252Fteespring.com\u00252Fbrownrugby.&hash=AQAacTBYi-g6Czel"},
From this response, it seems like there's an issue with the domain configuration of your application, or the app id configuration of your open graph object pages.
Hopefully this helps and points you in the right direction.
I am developing a tab based Facebook application that lets the users add custom tab to their page. I want to add a link for page admins to edit the tab, but the problem is how to get if the logged in user is a page admin?
I know how to do this is the old API, which are to be deprecated soon. I am using the new Graph API and new JavaScript SDK.
Don't know how to do it with that.
Take a look at the fb_sig_is_admin parameter which is 1 when the user is an admin.
Unfortunately you won't know who the user is with a tab until they interact, so the usefulness of the Graph API is limited.
I think there is a better way for that, a few days ago FB started supporting iframe on tabs,
From the facebook documentation
Blockquote
When a user navigates to the Facebook Page, they will see your Page Tab added in the next available tab position. Broadly, a Page Tab is loaded in exactly the same way as a Canvas Page. When a user selects your Page Tab, you will received the signed_request parameter with one additional parameter, page. This parameter contains a JSON object with an id (the page id of the current page), admin (if the user is a admin of the page), and liked (if the user has liked the page). As with a Canvas Page, you will not receive all the user information accessible to your app in the signed_request until the user authorizes your app.
Blockquote
This is the URL:
http://developers.facebook.com/docs/guides/canvas/#tabs
I want to display a different message if a user is currently logged in to facebook and likes the current page. I understand:
FB.Event.subscribe('edge.create', function(response) {
// you like this
});
Which will fire when a user likes the page, but when you reload the page how do you determine they already like the current page?
Thanks!
I'm pretty sure you cant do what you want (in this context).
Take a look at this page : http://fbrell.com/fb.api/does-like
You'll see you need the user to approve a permission to view the likes.
It's a huge security risk to allow someone to see the 'likes' of a user - even for the current page. Think about it you can easily spoof the current page and pretend to be any page.
BUT...
What I recommend you do is just set a cookie for your own benefit (in javascript) when the user 'Likes' your page. Assuming you're getting a large percentage of your 'Likes' from this page then you can safely correlate the presence of the cookie with a 'Like'.
I've seen some security exceptions doing this, but it seems to work (at least in Chrome).
Sense you describe the page as "current page" I understand that it is in an iframe tab. If this is the case, signed request supplies you with that information as $decode_signed_request = array('page' => array('liked' => true/false)).
Otherwise you can supply a canvas page with the GET parameters fb_page_id, which should include the parameter fb_sig_added to the server request with a 0/1 depending on if the user is a fan of that page. (This may require disabling OAuth 2.0 in your migration settings)
If you are talking about the like social plugin with an open graph url, you can not readily find out if the user is a fan without an application installation. If you do have that you can do an api call to /me/likes which will return a list of all the likes that user has, and search for the id of the object you are testing for.
You're safer using the Graph API since Facebook is in the process of deprecating their REST API. So to get if a user likes your page, you will need the page ID and the access token of your app.
https://graph.facebook.com/me/likes/PAGE_ID?format=json&access_token=ACCESS_TOKEN
Where PAGE_ID is the page id you want to check.
and ACCESS_TOKEN is your apps access token.
From the Graph API you can get the likes of a user by his id, as:
https://graph.facebook.com/ID/CONNECTION_TYPE
so for getting the likes you put your access token and:
https://graph.facebook.com/me/likes?access_token=2222222222222222
then look for your page if it is liked or not.
However you can always try FQL queries which i didnt try for Likes actually.
I hope that helped.
save user id or third_party_id in database when the user liked the link
to Get third_party_id
graph.facebook.com/me/?fields=third_party_id&access_token=xxx
https://graph.facebook.com/{FB_USER_ID}?fields=likes.target_id(167584559969748)&access_token={VALID_ACCESS_TOKEN}
shows data if that user has liked that Facebook fan page.
or
https://graph.facebook.com/{FB_USER_ID}?fields=likes.fields(link)
shows a list of liked links, from where you can get the link you are looking for.
All of these need 'user_likes' and/or friend_likes permissions.