I'm working on a plugin to enable a mailclient to access a users Facebook Inbox. I know I need to request an access token with extended permissions. The thing is: I have no Idea how to do that.
The plugin needs to be written in javascript. I have managed to open a webbrowser to the required URL but I have no idea, how to extract the access token from the webbrowser, in order to use it in the rest of my script.
Is there any way this can be achieved, or do i need to use different technology?
To get an access token you need to first create a Facebook application. To do it, add the developer application to your Facebook profile.
http://developers.facebook.com/
Then the user will need to grant access to your application.
http://developers.facebook.com/docs/authentication/
Related
Problem statement : I am trying to create Microsoft teams meeting link using NodeJS without passing any tokens or granting permission. ( Or way to get token by asking the user to login to Microsoft account). But currently I am only getting ways which includes granting access in dashboard.
I am able to get token when I pass application id , tenant id etc. Which again give 403 forbidden may be because I am using my personal account. All I want a way to create meeting link without forcing to grant permission.
Looks like you are using this document to create onlinemeeting and this is not supported for Personal Accounts. Give a try by creating event which supports user calendar with personal accounts and use the onlinemeetingurl property.
Yes, you need to give permission to let app pull your data for Microsoft Graph API. See this document.
I'm using dropbox chooser but the user needs to login first, and I want to avoid this using a Generated access token it is possible using only the chooser?. the documentation says:
By generating an access token, you will be able to make API calls for your own account without going through the authorization flow. To obtain access tokens for other users, use the standard OAuth flow.
but this is only able using the API? or how can I achieve this to avoid letting the user know the password? im only using one single account.
No, this isn't possible. The generated access token is for the Dropbox API, which is separate from the Dropbox Chooser. The Chooser is just a pre-built UI component that runs from the official Dropbox web site. The only way for the user to auth to it is by signing in to the Dropbox web site.
If you do just need access to your own account, and not the accounts of your end-users, you should use the API though, e.g., with a generated access token.
I develop mobile websites for my clients. This particular client would like some facebook wall activity to be displayed on the website. I have looked into the facebook graph api and am getting confused on authentication.
I need the blah in https://graphs.facebook.com/clientsfacebookid/feed?access_token=blah
in order to grab the info i want. I read about authentication and all of that but it doesn't seem to serve my purposes.. For example a lot of the stuff I read about getting a token is related to creating apps and stuff - which is not what I'm trying to do. A lot of ways to authenticate redirect users to log in or grant access to the information but this also doesn't seem like it fits my scenario.
Should I just talk to my client and get them to send me an access code or set up some stream so I can grab an updated access code anytime I need it OR is there some built in functionality in the API that I could benefit from using.
Any thoughts?
P.S. I am trying to implement this via an ajax call in javascript.
Thanks!
What you'll need to do is create a Facebook App and have your client add this to their page. You can then get an OAuth token for this app and use it to query the client's feed. See the Facebook documentation for authenticating as an app for details.
It's actually far simpler if you just want to grab the data from the page. Create an App, but you don't need to add it to the actual page. You can generate an App Access Token by following the instruction on the Facebook Developer Website.
Then, all you need to do is call the Graph API with the generated access_token. E.g.:
https://graph.facebook.com/{page_id}/feed?access_token={app_access_token}
You can then use the data returned by Facebook to display selected posts from the page.
The Page Admin doesn't need to add the app to the page, and this method can be used to scrape any published page. The posts on Pages is public anyway, you just need an access_token to access the page.
If you want a simple way to learn and have an example of a working model try out fourgefeed.com its a simple framework with a simple to implement example kinda like jquery.
Javascript SDK provides FB.login function to easily login other users. I just wonder whether there exists a way through PHP SDK that realize the same function --- that is click the login button and then allow the user to login and also allow the app to use the user's info?
The reason I ask the question is that someone told me that it's possible to be hacked if implemented by javascript and it's somewhat securer by the use of server-side PHP. Can anybody tell me the exact idea of this?
You can defiantly use the PHP SDK to log users into your application.
There exists within the SDK a method called getLoginUrl() which receives parameters such as what permissions you want to request from your users. Once you have received the url, you can use the php header function to redirect the user to the login screen or use an anchor tag and let the user login by clicking on it.
Using an instance of the Facebook Object in PHP SDK and getUser method is what you need to be sure of the authenticity of your users.
I suggest you to implement JSDK and PHP SDK to get the best login & register experience possible and also take full advantage of the features of both SDKs.
I usually use Javascript SDK to detect session status and login users, and PHP SDK to integrate the Facebook experience with my CMS (Drupal).
In the signed request travels information as your Facebook user ID and other stuff. Remember that the signed request is encrypted in base64 with you secret key, so it's not an easy thing to manipulate.
Tip: You can use the Facebook register plugin to provide an alternative & fast registration using Facebook data. See https://developers.facebook.com/docs/plugins/registration/
On an iOS application, I plan to host Facebook Comments using Facebook Connect within an UIWebView, have already done some tests and read articles where I think that it shall work fine.
My question regards authentication: I wanted to use Facebook iOS sdk to have and store the proper tokens within Objective C, so that the user doesn't have to do it every time. I know how to inject any data in the UIWebView if needed, but my question is WHAT do I need to inject so that the facebook scripts already see the user as authenticated every time ?
Thanks
See https://developers.facebook.com/docs/authentication/. You will get an access token when you authenticate the user which you can then use throughout your application to request information on the users behalf.
Download the latest Facebook iOS SDK.
Create the Facebook object:
Facebook *myFacebook;
[self myMethodToDoSomeAuthenticatedStuffsWithAccessToken:myFacebook.accessToken];
Also, you can see the sample "Hackbook" project to see how the access token is setup for the Facebook object within the application and how it is auto refreshed.
This keeps the user authenticated on the iOS Device and you can use this access token a NSString* type to do your stuffs.