I almost have facebook connect working the way I need it on my site, I need to work out a couple bugs still, below is from the facebook connect documents, it list the 3 different URL options below in the settings of FB connect. This could be very useful for me because when a user logs in for the 1st time on my site with facebook, I need to create there mysql profile with profile data from facebook.
Ok so I am a bit confused, I understand a Redirect URL just redirects the browser to a page but you can see that 2 of these links I save below are for a Callback URL, so I take it that facebook post data to the URL's I provide? If I am correct, how can I know what data it post back in the Ping?
1)
Post-Authorize Callback URL: Facebook
pings this URL when a user authorizes
your application for the first time.
You can also call users.isAppUser to
determine if the user has authorized
your application.
2)
Post-Authorize Redirect URL: You can
redirect a user to this URL after the
user authorizes your application for
the first time. You can use this URL
only if the user authorizes your
application through login.php and not
the login dialog.
3)
Post-Remove Callback URL: Facebook
pings the URL when a user removes your
application.
When the user redirects in the browser I can run code like this to get there profile data from facebook but I am not sure about when facebook pings data?
$user_details=$fb->api_client->users_getInfo($fb_user, array('last_name', 'first_name', 'proxied_email','birthday_date', 'sex', 'is_app_user', 'current_location', 'about_me', 'activities', 'interests', 'relationship_status', 'pic_big', 'pic_small', 'books'));
$firstName = $user_details[0]['first_name'];
.....
I don't think I completelly understand your question, so I'll try to answer what I can - if there's anything missing, please comment here and I'll edit the answer accordingly.
You're right assuming that Facebook sends POST data when pinging. So, basically what you'd do on the endpoint given (the url you told facebook to ping) is to read the $_REQUEST dict for the data you want. A list of every parameter Facebook sends on ping can be found here.
What would happen is the following:
User clicks to connect with your site with Facebook Connect
A Facebook log-in page shows a confirmation to the user asking if he allows this operation
If allowed, Facebook sends the POST data to the specified URL asap
The same happens when the user removes herself from your site through Facebook Connect.
Please note that you should validate carefully the data received on your endpoint. Since you're creating persistent data on every post request, at least ensure the requests can only be received from facebook.
Alternatively, you can just redirect the user somewhere after the authorization, call users_getInfo and check if is_app_user is true. If so, you go on creating your entities on your database.
1) Post-Authorize Callback is the url Facebook will POST some data to when a user authorizes your application/site. This is through ANY means, not just through Facebook Connect. You should keep the user ID that is passed with this so you can track which users have authorized your application/site. You can then use the user ID to send messages to (i.e. notifications) the user, typical app-to-user messages.
It's "ping" because Facebook ignores any response you send. You don't respond.
2) After a user authorizes your application, you can optionally have Facebook send the user to this URL. For example, a welcome page and/or introduction. This does not happen under Facebook Connect, only under the Facebook platform.
3) Exactly the opposite of #1. Facebook just lets you know that someone removed/deauthorized your application. Again, you don't need to respond.
Items #1 and #2 is how you keep track of which user IDs have authorized your application. You cannot query Facebook for this.
Facebook writes a cookie under your domain if the user is logged into Facebook and has connected with your site. You can always check for this cookie when a user arrives and log them in automatically to your site. You should verify the cookie data, of course. Instructions for doing that are here:
http://wiki.developers.facebook.com/index.php/Verifying_The_Signature
Related
I have a site that needs to post to a user's Facebook wall right away, and at some later point (which can be anywhere from 1 hour to 3 days later, at any time day or night), post another message to the user's wall.
To do this, I explain clearly to the user what's going to happen, then I connect to their Facebook account asking for publishing permissions (generating the permissions dialog for the user). At that point I can post the 1st message to their wall immediately. Later, when it's time to post the 2nd message to their wall (which again could be any time, the user is long gone), my server will receive a message. I will tag this message with some identifying information (for example, the user's Facebook user ID number) so I know whose wall to post to.
My question is, what specifically do I need to save in my local DB about their Facebook connection, so I can make the 2nd post (at some undefined point in the future, when the user is gone)?
I'm using the FB JS API and using FB.login to log into Facebook with the permissions I need, etc. The server side code is in PHP, so after JS retrieves them, I can send whatever credentials I need to save over to PHP code (via Ajax) to store in the local database.
For publishing the 2nd message, it will be all PHP (using the Facebook PHP SDK) since there is no user at the console/no Javascript involved.
I believe the answer I'm seeking should look something like:
When you initially connect to Facebook and the user grants permission to publish, Facebook will return xyz credential data. You need to store that info in your local database. Use the FB user ID as the key.
When you are ready to publish the 2nd message and your PHP script kicks in, retrieve xyz information from the database (using the FB user ID), then use the xyz call in the FB PHP SDK to actually publish what you want to post on their wall.
Thanks!
The steps are quite straight-forward. Let me explain-
Publishing a post, requires an access token; and once a user has authorized your application to post on your behalf, you can post on his behalf using the app access token. That it! So here are the steps-
When user authorized your app successfully to post on his behalf, just save his/her facebook id in your database.
Use the access token which is nothing but app-id|app-secret(beware, dont expose this on client side ever), to publish on his/her wall. Just like-
$response = $facebook->api(
"/me/feed",
"POST",
array (
'message' => 'This is a test message',
....
'access_token' => "app-access-token"
)
);
But things to consider:
While authorizing, the user may/may not give you the permission to post, you can check that with /me/permissions just after the authorization step; so you should act accordingly.
At any time later, the user can delete your app, or remove the permissions of your app from the app settings. In that case your posting script while give you the authorization error; in that case too handle appropriately.
I have a Facebook Page that I want to get some things from it. First thing are feeds and from what I read they are public (no need for access_token). But I want to also get the events... and they aren't public and need the access_token.
I don't want the user to login in Facebook or anything like that. I just want to push all the data I can from this only page. That's why I already discarded many examples I found here and the one at https://developers.facebook.com/blog/post/500/ , because they want the user to login or require some user action I'm not interessed.
What I want is that my Facebook Application have full authorization and access_token to push the data from this one Facebook Page that I own (admin). Is this possible? I already tried many things but nothing seems to work.
I tried clicking at this: https://www.facebook.com/dialog/oauth?client_id=150635421702954&redirect_uri=http://MY_URL/&scope=manage_pages&response_type=token&fields=access_token - changing MY_URL to my site's and it requests authorization to edit every page I own. Even not being what I want I clicked but had no access_token in return...
Go to the Graph API Explorer
Choose your app from the dropdown menu
Click "Get Access Token"
Choose the manage_pages permission (you may need the user_events permission too, not sure)
Now access the me/accounts connection and copy your page's access_token
Click on your page's id
Add the page's access_token to the GET fields
Call the connection you want (e.g.: PAGE_ID/events)
See here if you want to grant a Facebook App permanent access to a page (even when you / the app owner are logged out):
http://developers.facebook.com/docs/opengraph/using-app-tokens/
"An App Access Token does not expire unless you refresh the application secret through your app settings."
The documentation for this is good if not a little difficult to find.
Facebook Graph API - Page Tokens
After initializing node's fbgraph, you can run:
var facebookAccountID = yourAccountIdHere
graph
.setOptions(options)
.get(facebookAccountId + "/accounts", function(err, res) {
console.log(res);
});
and receive a JSON response with the token you want to grab, located at:
res.data[0].access_token
I am always reading about Facebook and Twitter logins for someones website.
The integration using one of theses services is okay, but my questions is how can I access both API´s for one user.
Example:
User is logged in on my website (active session). Now he somehow has to grant me access to his user details etc. on facebook AND twitter. How do I realize that? I don´t want him/her to type in his facebook or twitter credentials everytime he logs in to get his access token (oAuth).
How do I get my own oAuth user access token after using my websites login, so I can interact with Facebook and Twitter´s API.
Is this correct?
Thank you very much, if you can help me.
Facebook
When someone logs into the Facebook account, they stay logged in until they actively log out.
The way to test for this is:
FB.getLoginStatus(function(response){
if response.status === 'connected'{
// The user is logged in
var access_token = response.authResponse.accessToken;
// Do whatever you need to do
} else {
// Get the user to log in
}
});
See here for more details:
https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
Twitter
The process is a little more complex for Twitter, but if you only want to display tweets, consider Web Intents.
Otherwise, follow these steps:
https://dev.twitter.com/docs/auth/3-legged-authorization
Both platforms have the ability to check whether or not the user is logged in first, so you shouldn't have to worry about someone having to log in every time they use your site. However, you cannot use the same oAuth token on both sites - you must get a separate one for each.
Each individual API will need a popup to authenticate, which will redirect to the appropriate api for authorisation, and then once you have the token after the authorisation redirects back to your popup.
You will then end up with a token that you can pass back to the calling page "window.opener" and store the token for that api in a Javascript variable by alling a Javascript funcation on the main page.
window.opener.getInstagramData("self", oauth_token);
Each authentication needs to have its own token and needs to be a button that the user should click on.
I am using this method to get Facebook, Twitter, LinkedIn Foursquare and GooglePlus account info.
Hope this helps.
I have a fair amount of Facebook development experience, but this had made me pull my hair. It must be something very small, but I can't get it. I recently saw some Facebook pages with welcome tabs that show user's name "Welcome [YOUR NAME]" who visits their page. Example is here:
https://www.facebook.com/Tony.Samaha.Official.Page
As per my knowledge, we cannot get the user id without the permissions by the user. After the permissions we are able to get the user id in the signed request. How do I get the Facebook user id or name, something similar to the above example? How is this working? Can this be achieved?
FYI: I am using iframe tab.
Check out the documentation on signed_requests. When a user visits your application there will be a signed_request posted to your URL. The documentation states :
A signed_request is passed to Apps on Facebook.com when they are
loaded into the Facebook environment
A signed_request is passed to any
app that has registered an Deauthorized Callback in the Developer App
whenever a given user removes the app using the App Dashboard
A signed_request is passed to apps that use the Registration Plugin
whenever a user successfully registers with their app
You will have to decode this request (see the link above for details) and from there you will be able to extract the user_id of the visiting user. Then all you have to do is query the Graph API like this :
https://graph.facebook.com/USER_ID and you will get back the public information for that user which should include the users name.
The user is still using the old static FBML application, so most likely they are using the fb:name tag. Though, I believe this is now deprecated. So really, the page you linked to needs to be updated.
is it possible to save the user details (the Signed request that facebook sends after validation) to a database for future use?
NOTE: i DO NOT mean adding a random signed request, i merely mean the signed request that facebook sends AFTER user has successfully added your app + signed into facebook.
Yes. You can save it. Once it's on your server, you can do whatever you like with it.
Should you? I think not. That data is supposed to only be available to you while the user is using your app.
One thing to note: if you want to make calls to the Open Graph API on behalf of the user, any tokens you use will expire when they log out (unless you have requested the "offline access" permission).
After the user has authorized your app, you should continue to get a "user" object in your signed_request that includes their FB user id.