I made a application which shows facebook group wall on the other website. I would like to know if it is possible that users which comes to this other website don't have to grant their permissions. The facebook group is public and everything is shared without any special permissions. Also would like to know if it is possible to show group wall feed without user logged in?
Do you have any solutions?
"The facebook group is public and everything is shared without any special permissions."
One of the strange things about the Graph API, to get public information from much of it, will require an access token, even though that information is "public". I've scratched my head about that for a long time, and haven't come up with any other answer than "the API is provided by Facebook and we must play by their rules when in their sandbox".
So, you will need to get an access token from at least one person to do what you are requesting. (At least you wouldn't have to ask every user!)
You will need to ask your user for user_group access and then you can grab {group_id}/feed. What you might want to do is get a non-expiring token from one of the original members or even yourself by requesting offline_access. Then always use that token to get the feed. (Remember, when you change your password, the offline_access token will be invalidated and will need to get a new one).
Related
I am trying to access the student list endpoint for Google Classroom.
I have successfully obtained my OAUTH2 token, I have requested the following scopes:
userinfo.email
userinfo.profile
classroom.profile.emails
classroom.courses.readonly
classroom.coursework.me
classroom.coursework.students
Every time that I try to retrieve the class list I am getting a 403 Permission denied and I'm wondering what I'm doing wrong.
Two things to mention: Here is a screenshot showing the permissions I have granted:
And, interestingly, even after having added the permissions, on the google project page where it lists the number of users using sensitive scopes - it is listed as zero (which is odd, I'd have thought it should be 1)
Any pointers would be really helpful!
Not a very satisfactory answer, but, if I add the https://www.googleapis.com/auth/classroom.rosters.readonly scope, then it allows me access and returns the email addresses at the same time (when calling the v1/courses/{courseId}/students endpoint)
If however you only have the rosters scope, then you can still access the v1/courses/{courseId}/students endpoint, but, you just don't get the email addresses returned.
Quite confusing to me.
So, I have my web app connected with Foursquare API up and running. It has it's own secret keys and everything. It listens to the incoming push notifications and trying to react on connected users's checkins. So far so good, however, when I'm trying to post something back on user's checkin via one of these:
checkins/reply
checkins/addpost
checkins/addcomment
I got 403 Forbidden error. I know, that I'm messed up something with OAuth tokens but I'm really stuck here and feel a bit puzzled. I try to summarize what's the current status and what I've tried so far:
I Have the App's: clientId, clientSecret, pushSecret
I also connected the Foursquare Account on which the app is creared into my web App, so I get the accessToken, let's name it: appAccessToken
Users are getting registered to my web app, so I get userAccessToken for one of each.
And here we go:
Trying to reply for a user's checkin fails when I'm using appAccessToken. From what I understand, it's like replying on behalf on my App's account, and since that account isn't on the user's "friend list", I get 403.
On the other hand, I'm able to post reply when I use userAccessToken but then, It looks like the user is commenting itself on their own checkins which dosn't have much sense.
I was even so desperate that tried to use clientSecret but no avail...
Can anyone point me out what am I doing wrong here? From what I understand from the Documentation it is, in fact, possible to reply as an App... The only question is, how? :-)
There's ostensibly no difference between the two "types" of access token you describe: appAccessToken and userAccessToken are really two instances of the same thing (a user's access token), one just happens to be associated with the user account that created the app.
For each check-in you are pushed, you should use that user's access token when making a call to checkins/reply. This will reply to the check-in in the style of our Apps Platform. I think in your second comment, you're using the user's access token to add a post to the check-in, which will make it look like the user is commenting on their own check-in.
I am a new member of a team at my company reviving a legacy product that had Facebook integration, and we wish to continue developing the Facebook side of things, but we can't seem to find the credentials for logging into the app, or even who has access to it.
The app we are trying to recover is "HaloMobile". One thing to note though is the app name on posts is no longer a link. Does this mean the app has been disabled somehow?
I'm obviously not asking for credentials. At this point I'm just trying to "find" the app and possibly determine who is currently assigned as the administrator role, or what my options are. If there is an email address associated with the app, perhaps we can send a transfer request to that email?
If you could get retrieve two piece of information from your code-base, which are App ID and App Secret then you can retrieve the list of roles assigned in app using the following end point,
https://graph.facebook.com/<App_ID>/roles?access_token=<App_ID>|<App_Secret>
And once you know the role, along with the user Ids of the user assigned to it, you can move forward to recover the App by contacting him.
Also, you might want to give this documentation about Application a look, which lists out various fields you can retrieve for getting the required information to get access to your application back, like user_support_email
https://graph.facebook.com/<App_ID>?
fields=name,description,creator_uid,user_support_email
&access_token=<App_ID>|<App_Secret>
So when you put the login button plugin on an app it seems to display the user's friends that are using said app. It displays this even to users that have NOT allowed the app access yet. For example, if you go to "Henry's Cooking App" but have never Logged into the app thru facebook, it will still show you your friends that are using the app.
What I'm trying to do is use this feature to grab an array of fb-userids from the plugin so I can do a query on my DB to show the POTENTIAL user a little more info. For example let's say you have 2 friends that already use "Henry's Cooking App": Joe and Karen. If I could get their userid I could then show you something like "Joe just cooked Veal Scallopini, and Karen is perfecting her Tonkatsu Curry".
I know you could do this easily IF you had the authentication token, but that is only obtained after the user logs in. I'm trying to leverage the fact that fb seems to think it's OK to show your friends that are using the app BEFORE you sign up for the app.
The only super hacky way I could think of to do it is the fact that I could pull the href attribute of elements matching $(".uiFacePileItem a") which gives a link to the user profile which I could then grab the username or UID from. This seems like it could break easily though, anyone have a better idea? Thanks!
The only super hacky way I could think of to do it is the fact that I could pull the href attribute of elements matching $(".uiFacePileItem a") which gives a link to the user profile which I could then grab the username or UID from.
You can’t do that, because the Facebook login dialogs are not running under your domain – so the Same Origin Policy prevents you from interacting with the DOM of these dialogs.
I'm trying to leverage the fact that fb seems to think it's OK to show your friends that are using the app BEFORE you sign up for the app.
Well, it’s certainly (more) OK if Facebook does that – because that doesn’t give any information away to third parties (meaning you as the app developer/provider) – only the user sees that.
It would not be OK if Facebook would let you access this info, at a point where I haven’t even decided to use your app yet – totally a case of „none of your business”.
After I decide to use your app, you may have access to certain information. Before that – No Way, José.
I am thinking of tying in a Facebook JavaScript-based application with an existing website that has it's own user accounts, but have a question about a specific user situation.
The website is run almost 100% of the time from 'shared' computers, like those found in a career center. User A comes to my website, signs into the site and then authorizes the Facebook app, which stores their session in the browser, along with, effectively, signing them into Facebook.com.
User A now leaves my application by signing out of my site - but not closing the browser.
User B arrives, logs into my site with their login, but the Facebook session is still active (due to the browser staying open), so any FB app integrations I've included will show as if it is still user A, correct?
So the question is, what are the recommended ways to deal with this? Two options come to mind:
When the user signs out of my website, I fire an FB.logout call, so that all of the sessions are killed. Pros - I can ensure that user's signing into the site will not have old sessions hanging around. Cons - a user who is returning shortly after leaving will have to re-login to FB as well as my site to see the FB integrations - I'd love to avoid the user ALWAYS having to do two logins. Secondly, forcing the FB.logout when they leave my site kills any active sessions they have at facebook.com, which makes for a bad user experience as they would not 'get' why logging out of my site has anything to do with facebook.com, and will then have to re-signin to facebook.com.
The second option would be that when the user authorizes the FB app, I take their member ID and store that locally and persistently (database). Then, when a user returns to the site and signs in, I check their FB auth status, and if logged in to FB, pull their member ID and check it against the one I have stored locally. If they match, I have the correct user, if not, I do FB.logout and have them sign in to FB. Pros - this should ensure I always have the correct user to the site. Cons - not sure if getting, storing the member ID is feasible.
Any suggestions or pointers to the 'best practice' when it comes to ensuring that the current user is indeed the one associated with the FB account, specifically in this 'shared computing' situation where sessions may overlap?
Thanks
The second option looks to me to be the better choice. You can indeed store the users facebook id. By storing it locally i'm assuming you are talking using a cookie; however storing in a database is just as feasible.
Facebook user id's should be stored with a BIGINT(20) data type - such are the recommendations from facebook.
Taken from the user section of the facebook api refrence :
Looks like they changed their recomendations...