I'm using facebook JS SDK version 2.11. For Login I've added following code
FB.login(function(response) {
// Handling Code here
}, { scope: "user_posts" });
But Login Dialog doesn't have permission for user_posts. I also checked using me/permissions and user_posts is not there.
How can I get access_token to get user_posts on FB.Login. App is still in developer mode and facebook review team is also facing the same issue.
Please Help!
I think you need to let Facebook review your app.
From the docs:
Which permissions require review?
Review is not required to ask for the three basic permissions: public_profile, user_friends and email.
Review is required to ask for any other permissions when people log into your app
You can try to get user feed at facebook graph api explorer - this is the best testing environment.
Then try
GET https://graph.facebook.com/v2.12/me/feed?access_token=<ACCESS_TOKEN>
this is request u are in need of use.
Also try
FB.login(function(response) {
// handle the response
console.log(response.grantedScopes); // should work as well
}, {
scope: 'publish_actions,email,user_likes,user_posts',
return_scopes: true
});
By setting the return_scopes option to true in the option object when calling FB.login(), you will receive a list of the granted permissions in the grantedScopes field on the authResponse object.
This will definitely help you with debugging your app. If #BigJ is right, you won't do much without app reviewed. Hope my answer is helpful.
I have a facebook app that is going to be installed on a facebook page. When an end user visits this app, he'll be asked to authorize the app. I'm using FB.login in JS to authorize and I do get facebook dialog asking for permission. But the control does not come to callback of FB.login at all. What am I missing here?
FB.init({
appId: <app_id>
});
FB.login(function(response){
console.log(response); //control never comes here even after user authorizing the app
}, {scope:"email,userlikes"});
You are adding a wrong permission here.
Replace userlikes with user_likes
(I dont think even the permissions were asked with your code since the permission is incorrect)
Check this Demo. When you close the login dialog, check the console of the browser, you'll see the response.
I now that this question was posted couple times but my problem is a little bit different. I try to submit for example event to my Page from Application.
I have private Profile on Facebook, Page and Application. Of course I'm admin of this page.
First thing I did was getting page access_token, so I went to https://developers.facebook.com/tools/explorer/ and in the URL I wrote /me/accounts/. Permission was set to manage_pages. I received access_token for my page.
Having access_token I connected my Application to the Page. So I made POST request to /[PAGE_ID]/tabs/ with app_id as a parameter and setting access_token of the Page. Now it's connected, I've checked it.
Now I try to submit some content by my Application. For example /[PAGE_ID]/events/ and passing parameters: name = Sample event, start_time = 2013-07-14T19:00:00-0700. And of course with the Application's access_token which I got by typing in the browser: https://graph.facebook.com/oauth/access_token?client_id=[APP_ID]&client_secret=[APP_SECRET]&grant_type=client_credentials. I got an error saying:
{
"error": {
"type": "Exception",
"message": "You must be an admin of the specified page to perform the requested action.",
"code": 1373019
}
}
I can post to this Page as a User but can't as an Application. My Application is of two types: Facebook Login and Facebook Tab. I've set permissions to publish_action and manage_pages publish_stream create_event.
What I did wrong?
Ok I solved the problem. Maybe it can be helpful for others. I don't know for what reason are those permissions https://developers.facebook.com/apps/[APP_ID]/permissions but the only thing I had to do was going to https://developers.facebook.com/tools/explorer/ and changing application from Graph API Explorer to my app and generating new access_token for privilages I needed. I don't know why they moved such crucial thing as permissions to the testing tool.
In my application, I implemented Google signout using jsapi.
I used the url https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=xxxxxx to connect to Google and then https://www.googleapis.com/plus/v1/people/xxxxxx to get user data from google profile.
Now I need to signout the user from Google while clicking a button from my application. How can I implement this in JavaScript, or at least it must ask the Google login page every time the user signs in.
I have tried approval_prompt=force, but seems not to be working.
Overview of OAuth: Is the User Who He/She Says He/She is?:
I'm not sure if you used OAuth to login to Stack Overflow, like the "Login with Google" option, but when you use this feature, Stack Overflow is simply asking Google if it knows who you are:
"Yo Google, this Vinesh fella claims that vinesh.e#gmail.com is him, is that true?"
If you're logged in already, Google will say YES. If not, Google will say:
"Hang on a sec Stack Overflow, I'll authenticate this fella and if he can enter the right password for his Google account, then it's him".
When you enter your Google password, Google then tells Stack Overflow you are who you say you are, and Stack Overflow logs you in.
When you logout of your app, you're logging out of your app:
Here's where developers new to OAuth sometimes get a little confused... Google and Stack Overflow, Assembla, Vinesh's-very-cool-slick-webapp, are all different entities, and Google knows nothing about your account on Vinesh's cool webapp, and vice versa, aside from what's exposed via the API you're using to access profile information.
When your user logs out, he or she isn't logging out of Google, he/she is logging out of your app, or Stack Overflow, or Assembla, or whatever web application used Google OAuth to authenticate the user.
In fact, I can log out of all of my Google accounts and still be logged into Stack Overflow. Once your app knows who the user is, that person can log out of Google. Google is no longer needed.
With that said, what you're asking to do is log the user out of a service that really doesn't belong to you. Think about it like this: As a user, how annoyed do you think I would be if I logged into 5 different services with my Google account, then the first time I logged out of one of them, I have to login to my Gmail account again because that app developer decided that, when I log out of his application, I should also be logged out of Google? That's going to get old really fast. In short, you really don't want to do this...
Yeh yeh, whatever, I still want to log the user out Of Google, just tell me how do I do this?
With that said, if you still do want to log a user out of Google, and realize that you may very well be disrupting their workflow, you could dynamically build the logout url from one of their Google services logout button, and then invoke that using an img element or a script tag:
<script type="text/javascript"
src="https://mail.google.com/mail/u/0/?logout&hl=en" />
OR
<img src="https://mail.google.com/mail/u/0/?logout&hl=en" />
OR
window.location = "https://mail.google.com/mail/u/0/?logout&hl=en";
If you redirect your user to the logout page, or invoke it from an element that isn't cross-domain restricted, the user will be logged out of Google.
Note that this does not necessarily mean the user will be logged out of your application, only Google. :)
Summary:
What's important for you to keep in mind is that, when you logout of your app, you don't need to make the user re-enter a password. That's the whole point! It authenticates against Google so the user doesn't have to enter his or her password over and over and over again in each web application he or she uses. It takes some getting used to, but know that, as long as the user is logged into Google, your app doesn't need to worry about whether or not the user is who he/she says he/she is.
I have the same implementation in a project as you do, using the Google Profile information with OAuth. I tried the very same thing you're looking to try, and it really started making people angry when they had to login to Google over and over again, so we stopped logging them out of Google. :)
You can log out and redirect to your site:
var logout = function() {
document.location.href = "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://www.example.com";
}
For me, it works (java - android)
void RevokeAcess()
{
try{
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost("https://accounts.google.com/o/oauth2/revoke?token="+ACCESS_TOKEN);
org.apache.http.HttpResponse response = client.execute(post);
}
catch(IOException e)
{
}
CookieManager.getInstance().removeAllCookie(); // this is clear the cookies which tends to same user in android web view
}
You have to call this function in AsyncTask in android
To logout from the app only but not the Gmail:
window.gapi.load('auth2', () => {
window.gapi.auth2
.init({
client_id:
'<Your client id configired on google console>'
})
.then(() => {
window.gapi.auth2
.getAuthInstance()
.signOut()
.then(function() {
console.log('User signed out.');
});
});
});
I'm using above in my ReactJs code.
You can simply Create a logout button and add this link to it and it will utimately log you out from the app and will redirect to your desired site:
https://appengine.google.com/_ah/logout?continue=http://www.YOURSITE.com
just toggle YOURSITE with your website
This works to sign the user out of the application, but not Google.
var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut().then(function () {
console.log('User signed out.');
});
Source: https://developers.google.com/identity/sign-in/web/sign-in
Ouath just makes the Google instance null, hence it you out of Google. Now that's how the architecture is made. Logging out of Google, if you Logout of your app is a dirty work, but can't help if the requirement stipulates the same. Hence add the following to your signOut() function. My project was an Angular 6 app:
document.location.href = "https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://localhost:4200";
Here localhost:4200 is the URL of my app. If your login page is xyz.com then input that.
this code will work to sign out
<script>
function signOut()
{
var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut().then(function () {
console.log('User signed out.');
auth2.disconnect();
});
auth2.disconnect();
}
</script>
I hope we can achieve this by storing the token in session while logging in and access the token when he clicked on logout.
String _accessToken=(String)session.getAttribute("ACCESS_TOKEN");
if(_accessToken!=null)
{
StringBuffer path=httpRequest.getRequestURL();
reDirectPage="https://www.google.com/accounts/Logout?
continue=https://appengine.google.com/_ah/logout?
continue="+path;
}
response.sendRedirect(reDirectPage);
It looks like Google recently broke something with their revoke stuff (it's started returning 400 errors for us). You now have to call
auth2.disconnect();
In our case we then have to wait a couple of seconds for the disconnect call to complete otherwise the sign-in code will re-authorise before it's done. It'd be good if google returned a promise from the disconnect method.
If any one want it in Java, Here is my Answer, For this you have to call Another Thread.
1. Try this code, if you are using onSignIn() function
2.
<script src="https://apis.google.com/js/platform.js?onload=onLoad" async defer></script>
<script>
function signOut() {
onLoad();
var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut().then(function () {
console.log('User signed out.');
if(auth2.isSignedIn)
{
auth2.isSignedIn.set(false);
}
});
}
function onLoad() {
gapi.load('auth2', function() {
gapi.auth2.init();
});
}
</script>
I am using the JavaScript SDK. I have an application that has publishing permissions and after certain actions are taken a post will be made to the logged in users wall like so:
FB.getLoginStatus(function (response) {
//we are authorized
if (response.status == "connected") {
var name = "Post name";
var body = "Post body";
var caption = "The caption";
var description = "The description";
var link = "http://www.facebook.com/mypage";
FB.api('/me/feed', 'post', { message:body,caption:caption,link:link,name:name,description:description}, function (response) {
console.log(response);
});
}
});
What I would like to able to do is post to a specific Facebook Page after a post is successfully made to the users page. Is there a way to securely pre-authorize an application to do that? Is this possible with the JavaScript SDK, or at all? I did some looking around and havn't found a definite answer. I'm looking at the FB documentation but find it to be a bit spotty in places. Could anyone tell me if this is possible? Any help or advice would be very much appreciated, thanks much!
Edit: my mistake, I should have supplied more info. Here is what I am trying to do:
var body = "The body";
var caption = "The caption";
FB.api("mypageid/feed", "post", { message: body, caption: caption }, function (response) {
console.log(response);
});
I am getting the error "this api call requires a valid app_id" however my page id is valid. When I call FB.init() I am passing my app id and it works for the first post to the logged in users feed.
Edit:
I have made the change the Igy suggested. Now I am getting the error:""(#200) The user has not granted the application the permission to automatically publish feed stories""
Now, as I said I am trying to post to a Facebook page. I have logged into the account that owns the page and I have gone to the app and clicked allow for the following permissions:
email,user_photos,publish_stream
When I am logged in with the account that owns the page and check my status:
FB.getLoginStatus(function (response) {
console.log(response);
});
I get "connected". Am I doing this incorrectly? Do I have to do more than just authorize with the account that owns the page? Is there a way to set allow permissions for a page? I did a little digging but couldn't find an answer.
Edit :
Ok, now what is happening is IF I am logged into the account that owns the page the post will be made to the page. If I am logged in with another account I get an id back as a response to the API call but it doesn't seem to be a valid object id. For instance I just got this back:
id: 499973616681852_507724422573438
if I go to http://graph.facebook.com/499973616681852_507724422573438
I get an "unsupported get request" graph api exception, which suggest that id returned is not valid. I feel like I am close here but I am missing something. Any advice would be appreciated, thanks again to all who responded.
edit: removed the link to the page,that was left in unintentionally.
It's good practice to try getting it to work in the graph explorer first. Note that on the top right you can select which application to run under. I just made a post to your page using /PAGE_ID/feed and it worked fine. You'll need the publish_stream permission. If you can get it to work in the graph explorer you'll know it's possible to get it to work in the JS SDK and you've just made some sort of syntax error.
Also note there is an open high priority bug report on some calls to the graph returning "unsupported get request". So even though the id you are getting back is invalid, check the page itself to see if the posts are appearing.
I also noticed that the user itself is getting the same error. Try https://graph.facebook.com/507724422573438. Is this a test user for your app? Might be worth trying this as a real user if so.
Since you want to post to the page as the page itself, you'll need to authenticate as a page and then use that access token when making graph api calls. I am not sure if you'll be able to then use this access token for any user, or only users that are allowed to manage the page. It would be best for you to use the graph explorer to do some experiments to find out.