Greetings,
Using the Facebook API, I have obtained an OAuth access token for a user. I can use it to retrieve information about the user and post to their wall, etc. I'm trying to figure out how to (or if there is a way to) programmatically get a list of pages a user owns (so that they can be presented in a drop-down list on a third-party site). I have been unable to find such a method in the Facebook API, but I'm hoping I've missed something.
Thanks!
Since this question was asked, Facebook has added a new connection on the "User" Graph API object: accounts.
The Facebook pages owned by the
current user. If the manage_pages
permission has been granted, this
connection also yields access_tokens
that can be used to query the Graph
API on behalf of the page. Graph API Reference: User
Related
Account Linking provides several ways of linking users to their own accounts such as their Google account or Twitter account.
I chose OAuth in Actions on Google website to do OAuth 2.0 Authorization Code Grant for obtaining access token in exchange for data resources. When I linked a user to a Google account Google Sign-In enabled, the fetching of user information was easy because the data is stored under payload, but OAuth implementation does not seem like it produces user data under payload inside User object.
So should I make an API call to the third party to fetch the user data and store that personal data to a database in this case? I wondered if there is a way that Google prepares on behalf of developers. If not, then greeting a user who visits my app again by saying 'Hello, {person name}' gets tedious...
You have two options with Account Linking.
In the case you describe, you're providing an OAuth endpoint and getting an auth token from the Assistant, and you are responsible for taking this token and using it to determine who the user is so you can get whatever you know about him. The token is one that you issue and control, so presumably you have that info in your database already. If you are reusing a token from another service, that service should be able to tell you who they are.
It sounds like you're using using a Google Sign In, however, in which case it is easier to use Google Sign In for Assistant. Once the user has signed into your service (either through an app or webapp) and granted permission to your service, then they will also be able to gain access through the Assistant. You will get an id token which can be decoded to get profile information about the user including their Google ID and name.
I'm making a website for a football club. they have one google calender (and just one google account). on the website I'd like to have a list of upcoming events. So I've to access to Google Calendar via Google API. For Authorisation I've to use OAuth2. Is it possible to login with OAuth2 automatically so that the website visitors don't have login always via redirect (to google login site)? For example I make a the login via Java, instead of a user login? Because it's no so comfortable if every user of the website have to login, for just viewing the club calendar.
Not sure it is possible,
Important note concerning your design: if you login automatically to the club's account, it means that everyone that uses this website is logged in to Google Calendar on behalf of the club's user name. hence, everyone can CHANGE the calendar, delete events, etc.
Are you sure you want this to happen?
(you can set the login params to "read-only", but even then, it means that the club shows ALL his calendar to everyone. there is no privacy...)
I suggest that every user logins with his own creds, and the club's calendar can invite all registered users to his events....
Of course, you can do it, and even without giving the access to the visitor if you're doing this on the server side.
You need to do a initial step by hand.
After this step you get a refresh token, with this token you can regenerate the access token which you need to access to the calendar API, for instance to get the upcoming events.
You need to regenerate the access token if the previous access token is expired. In this case you also get an new refresh token. You need to save it, into a database or JSON file.
To get a refresh token you need to pass this options on authorization:
access_type: "offline"
approval_prompt: "force"
Without these options you only get an access token, no refresh token.
Here is the documentation: https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl
And here a kind of tutorial: http://www.tqis.com/eloquency/googlecalendar.htm
I am currently developing an app using the Google places API..
https://developers.google.com/places/documentation/
I want to use the Events methods, so that a Place/Business owner can add events..
https://developers.google.com/places/documentation/actions#event_intro
However I obviously need to restrict it, so that only the Business owner can create events for their Business. Is there anyway of authenticating a user via a Google api, to confirm that they are the Place owner? I looked at Google+ however there is no reference to any 'Places' setup by that user in the people request.
Looks like this is possible now. The workflow would be the following:
Your user triggers a places search and selects a specific place in the result
Your user selects an option in your app to claim they are the owner of your place
Your user is redirected into an OAuth flow to Google Places where they login with their Google credentials
Once authenticated, your app is provided with an OAuth token for the user
Your app submits that token along with a Place reference to a Places API owner verification service
The Places API returns a yes/no as to whether the user concerned is the verified owner of the Place
Source - https://code.google.com/p/gmaps-api-issues/issues/detail?id=3894 - comment #3
Enjoy!
When I access a page using a web browser, I can see more information from a non-friend of me user than I can see if I try t get information usin Graph API.
For example:
Accessing the page http://www.facebook.com/profile.php?id=100001514767572 I can see, for example, the location where she is living (São Paulo).
But if I tried to get the information using Graph API, I could not see some information for the same user (https://graph.facebook.com/100001514767572?access_token=XXXX).
PS: I already selected all permission when I got access token.
Facebook doesn't want it to be too easy for developers to farm certain information.
Why does the Facebook graph API require an access token in order to access videos for my Facebook page:
http://graph.facebook.com/valleyviewseek/videos
But doesn't require an access token when I try to access the page's albums and photos?
http://graph.facebook.com/valleyviewseek/albums
http://graph.facebook.com/473223039060/photos
Are videos under tighter security than albums and photos? Did I do something in my Facebook fan page permission settings to open up albums and photos but not videos? I don't see anything in the API overview that suggests that these objects are any different from each other.
Is there any way to open up the videos so I don't need a token?
You will notice that Page's videos requires a facebook account:
http://developers.facebook.com/docs/reference/api/page/
videos |
Available to everyone on Facebook |
An array of Video objects
Trying to find the solution to this myself.
See: Applications for a Facebook page
I've been dealing with this issue only on videos as well, and found that you can use the page's access token.
That can be gathered easily via the graph explorer, simply select your app and then be sure to check permissions for "account" and "offline_access"**. The call looks like this to render pages after those permissions have been granted (you must be admin of the page in question):
http://graph.facebook.com/<your facebook ID>/accounts
This can of course be scripted via an SDK, but I've found it easiest to just snag the access token directly out of the explorer's output.
Use the page access token in your videos object graph API call and you will get results. Using PHP I've been referencing the video on the page via its object ID:
$graphCallParams = array("access_token" => <page access token gathered from above>);
$facebook->api('<video object id>', $graphCallParams);
**offline_access will make sure the page access token does not expire, but I still personally do not trust this, and have been thinking about writing a script that does periodic access token validity checks.
I've run into an issue where Facebook is now requesting an access_token for public photo albums as well. Looks like in the last few days they have upped their security.