I'm using the server-side SDK to access Facebook Authentication.
After authorizing my app - even with the included example.php, I can go to App Privacy in settings then click on the app, then See Details in the Last data access section
And the dialog shows:
My App accessed the following information on your behalf:
Basic Information - Today
Likes, Music, TV, Movies, Books, Quotes, About Me, Hometown, Current City, Education History and Work History - Today
My Friends' Current Cities - Today
All I really need from the authentication is the userid and possibly name... I don't care about any other personal info. And yet even the example.php which is really basic seems to be requesting a lot.
Is there another way to authenticate without Facebook thinking I pulled all this data? I don't want users to be concerned about excessive data pulling when I'm not even pulling it.
The Stack Exchange authentication does not have this issue. It might be an issue in the PHP SDK?
The additional entries in the app access log are created for requests to the /me-object without a fields-parameter. So instead of accessing /me?access_token=xxx use /me?fields=id,name,...&access_token=...
Please note that the access log is not deleted when you remove an application. This may be quite confusing during testing because you will see old entries.
Related
I am trying to fetch the latest Facebook posts from our company's page to show them on our website. It already worked until a few weeks ago, Facebook unfortunately changed some of their security guidelines. Initially I sended some requests to the Facebook Graph API using PHP, the App ID, the App Secret and the User Token to create an page accesstoken and fetch my company's posts.
Thanks to the new guidelines new created Apps do not have the "manage_pages" permission you need to create an page accesstoken. To recieve this permission you have to get your App reviewed by Facebook which seems quite laborious to me.
Can you think of another way to fetch my posts? I mean those are posts from a page I created. I do not really understand why there are so many security issues.
Thanks!
You don’t need to get your app reviewed, if it is not intended to be used by the general public.
App Development FAQ: My app is only used by a small number of people, who are all listed in the Role section of the App Dashboard - do I need to go through Login Review?
No, it does not have to be reviewed. If your app is only used by a very limited number of people […] it's completely normal to list them all as having different roles in your app's dashboard. They can be listed as Admins, Developers or Testers
Instead of using "https://graph.facebook.com/v2.8/me?..." to fetch just posts from my own pages I am now using following URL to fetch any public posts:
"https://graph.facebook.com/v2.8/{PAGE-ID or PAGE NAME}?fields=
name,picture,feed.limit(100){full_picture,created_time,message,likes,
comments,type,link}&access_token={USERTOKEN}"
A team of some friends and I have come up with an app/product idea that we have been working on. I have to be vague on exactly what the details are, but hopefully I can explain it well enough to have the questions we have answered.
First, we have a web server with a database - we have developed all of the code for that in PHP. Each user will have a device which when an action is performed on the device, it sends a message to our server, and the PHP code on our server handles the message and stores the sent data in the appropriate fields in our database.
We want to run this through Facebook - we have an app and a Facebook page created for this. The idea is that when a user performs an action on his or her device and the message is sent to the server, the PHP code will automatically make a post on the Facebook page on the user’s behalf (not on the Page’s behalf).
Between all of us on working on this project, we have spent many days and many hours trying to figure out how to make the automatic post to the page. It’s extremely difficult googling this topic since all of the various examples are using different versions of the Facebook SDK (we are using the latest). There are lots of somewhat similar type questions/examples, but we can't find one that answers specifically what we are asking. In fact, we aren’t even sure that anybody but an ‘admin’ can post on a Facebook page with the new SDK, any longer. I do see this link in the Facebook developer section, https://developers.facebook.com/docs/graph-api/reference/v2.5/page/feed, where it says under the Publishing section:
Permissions
A user access token with publish_actions permission can be used to publish new posts on behalf of that person. Posts will appear in the voice of the user.
So, it sounds as if a user can post to the Facebook page if it is given an access token with publish_actions permission, yet we can’t find any example of code of this actually being done. Could anybody explain how to do the automatic posting to the page on a user’s behalf (hopefully, using PHP, since that is the language we are using on the server side), or at least point us to a good example? We are all experienced developers, but this is the first time any of us has done anything with Facebook development. So we certainly aren’t amateurs, but with Facebook development, we are. We may be overlooking something obvious, but after seeing so many links, my mind is jello.
A summary of our questions:
1. Can it even be done with the latest Facebook SDK that a post can be made to a Facebook Page for our product on the user’s behalf? (to be clear, we are talking about the Facebook Page we created for our app, not a user's page)
2. If so, what specific permissions do we need to give the user, just the publish_actions one? We don’t want to give the user too much permission to be able to screw up our page, of course.
3. Can this be done automatically with PHP from the server?
Any help would be GREATLY appreciated!
I need to be able to consolidate all the likes from users that use my Facebook app into an Excel or .csv file. I can have the user authenticate within my Facebook app, but is there a way to see the likes for all users of an app using Open Graph or some other Facebook tool? I'm certain that someone else must have had this problem, and I'm hoping that one of you can help me out!
I've been trying to run FQL queries to bring up likes, but don't have any experience with PHP so it has been miserable so far. Any ideas?
There's no way to retrieve a list of users of your app - you'll need to manually build that as users authorise the app see this question for more information
Assuming you have permission to access a user's likes connection - access /USER_ID/likes and parse the response, saving it to a file in accordance with whatever language you're using's syntax (google is your friend here)
Note that your use of the data is subject to Facebook's policies and user's consent in accordance with your privacy policy and sharing it with third parties may be illegal (i am not a lawyer, this is not official advice, etc etc)
Here is the problem with that the application type does not have a like connection. Application Object GraphAPI This is inconvenient when you are looking to gather data on the users that like it.
OR were you talking about the likes endpoint of the user object? That you can gather but I dont think it is what you are looking for. It is shown here Graph Explorer Example - user's likes
I searched in Stack Overflow, Google, etc, but I can't figure out how to show my stuff from my Facebook on my website. I tried some solutions and each one prompted the login dialog and visitors had to log in and accept my application (I've created one to test).
Many answers here were too generic, I didn't understand them that is why I'm asking.
I want something that would let my website "log in" to Facebook and show my status or photos to visitors without them needing to accept an app or log in into Facebook with their account.
I tried a facebook-php-sdk example with my AppID and AppSecret and it asked me to log in.
Also, github.com/facebook doesn't have an SDK for Python similar to facebook-php-sdk
You could write a script (eg. using the FB PHP SDK) that uses a long-lived access token to fetch your FB data and then store the data in your backend database (or other store for your website). To Facebook, your script will look like an app and your machine will be the only 'user' of that app. Note, long-lived access tokens are good for 60 days max. You could also try using an App Access Token to fetch basic info. App Access Tokens don't expire.
This might not be exactly what you are looking for since you posted this with the php and python tag, but it might solve your problem.
If you're website is powered by the wordpress engine you can use If-this-then-that : https://ifttt.com/
It basically allows you to create "recipes" with something like:
if new status on Facebook then create post on wordpress
The post will not require others to log in to Facebook.
This is without writing a single line of code only a couple of mouse clicks. So I'm not sure if this satisfies your needs.
I have a contest App. And many users have installed the app. I have stored the offline_access tokens of these users. I want to send a message to all users of app at the end of contest. What is the best way to do it. Because when I do it in a while loop the page never loads and browser just shows loading animation gif on tab.
You don't even need the user access tokens to accomplish something similar to what you're trying to do.
First off, mass-wall posting is both a violation of the Facebook Platform Policies (specifically IV.2, IV.3), but it's also really spammy and users will react negatively, probably blocking your app and ultimately it may get banned from Facebook. So don't do that.
Instead, you should utilise the intended social channel for notifying users of new content, App to user Requests.
This is pretty simple to do, as per the Graph API docs for apprequests you just make the following API call:
https://graph.facebook.com/USERID/apprequests?app_access_token=APPTOKEN
Where USERID is each user's Facebook ID and APPTOKEN is always your applications unique access token (see the documentation here if you do not know how to obtain one of those). You will also need to include parameters such as message, which you can read more about in the docs.