When I access a page using a web browser, I can see more information from a non-friend of me user than I can see if I try t get information usin Graph API.
For example:
Accessing the page http://www.facebook.com/profile.php?id=100001514767572 I can see, for example, the location where she is living (São Paulo).
But if I tried to get the information using Graph API, I could not see some information for the same user (https://graph.facebook.com/100001514767572?access_token=XXXX).
PS: I already selected all permission when I got access token.
Facebook doesn't want it to be too easy for developers to farm certain information.
Related
We are using azure ad for authentication for our application and dealing with token expiration of Azure Ad.
We need to fetch the list of users who are currently working (logged in ) into the application.
And the list of users signed out(logged off) from the application.
Its like to track the online and offline users on our application.
which Microsoft graph API we need to use . I went thru the Microsoft documentation but couldn't find the API for this use case.
Please share some code or the way I can achieve without storing user session in my db.
I'm sorry to tell you there is no such graph api command as far as I'm aware. like you said the only way to reliably do it is storing user session information on your own.
the only other thing that I can think of that you could do is try to extrapolate login information from azure audit logs, get get an approximation. you can get a list of sign-ins as per this graph endpoint. https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http
There is also the endpoint auditLogs/directoryAudits as per here https://learn.microsoft.com/en-us/azure/active-directory-b2c/view-audit-logs
that may show some information about the id tokens being issued.
other than those 2 options, I don't believe there is any better way at the moment.
After discussion with Microsoft team, We get the input that they don't have any graph api to fetch the active /logged in user list on hosted application.
But we can trace the audit logs api which will help us to get the list of users logged in at certain time. But that list is also not a real time it may have delay of 5 to 10 minutes.
We are going with manually handle the user session details.
pasting below audit log api for reference :
https://learn.microsoft.com/en-us/graph/api/signin-list?view=graph-rest-1.0&tabs=http
https://learn.microsoft.com/en-us/graph/api/signin-get?view=graph-rest-1.0&tabs=http
I am quite new in Facebook application development. I was playing the all day with "how to post a message on the wall of a page?". I finally succeeded but each message got "via Graph API Explorer". I tried to find how to change it to my application name without success. I tried to see if I could force the value of application in the api command but it did not take it into account. Maybe I miss something :( If someone can help, that would be great!
I am still quite confused. Let me try to explain what I want to do: I would like to automatically publish on a page (as the page) some event that are defined on a website (in a kind of agenda). What I miss, I think, is how everything is working together on Facebook side:
1. the login process: as the application will run in a cron, this should not display a login dialog box.
2. the access token: application or page one?
3. the permissions: from my understanding, I need manage_pages (and publish_stream) but not clear how this should be set.
Thx for any clarification and maybe a clear example :o)
You need the user to authorise your own App using one of the Login flows and grant you one of the publishing Permissions -
If it says 'via Graph API Explorer' on the posts your app makes you're using the access token you retrieved when you were testing the API using the Graph API Explorer tool, not one produced by your own app
OK I think I have finally found the way to do it. I needed a page access code and not an application access code. The token must be generated outside the application as a long live one.
Get a code using:
https://www.facebook.com/dialog/oauth?client_id={app_id}&redirect_uri={my_url}&scope=manage_pages,publish_stream
app_id is your application ID
my_url is your application URL
scope is the permission you want to be granted
In the redirected URL, you will have a code parameter. Copy it.
Generate the user access code using:
https://graph.facebook.com/oauth/access_token?client_id={app_id}&redirect_uri={my_url}&client_secret={app_secret}&code={code}
app_secret is your application secret key
code is the code from step 1
You will get as output the user access token. This one is a short live one.
convert the short live to a long live user access token using:
https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id={app_id}&client_secret={app_secret}&fb_exchange_token={short live access token}
Replace the "short live access token" by the one you got on step 2
You will get as output the infinite user access token.
Get the page access token (this one will be infinite access token as
the user access token is now an infinite access token too):
https://graph.facebook.com/me/accounts?access_token={infinite user access token}
Replace the "infinite user access token" with the value you got on step 3.
This command will list all the pages you administer. The output contains the page access token you need in field "access_token". You can so use this token in any API command in your application.
The best of the best is to do all those steps via a server side program (PHP for me) as the application secret key should remain "secret".
Why does the Facebook graph API require an access token in order to access videos for my Facebook page:
http://graph.facebook.com/valleyviewseek/videos
But doesn't require an access token when I try to access the page's albums and photos?
http://graph.facebook.com/valleyviewseek/albums
http://graph.facebook.com/473223039060/photos
Are videos under tighter security than albums and photos? Did I do something in my Facebook fan page permission settings to open up albums and photos but not videos? I don't see anything in the API overview that suggests that these objects are any different from each other.
Is there any way to open up the videos so I don't need a token?
You will notice that Page's videos requires a facebook account:
http://developers.facebook.com/docs/reference/api/page/
videos |
Available to everyone on Facebook |
An array of Video objects
Trying to find the solution to this myself.
See: Applications for a Facebook page
I've been dealing with this issue only on videos as well, and found that you can use the page's access token.
That can be gathered easily via the graph explorer, simply select your app and then be sure to check permissions for "account" and "offline_access"**. The call looks like this to render pages after those permissions have been granted (you must be admin of the page in question):
http://graph.facebook.com/<your facebook ID>/accounts
This can of course be scripted via an SDK, but I've found it easiest to just snag the access token directly out of the explorer's output.
Use the page access token in your videos object graph API call and you will get results. Using PHP I've been referencing the video on the page via its object ID:
$graphCallParams = array("access_token" => <page access token gathered from above>);
$facebook->api('<video object id>', $graphCallParams);
**offline_access will make sure the page access token does not expire, but I still personally do not trust this, and have been thinking about writing a script that does periodic access token validity checks.
I've run into an issue where Facebook is now requesting an access_token for public photo albums as well. Looks like in the last few days they have upped their security.
I want to display a user's wall feed and news feed on my site. How can I do this?
Is there any way to pull the feed without having to get an authorization token?
If I need a token, how do I get that?
The proper (I would go so far as to say "required by Facebook's terms and conditions") way to do this would be to get an authorization token, which involves a pop-up div asking the user if they would like to permit your site (application) to access their information.
You can customize the level of access you'd need and they would be prompted only for that. By accepting, you'd be able to access a token within their cookie. Armed with that token and your application ID and your "application secret" you can make requests to the Facebook Graph API for any data you'd like. (You use the application secret to decrypt the user's cookie, from which you obtain the access token to pass to Graph API requests.)
It's not as simple as just scraping their wall and displaying it, you'd be responsible for grabbing the individual pieces of data and organizing the display.
Edit:
In response to your comment, here is a quick tutorial for working with cookies in .NET. A Google search for "ASP .NET cookies" or "VB .NET cookies" will yield much more as well. There is an example (in PHP) here demonstrating how to decrypt the cookie. I haven't found any .NET examples, but the code here is pretty straightforward. The cookie name is "fbs_" + your application ID.
It appears to be a delimited string, so just read in the whole thing in your debugger and see what the value(s) look like. The value you want appears to be called "sig" (but, again, debug to make sure) and it looks like they're using an MD5 hash to obtain it. You can read up on what the md5() function in the PHP code is doing here and it should be easy to find a .NET analogue for that.
Once you have the access token, it's up to you how you want to get the information. I'd recommend doing it all in JavaScript just to offload the whole thing to the client's browser, not to mention that most samples you'll find online (such as in Facebook's API documentation) will be using JavaScript. But if you want to do it all server-side, Facebook's C# SDK will be of some assistance. You basically pass it the token and the Graph API path you want and it returns a JSON object with all the data.
Greetings,
Using the Facebook API, I have obtained an OAuth access token for a user. I can use it to retrieve information about the user and post to their wall, etc. I'm trying to figure out how to (or if there is a way to) programmatically get a list of pages a user owns (so that they can be presented in a drop-down list on a third-party site). I have been unable to find such a method in the Facebook API, but I'm hoping I've missed something.
Thanks!
Since this question was asked, Facebook has added a new connection on the "User" Graph API object: accounts.
The Facebook pages owned by the
current user. If the manage_pages
permission has been granted, this
connection also yields access_tokens
that can be used to query the Graph
API on behalf of the page. Graph API Reference: User