I now that this question was posted couple times but my problem is a little bit different. I try to submit for example event to my Page from Application.
I have private Profile on Facebook, Page and Application. Of course I'm admin of this page.
First thing I did was getting page access_token, so I went to https://developers.facebook.com/tools/explorer/ and in the URL I wrote /me/accounts/. Permission was set to manage_pages. I received access_token for my page.
Having access_token I connected my Application to the Page. So I made POST request to /[PAGE_ID]/tabs/ with app_id as a parameter and setting access_token of the Page. Now it's connected, I've checked it.
Now I try to submit some content by my Application. For example /[PAGE_ID]/events/ and passing parameters: name = Sample event, start_time = 2013-07-14T19:00:00-0700. And of course with the Application's access_token which I got by typing in the browser: https://graph.facebook.com/oauth/access_token?client_id=[APP_ID]&client_secret=[APP_SECRET]&grant_type=client_credentials. I got an error saying:
{
"error": {
"type": "Exception",
"message": "You must be an admin of the specified page to perform the requested action.",
"code": 1373019
}
}
I can post to this Page as a User but can't as an Application. My Application is of two types: Facebook Login and Facebook Tab. I've set permissions to publish_action and manage_pages publish_stream create_event.
What I did wrong?
Ok I solved the problem. Maybe it can be helpful for others. I don't know for what reason are those permissions https://developers.facebook.com/apps/[APP_ID]/permissions but the only thing I had to do was going to https://developers.facebook.com/tools/explorer/ and changing application from Graph API Explorer to my app and generating new access_token for privilages I needed. I don't know why they moved such crucial thing as permissions to the testing tool.
Related
I am trying to link an anonymous mongodb stitch session to a Google account using the following code snippet from the docs:
function linkWithGoogleAccount() {
user
.linkUserWithRedirect(new GoogleRedirectCredential())
.then(_=> alert("getting here"))
.catch(console.error)
}
Further, I added http://localhost:8080 (where I develop the app) to the list of Allowed Request Origins.
With the above code, I expect to handle the OAuth redirect similar to the regular Google authentication (which works fine).
However, when the alert "getting here" is triggered I see a GET 400 error with URI https://eu-west-1.aws.stitch.mongodb.com/api/client/v2.0/app/myapp-abcde/auth/providers/oauth2-google/login?redirect=http://localhost:8080/&state=M2I...In0%3D&link=true&providerRedirectHeader=true. After accepting the alert I get redirected to localhost:8080/null.
I assume I misunderstand some aspects of the whole procedure (it's hard to debug) and would appreciate any help. Thanks!
I am building a chat bot in FB messenger that saves user profile data, food and calorie consumption. I am using Node/Express/MongoDB for the backend and want the user to be able to open a personal dashboard page inside the chat with a link. So that URL would be something like www.myapp.com/:id where :id is a personal key.
The problem I have is how can only the user belonging to this page and data open this without having to login? Normally you would go to a website, login and be able to see the page, but this not a step I want in a chat bot. I want the user just to open the page in the chat, whether that is results in opening a browser tab or a native webview. Any advice on how I can achieve this?
To verify if the user on the page is the facebook user you intend the page to be for, add FB Messenger Extensions to the page.
When clicking a webview in your bot, Messenger extensions will be able to tell who they are logged in as, and allow you to do whatever you want with that info. In your case, checking if the userid matches the one passed by your bot in the url. There are many ways to check this, like splitting query strings, but I stuck with the example route in your question.
Use the following on your dashboard page. The below will check with FB who the logged in user is, and if it doesn't match the ID of the link they followed, deny them access with a redirect.
<script>
MessengerExtensions.getContext(<YOUR-APP-ID>,
function success(thread_context){
// User ID was successfully obtained.
var psid = thread_context.psid;
// Grab the user id from your url (assumes your url is /<USER_ID>)
var loc = window.location.pathname.replace(/^\/|\/$/g, '');
if (psid !=== loc) {
window.location.replace("http://YOUR_DOMAIN.com/error")
}
}, function error(err, errorMessage) {
// Error handling code
});
</script>
Docs on getting user id with Messenger Extensions
Try this:
Open Messenger, then open DevsConsole and go to Network tab. Now paste your link and click it. In the Network tab open the request details issued by the click. Under "Form Data" you should see this:
q:[{"user":<your_fb_id>,...
You can use this id to authenticate the user in your app - just couple it somehow with the authorized user in your app. This is just the first idea off the top of my head, it should be quite safe if you mix it e.g. with CORS security headers.
I have a nodeJS application (express), which has a facebook login. I'm using the passport-facebook authentication, described in here passport-facebook. My login was still working couple weeks ago ok, but now something has changed. I'm not sure if Facebook has changed something, or if I have. I haven't touched to any of the login code, so I suspect it is something in the facebook's end.
Here is my authentication code:
router.get('/', passport.authenticate('facebook'), function(req, res){
});
router.get('/auth/facebook/callback', passport.authenticate('facebook', {
failureRedirect: '/' }),
function(req, res) {
res.redirect('/calendar');
});
Basically, I want the app to automatically authenticate the user from the root of the app, and then redirect after the authentication to /calendar.
The symptons are following: If I try to go to the root and I haven't logged in with facebook earlier, then it will take me to the normal facebook login screen, as it should. But then on that screen, there is a warning of:
Given URL is not permitted by the Application configuration
One or more of the given URLs is not permitted by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains.
I checked all questions related to this, and it seems it is because I haven't configured the app domain and site url properly in the facebook app configuration. But they should be all fine: app domain: localhost, site url: http://localhost:3000/
So I don't know why it is complaining about it? I do not have any subdomains. The only routes I do have are: (/, /calendar, /calendar/events). The last /calendar/events routes are ajax routes. Anyways, after I enter my facebook credentials and login, then the page will redirect me to a empty page, with url: (https://www.facebook.com/login.php?login_attempt=1). I opened the developer's tools, and I see one error message in its console:
Failed to load resource: the server responded with a status of 500 (Internal Server Error)
But, now I am actually logged in. Because if I now go to root or to /calendar, it will take me to correct page and show I'm logged in properly. So apparently the log in works, but there are some issues with redirection and allowed URL's. I just don't seem to know what and why. I'm using mongodDB as database.
It could be because of what site you have registered in your app. If you have registered it to http://localhost:3000/ you should work with domain localhost that for the callback. And if you have registered it as http://127.0.0.1:3000/ then you should work with 127...
I have no idea why this even worked, but I found a solution. Previously, I had configured valid OAuth redirect URI to be http://127.0.0.1:3000/auth/facebook/callback, and it was working all good. Now I changed it to use localhost instead of 127.0.0.1:3000, and that seemed to do the trick. Now everything is working as expected, though I don't know why. If someone is able to clearly tell me why, I will mark that as the correct answer.
I am using the JavaScript SDK. I have an application that has publishing permissions and after certain actions are taken a post will be made to the logged in users wall like so:
FB.getLoginStatus(function (response) {
//we are authorized
if (response.status == "connected") {
var name = "Post name";
var body = "Post body";
var caption = "The caption";
var description = "The description";
var link = "http://www.facebook.com/mypage";
FB.api('/me/feed', 'post', { message:body,caption:caption,link:link,name:name,description:description}, function (response) {
console.log(response);
});
}
});
What I would like to able to do is post to a specific Facebook Page after a post is successfully made to the users page. Is there a way to securely pre-authorize an application to do that? Is this possible with the JavaScript SDK, or at all? I did some looking around and havn't found a definite answer. I'm looking at the FB documentation but find it to be a bit spotty in places. Could anyone tell me if this is possible? Any help or advice would be very much appreciated, thanks much!
Edit: my mistake, I should have supplied more info. Here is what I am trying to do:
var body = "The body";
var caption = "The caption";
FB.api("mypageid/feed", "post", { message: body, caption: caption }, function (response) {
console.log(response);
});
I am getting the error "this api call requires a valid app_id" however my page id is valid. When I call FB.init() I am passing my app id and it works for the first post to the logged in users feed.
Edit:
I have made the change the Igy suggested. Now I am getting the error:""(#200) The user has not granted the application the permission to automatically publish feed stories""
Now, as I said I am trying to post to a Facebook page. I have logged into the account that owns the page and I have gone to the app and clicked allow for the following permissions:
email,user_photos,publish_stream
When I am logged in with the account that owns the page and check my status:
FB.getLoginStatus(function (response) {
console.log(response);
});
I get "connected". Am I doing this incorrectly? Do I have to do more than just authorize with the account that owns the page? Is there a way to set allow permissions for a page? I did a little digging but couldn't find an answer.
Edit :
Ok, now what is happening is IF I am logged into the account that owns the page the post will be made to the page. If I am logged in with another account I get an id back as a response to the API call but it doesn't seem to be a valid object id. For instance I just got this back:
id: 499973616681852_507724422573438
if I go to http://graph.facebook.com/499973616681852_507724422573438
I get an "unsupported get request" graph api exception, which suggest that id returned is not valid. I feel like I am close here but I am missing something. Any advice would be appreciated, thanks again to all who responded.
edit: removed the link to the page,that was left in unintentionally.
It's good practice to try getting it to work in the graph explorer first. Note that on the top right you can select which application to run under. I just made a post to your page using /PAGE_ID/feed and it worked fine. You'll need the publish_stream permission. If you can get it to work in the graph explorer you'll know it's possible to get it to work in the JS SDK and you've just made some sort of syntax error.
Also note there is an open high priority bug report on some calls to the graph returning "unsupported get request". So even though the id you are getting back is invalid, check the page itself to see if the posts are appearing.
I also noticed that the user itself is getting the same error. Try https://graph.facebook.com/507724422573438. Is this a test user for your app? Might be worth trying this as a real user if so.
Since you want to post to the page as the page itself, you'll need to authenticate as a page and then use that access token when making graph api calls. I am not sure if you'll be able to then use this access token for any user, or only users that are allowed to manage the page. It would be best for you to use the graph explorer to do some experiments to find out.
I'm getting conflicting results between the facebook javascript SDK and the python requesthandler variables. The Javascript SDK says my user is not logged in, which is correct, while my template variable that comes from the base request handler says that my user is logged in and displays the name of the user. Is there enough info to tell what is wrong or should I paste the code I think is relevant here? A link to the login page that has the error is here. The example I used is called the runwithfriends demo app from facebook and everything with that app worked except using the logic from the app just from a website without requiring the user to be in the iframe of the app.
Plus I can't seem to get the real-time API working. I can only save userID and not refresh user data - why? I have the code but I'm not sure what's most relevant but here's some of the request handler, the relevant code is basically exactly the same as the one from the demo app:
def render(self, name, **data):
logging.debug('render')
"""Render a template"""
if not data:
logging.debug('no data')
data = {}
data[u'js_conf'] = json.dumps({
u'appId': facebookconf.FACEBOOK_APP_ID,
u'canvasName': facebookconf.FACEBOOK_CANVAS_NAME,
u'userIdOnServer': self.user.id if self.user else None,
})
data[u'logged_in_user'] = self.user #variable that is the problem
data[u'message'] = self.get_message()
data[u'csrf_token'] = self.csrf_token
data[u'canvas_name'] = facebookconf.FACEBOOK_CANVAS_NAME
self.response.out.write(template.render(
os.path.join(
os.path.dirname(__file__), 'templates', name + '.html'),
data))
And even more strange, I can also get the application in a state where the javascript SDK says the user is logged in and the template variable logged_in_user says otherwise. Why are the variables conflicting?
Update: Here are screenshots from the strange login flow. I can go to my page and my name from facebook appears:
Then when I go to next page it also looks alright and has my name
But if I log out then I gets in impossible state: my name + logged out
How can I resolve this strange conflict between js and back-end?
Update: Since I only have this problem for one of my apps I can take what works from my other app and integrate. This page seems to work from my other app: http://cyberfaze.appspot.com/file/20985
Your 'user' is probably referring to the Django user not the Facebook user. Make sure you synchronize the two accounts correctly using a custom authentication backend. It's possible that the accounts get out of sync i.e. if the user switches browsers.
Keep in mind that the Facebook Python SDK will stop working after October 1st unless they update it to Oauth2.0 which is unlikely.
I just updated django-facebook-graph to work with the new authentication flow.