This is the first question I've posted here, but have found stack more than useful in the past. I should also say I have searched for many hours, read many questions already asked and am still struggling.
So, I'm writing an FB app and my problem is with the JS SDK, I have set the permissions in the developer area of FB and have also specified the "scope" in FB.login, however on a clean (brand new account) version of FB, I am not being asked for the permissions I have specified, specifically publish_stream and photo_upload. Without this working properly, all images uploaded require "approving" by the user in their photo album, which is annoying and users are unlikely to do.
When I check the permissions on my developer account, I have the correct permissions, but cannot for the life of my understand why there is a difference between my two accounts.
Here is my login function with "scope" specified:
function login() {
FB.login(function(response) {
if (response.authResponse) {
// connected
var access_token = FB.getAuthResponse()['accessToken'];
console.log('Access Token = '+ access_token);
testAPI();
} else {
// cancelled
}
}, {scope:'publish_stream,photo_upload'});
}
Any help would be appreciated and if I have missed any info, give me a nudge.
May be you are using the old SDK and that's why its not working. Earlier the property name for the permissions was not "scope", but "perms", so try out with "perms" and check if its working.
Related
I want to get my Facebook news feed in order to filter depending on some options.
But when I ask for permission as below, read_stream is not accepted, I 'm getting "Invalid Scopes: read_stream"
FB.login(checkLoginStatus, {scope:'read_stream,email,publish_actions, user_friends, user_posts '});
Looking around in Internet, I found out that this permission has to be required from Facebook.
Any workaround for that would be much appreciated.
The permission read_stream was deprecated with v2.4. You wouldn't have gotten it granted during Login Review anyway.
Basically, /{user_id}/home endpoint with the newsfeed is no longer accessible. If you want to use /{user_id}/feed, that should work, but this only contains the user's own timeline.
See
https://developers.facebook.com/docs/apps/changelog#v2_4
https://developers.facebook.com/docs/graph-api/reference/v2.4/user/home/
https://developers.facebook.com/docs/graph-api/reference/v2.4/user/feed
I am building an app that is intended to work as a directory of people who work for the same org, we all have Facebook in common so it seemed easy to make this to get us together. I have a question though, how can I get their info for testing before actually deploying the app? I was reading on Facebook Graph Api v2.0+ - /me/friends returns empty, or only friends who also use my app and noticed that it's not allowed easily or at all. Am I wrong?
Right now I have:
function getFriends() {
FB.api('/me/friends', function(response) {
console.log('Friends response', response);
if(response.data) {
$.each(response.data,function(index,friend) {
alert(friend.name + ' has id:' + friend.id);
});
} else {
console("Error!");
}
});
}
but I get the empty Array, is there anything I could do?
You have to ask for the user_friends permission.
This permission grants the app permission to read a list of this person's friends who also use your app. If any of this person's friends have chosen not to share their list of friends with your app, they will not show up in the list of friends for this person. Both people must have enable the user_friends permission enabled for a friend to show up in either friend list.
Edit: Not Duplicate, because:
I have the permission
Debugged the token
Code works with test user
Please don't mark as duplicate without reading.
I'm trying to get the user e-mail address, but i don't get it. On graph api explorer, when i hit send, email field becomes grayed and says that:
field is empty or disallowed by access token
But when I debug the token it has email permission granted
My profile has an e-mail address.
Update: I tried https://developers.facebook.com/tools/console/ . My profile returns nothing, even on another computer. But the same code returns the email, name and uid of another account.
Code:
<fb:login-button scope="email">
Grant Permissions to make more examples work
</fb:login-button>
<button onclick="doPost()">Post to Stream</button>
<script>
function userData() {
FB.api('/me?fields=name,email', Log.info.bind('/me callback'));
};
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
userData();
}
});
</script>
It is possible to lockdown you e-mail so no one can has it? Even when i grant permission?
The Marcus' answer leads me to the real problem I was facing.
Debugging with the Facebook Explorer tool I was able to figure out that I should set the email scope at the FB.api() method after a successful login.
FB.login(function(response) {
if (response.status === 'connected'){
FB.api('/me?fields=id,email,name', function(data) {
console.log( data.email ) // it will not be null ;)
})
}, {scope: 'email'});
It is not quite clear at the Quickstart guide and I hope it helps someone else, too.
I had the same problem and I think I found out why:
If the user has an unconfirmed email in Facebook (i.e. Facebook sent him a validation mail to his email address but he didn't respond) Facebook WILL NOT pass that email to your app even if he gave you the email permissions (!!!).
So what I did is use his Facebook email if he has a user name (i.e. userName#facebook.com).
After i got my bug report marked as duplicate, and i read all posts and links there, i got what caused this problem for me and how to fix.
The Problem
Facebook seems to sometimes forget what your primary e-mail is on the graph API (But it still there in the preferences.)
Solution
The user affected must remove the e-mail, save settings, then re-add the address, re-confirm, then make it primary. This fixed my account both on my sandbox app, and other apps where Facebook login don't used to work.
New facebook graph requires scopes added in the /me request as follow:
/me?fields=email,birthday,location,locale,age_range,currency,first_name,last_name,name_format,gender&access_token=
I had the same issue while I was developing the fb login button for my site. I had even setup permissions for my app here:
https://developers.facebook.com/apps/<my-app-ID>/permissions
and it was working fine for certain initial cases, that is, it was giving email (i tested it on my own account and it was giving my email). Then suddenly it started to reflect no email at all. After two hours of browsing, I figured it out that there was an issue with the access token as when I went on this link:
https://developers.facebook.com/tools/explorer/<your-fb-id>/?method=GET&path=100002451127858%3Ffields%3Did%2Cemail
Update your-fb-id with your id and go to the above link. Click on 'Get Access Token'. In the tab that opens up, click on 'Extended Permissions' and in that, choose 'email' and submit. Now, test your query again. It'll definitely work, on the console as well as your website. Cheers! :)
This is a known bug. If the user does not have any email address set to primary, the query will return null for email. Set the email address for your account to primary https://www.facebook.com/settings?tab=account§ion=email&view and then try.
Source: https://developers.facebook.com/bugs/298946933534016/
This question is not a duplicate of this one.
I don't want to know whether the user has authorized my application, but if the user is logged into facebook (completely independed from my application).
The reason is that I want to pring user comments in my html code so that search engines can index them.
When a user is logged into facebook I want to replace the html code with the facebook comments snippet.
If not an alternative old school comment form should be displayed.
I would pull the comments regularely from the graph api to have them in my database and comments that are done using the classic form should be posted over the api (not necessarily as the user, could be an admin account...) to have all the data synchronized.
I looked at the Javascript SDK Docs, also found the function getloginstatus but the documentations are bad and not conclusive. I know that there are also often features available at facebook codes that are not documented or implemented in higher level apis.
My questions are:
Can I somehow find out if a user is logged into facebook?
Can I somehow have a callback or notification of posted comments, so I can trigger synchronization to my database or do I have to "crawl" the graph api on a regular basis?
There is a non-hack, officially-supported way of doing this for Facebook (I think the last version of the docs was clearer on this point).
Using the Javascript SDK, you can do:
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({appId: 'YOUR APP ID', status: true, cookie: true,
xfbml: true});
FB.getLoginStatus(function(o) {
if (!o && o.status) return;
if (o.status == 'connected') {
// USER IS LOGGED IN AND HAS AUTHORIZED APP
} else if (o.status == 'not_authorized') {
// USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)
} else {
// USER NOT CURRENTLY LOGGED IN TO FACEBOOK
}
});
};
(function() {
var e = document.createElement('script'); e.async = true;
e.src = document.location.protocol +
'//connect.facebook.net/en_US/all.js';
document.getElementById('fb-root').appendChild(e);
}());
</script>
An aside: if XAuth had caught on, it would be possible to do this in a more universal and supported way for any site supporting that standard.
This article
https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information
identifies security risks in Google and Facebook that will allow you to determine if a user is logged in. While no official API exists to check if a user is logged in without that user giving you express permission to access this information, the above article shows how you can 'guess' if a user is logged in or not.
Note: The article identifies a 'hack' and so is not guaranteed to work in the future, if or when Google & Facebook identify these security risks.
I also ran into similar requirements and solved my problem with following code; Using the Javascript SDK, I used FB object. FB is a facebook object, it has property called _userStatus, this can be used like following.
if(FB._userStatus == "connected")
{
// USER IS LOGGED IN AND HAS AUTHORIZED APP
}
else if(FB._userStatus == "notConnected"){
// USER IS LOGGED IN TO FACEBOOK (BUT HASN'T AUTHORIZED YOUR APP YET)
}
else if(FB._userStatus == "unknown")
{
// USER NOT CURRENTLY LOGGED IN TO FACEBOOK
}
The above code is very useful. It can be used in any part of the page as long FB object is not null.
I have just used the javascript sdk to publish to the wall when the user is online.
I am starting to like it. Now I want to post to wall when user is offline. I already have extended permissions from the user.
How can I post to user's wall when user is offline using javascript sdk.
here is my code:
function Publish(body){
FB.api('/me/feed', 'post', { message: body }, function(response) {
if (!response || response.error) {
alert('Error occured');
} else {
alert('Post ID: ' + response.id);
}
});
}
I appreciate any help.
Thanks.
That's only possible when user permits you. In other words, you need offline_access extended permission from user and only after that you can do that.
I'm not 100% sure of this, but I don't believe you can accomplish this with only the JavaScript API.
Just getting the user to accept the permissions isn't enough - that doesn't make all your API calls "automagically" work. As mentioned in item #3 here, you are given an access_token that is to be used in future API calls on behalf of the user.
And so enters the problem with the offline_access permission. If using JavaScript only - where are you going to store the access token that grants offline access so that you may use it when the user is not at their computer?
If even you figured out how to store it and retrieve it for later use, I'm not sure if you can even use the JavaScript SDK to make API calls for a non-session user.
From my understanding, you only need 'publish_stream' permission - please check Do I need “offline_access” permission if I request publish_stream?