I've been trying for couple days now without luck, I managed to use the example.php that comes with PHP-SDK and worked perfectly. I just need to store the returned session and use it later on so I could access without re-authenticating.
I tried storing the sessions in a serialized field in a database and then, restoring the data, unserializing it and using setSession function in the php-sdk to retrieve the authentication. Unfortunately, that did not work,
Here is a link to a previous question with the code samples..
Facebook OAuth retrieve information based on stored session
Please advice?
Update: Offline Access in now deprecated. Use something else instead.
If you want to use the access token of the user even after he has logged out of your app, you have to ask for the offline_access permission.
With the Facebook PHP SDK v3 (see on github), it is pretty simple. To log someone with the offline_access permission, you ask it when your generate the login URL. Here is how you do that.
Get the offline access token
First you check if the user is logged in or not :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
$user = null;
}
}
If he is not, you generate the "Login with Facebook" URL asking for the offline_access permission :
if (!$user) {
$args['scope'] = 'offline_access';
$loginUrl = $facebook->getLoginUrl($args);
}
And then display the link in your template :
<?php if (!$user): ?>
Login with Facebook
<?php endif ?>
Then you can retrieve the offline access token and store it. To get it, call :
if ($user) {
$token = $facebook->getAccessToken();
// store token
}
Use the offline access token
To use the offline access token when the user is not logged in :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$facebook->setAccessToken("...");
And now you can make API calls for this user :
$user_profile = $facebook->api('/me');
Hope that helps !
Related
I need to read the posts on facebook. I had create the application and the program works if I log with my credential. But when I log with another credential ( like another profile that I have just created) the program doesn't work anymore. This is my login page:
$config = array(
'appId' => APPID,
'secret' => APPSECRET,
'allowSignedRequest' => false // optional but should be set to false for non-canvas apps
);
$facebook = new Facebook($config);
$user_id = $facebook->getUser();
if(!empty($_SESSION)) {
if($user_id) {
try {
$user_profile = $facebook->api('/me','GET');
$login_url = $facebook->getLoginUrl(array('scope' => 'user_posts'));
$access_token=$facebook->getAccessToken();
$facebook->setAccessToken($access_token);
} catch(FacebookApiException $e) {
error_log($e->getType());
error_log($e->getMessage());
}
}
} else {
$login_url = $facebook->getLoginUrl(array('scope' => 'user_posts'));
header("Location: ".$login_url);
}
when I login I obtain the access token and I call graph api:
https://graph.facebook.com/******/posts?access_token=**
This is operation work if I m who is logged in the application. If another login in the app this is not work.
Maybe it's a authentication problem. Maybe I forget some operation that I must do to authentica with another account. Anyone can help me?
You need to submit your App to Facebook then Facebook will check and pass you app then you can access you app other account. If you want to check App Functionality you can use Facebook App test user Id. Below I have Explained how to get test user
Goto App Page.
Click on Roles.
Click on to Right Corner Test users.
It will show your test user details.
Use this details and access you App.
You have to make your app public for all users from here: https://developers.facebook.com
have a look on it:
Use /me/feed instead of /me in your API call
see example below
Permissions
Your app needs user_posts permission from the person who created the post or the person tagged in the post. Then your app can read:
Timeline posts from the person who gave you the permission.
The posts that other people made on that person Timeline.
The posts that other people have tagged that person in.
If you attempt to read data from a feed that your app has not been authorized to access, the call will return an empty array.
please read this thread https://stackoverflow.com/questions/30719556/read-post-from-facebook-home/30732874#30732874
READING
/* PHP SDK v4.0.0 */
/* make the API call */
$request = new FacebookRequest(
$session,
'GET',
'/me/feed'
);
$response = $request->execute();
$graphObject = $response->getGraphObject();
/* handle the result */
I am useing facebook sdk and getting list of my friend but its getting when i login or i need to update url can i get list without need of login my sample code is this
<?php include('src/facebook.php');
$facebook = new Facebook(array(
'appId' => '',
'secret' => '',
'cookie' => true,
));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/vikas.gautam.332/friends');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
$vikas = $facebook->api('/vikas.gautam.332');
if ($user): ?>
Logout
<?php else: ?>
Login with Facebook
<?php endif ?>
<?php if ($user){?>
<img src="https://graph.facebook.com/<?php echo $user; ?>/picture">
<pre><?php print_r($user_profile);
?></pre>
<?php }?>
<img src="https://graph.facebook.com/vikas.gautam.332/picture">
<?php echo $vikas['name']; ?>
I believe you cannot get any data without access token and to get access token you need to login. Therefore, you still need to login. In short, it is not possible.
This is from Access Tokens - Facebook Developer
An access token is a random string that identifies a User, App or Page
session and provides information about granted permissions. Access
tokens are obtained via a number of methods, each of which are covered
later in this document. The token also includes information about when
the token will expire and which app generated the token. Because of
privacy checks, the majority of API calls on Facebook need to include
an access token. There are different types of access tokens to support
these various cases:
User Access Token – This kind of access token is needed anytime the
app calls an API to read, modify or write a specific person's Facebook
data (their profile, photos etc.). This can be thought of as a limited
and time bound permission that someone grants the app. In essence it
is a temporary password that the app can use on behalf of the person.
User access tokens are generally obtained via a login dialog and
require a person to permit your app to obtain one.
I am doing a Canvas app inside the facebook page.
My very simple question is this: With the newest facebook SDK (just downloaded today), if a user has not yet granted access permission to your app, will the facebook class within the SDK automatically determine that and attempt to get authorization?
I can manually get auth for my app by going here:
https://graph.facebook.com/oauth/authorize?client_id=<myClientID>&redirect_uri=<myRedirectURL>&type=user_agent&display=page&scope=publish_stream,%20user_about_me,%20user_likes,%20email
That all works just fine... but when I attempt to do what the example.php does in the SDK, it returns an error:
Fatal error: Uncaught OAuthException: Invalid OAuth access token signature. thrown in /public_html/bridge/base_facebook.php on line 1107
Thus my question is: Am I supposed to be getting a valid OAuth access token, or am I setting up the facebook PHP SDK wrong?
Here is my complete PHP code that generates the error:
<?php
require 'facebook.php';
$facebook = new Facebook(array(
'app_id' => '<my app id>',
'app_secret' => '<my app secret>',
));
$user = $facebook->getUser();
$jared = $facebook->api('/jaredmark');
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
// Login or logout url will be needed depending on current user state.
if ($user) {
$logoutUrl = $facebook->getLogoutUrl();
} else {
$loginUrl = $facebook->getLoginUrl();
}
This code is essentially a direct copy/paste from the example, with a few minor edits.
It doesn't seem to be the case that the PHP SDK will display an authentication pop up without you manually causing it to do so by redirecting to that specific page. sigh
I'm trying to use the Graph API and the PHP SDK for Facebook to try and return the current users name, but I'm only having luck with it displaying my name. This is pretty straight forward and someone that knows the Graph API shouldn't have any problem helping me out just by looking at the code I'm using.
require 'facebook.php';
$appid=get_post_meta($thisID,'_EFBPDAppID',true);
$appsec=get_post_meta($thisID,'_EFBPDAppSec',true);
$facebook = new Facebook(array(
'appId' => $appid,
'secret' => $appsec,
'cookie' => true
));
$user = $facebook->getUser();
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
And then I use this: echo $user_profile['name']; to display the users name, but it is only displaying my name. On any other profile it just shows where that variable is as blank. On my profile, it shows my name. I also used print_r($user); and it is displaying my ID, but for any other profile it displays 0.
Do users need to authenticate themselves or should there already be a session with this info? How do I get that session info if there is one?
Anyone who can help out I would be very grateful. Thanks.
For security and privacy as well, Facebook users must login and allow the current application to have access to their account information. You can accomplish this using different SDK. Most people use Javascript but I persoally prefer PHP. As simple implementation in HTML is shown below:
Login to Facebook
It will generate something like:
Login to Facebook
you should be able to access the user's information after that process using Graph API.
$fbuser = $facebook->api('/me');
echo "Hello ".$fbuser['name'];
Let me know if works for you.
http://www.9lessons.info/2011/02/login-with-facebook-and-twitter.html
Your user must authenticate the application that your going to create.
After that facebook will redirect with the access_token (and the process is called as callback.)
Save the access_token and user id so that you can access data or Post message automatically without login into the facebook.
I've got the rectification for your problem. I use a simple Facebook application. It works but under development.
You must authorize the user first and get his user ID. After that just replace the "me" by user_id, and you are done.
<?php
require_once 'facebook-php-sdk/src/facebook.php';
$facebook = new Facebook(array(
'appId' => '[your app id]',
'secret' => '[your app secreat]',
'cookie' => true,
));
// Then authorize the current user in the way you desire
// get his user_id
$user_profile = $facebook->api('/[the user's user id]');
echo $user_profile['name'];
?>
I am building a web app (PHP) that uses FB connect. I successfully register / sign in user with the help of the PHP lib provided by facebook. Also I can post to wall, using this code
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYPEER] = false;
Facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYHOST] = 2;
$facebook = new Facebook(array(
'appId' => $fb_key,
'secret' => $fb_secret,
'cookie' => true, // enable optional cookie support
));
$session = $facebook->getSession();
if ($session)
{
$facebook->api('/me/feed', 'POST', array('message'=>$message, 'link'=>$link['href'], 'name'=>$link['text']));
}
However, if I manually go to my browser's cookie manager and delete the cookie that stores FB session, the code doesn't work. The only thing I have is user's FB ID which I store in DB. Is there any way to post to user's wall even if FB sessions is lost? Does it make sense to store user's FB access token in DB to post to wall later or is the access token relatively short-lived?
Here's an example situation that might happen in my app:
user clicks fb button, authorizes my app, gets redirected back to my site where I automatically create an account based on data provided by FB, also I store user's FB ID so that I could sign in this user later. Now he browses site, enters some info and this info gets posted to his wall. Everything is fine so far because user's browser holds the cookie created by FB. Now user leaves the site and contacts site admin. Admin opens his own browser, goes to admin interface and posts something on behalf of this user. Now, having that user's FB ID and assuming that user hasn't revoked permissions, can I still post this to his wall?
With the Facebook PHP SDK v3 (see on github), it is pretty simple to ask and use a user offline access token. Here is how you do that.
Get the offline access token
First you check if the user is logged in or not :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
$user = null;
}
}
If he is not, you generate the "Login with Facebook" URL asking for the offline_access permission :
if (!$user) {
$args['scope'] = 'offline_access';
$loginUrl = $facebook->getLoginUrl($args);
}
And then display the link in your template :
<?php if (!$user): ?>
Login with Facebook
<?php endif ?>
Then, when the user is logged in, you can retrieve the offline access token and store it. To get it, call :
if ($user) {
$token = $facebook->getAccessToken();
// store token
}
Use the offline access token
To use the offline access token when the user is not logged in :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$facebook->setAccessToken("...");
And now you can make API calls for this user :
$user_profile = $facebook->api('/me');
Hope that helps !
UPDATE: This answer is no longer valid as offline_access is deprecated.
You need to request the offline_access permission. Check the permissions doc.
EDIT Per the update and comments - some info on the removal of the offline_access can be found here.