I want to receive the public posts of a defined facebook page in my app. I already integrated the FacebookSDK and created a new app in the Facebook developer console. My Request looks like this:
new Request(
null,
"/176063032413299/feed",
null,
HttpMethod.GET,
new Request.Callback() {
public void onCompleted(Response response) {
tv.setText(response.getRawResponse());
}
}
).executeAsync();
The server answers, that I need an acceess token. But I don't want my users to be logged in, when they use my app. So is there an option to get an access token without being logged in? I only want to read public data. I am not interested in publishing or reading private posts.
If I use the app access token like this, it still does not work:
new Request(
null,
"/176063032413299/feed?access_token=xxx",
null,
HttpMethod.GET,
new Request.Callback() {
public void onCompleted(Response response) {
tv.setText(response.getRawResponse());
}
}
).executeAsync();
I get the response:
"Invalid OAuth access token signature"
Even for public posts, you have to authorize the user in order to get access. Either with read_stream to get ALL posts or with user_status to get the posts of the user only.
read_stream will most likely not get approved by Facebook though, see this document: https://developers.facebook.com/docs/facebook-login/permissions/v2.2
Keep in mind that "public" does not mean you can grab it without user authorization. Apps can´t just scrape what they want - scraping is not allowed anyway: https://www.facebook.com/apps/site_scraping_tos_terms.php
Also, of course you can´t create a User Token (which is what you need) without user interaction (login and authorization). Detailed information about Access Tokens can be found in the following links:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/
Btw, the docs mention that "Any valid access token is required to view public links." - So you may be able to get links only.
Source: https://developers.facebook.com/docs/graph-api/reference/v2.2/user/feed
For debugging Access Tokens, use the Facebook Debugger: https://developers.facebook.com/tools/debug/
Edit: I just realized that you just want to grab the public feed of a Facebook Page, not a User Profile. For that, you can just use an App Access Token. It´s never expiring and easy to create: App-ID|App-Secret. Check out the docs for more information. Keep in mind that you would need to use a User Token or Page Token if the Page is restricted by age or country.
Have a look at https://developers.facebook.com/docs/graph-api/reference/v2.2/page/feed/
The permissions needed to be able to request /{page_id}/feed:
An access token is required to view publicly shared posts.
A user access token is required to retrieve posts visible to that person.
A page access token is required to retrieve any other posts.
Meaning you could generate a long-living Page Access Token to be able to retrieve the public Page Posts. As you won't want to store an expiring Access Token in your App, you'll have to create a backend web service to proxy the requests between the Graph API and your app.
See
https://developers.facebook.com/docs/facebook-login/access-tokens/#pagetokens
https://developers.facebook.com/docs/facebook-login/access-tokens/#extendingpagetokens
https://developers.facebook.com/docs/facebook-login/access-tokens/#refreshtokens
You should also be able to use an App Access Token, which is valid indefinitely.
Use client token.
You could also generate and sign your own personal token but you don't want to distribute that.
Related
As the title says, I'm trying to use the Google Sign-In API with a Spring Boot backend server, as described here.
Just to describe the context, the Spring backend is basically a resource+authentication server, that is currently providing Oauth2 authentication to a second spring boot application containing the frontend website, via Google SSO or simple form login (similar to what's described here).
My original idea was to mimic the #EnableOauth2Sso annotation by simply providing an access token to the android app and attach it to every request as "Bearer ".
Using the user credentials for this was pretty straightforward: I simply make a request to the server at "/oauth/token", using those credentials inserted by the user as authentication and I correctly receive the access token.
Now, I have absolutely no idea on how to build a similar procedure with the Google API in Android. The tutorial page I linked before describes how to get a token ID and how the server should validate it, but after that I don't know what to do.
So far I've managed to add a filter to the security chain that simply checks the token like this:
private Authentication attemptOpenIDAuthentication(#NonNull String tokenString){
String clientId = authServices.getClientId();
GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport, factory)
.setAudience(Arrays.asList(clientId, androidClient))
.build();
try {
GoogleIdToken token = verifier.verify(tokenString);
if (token != null) {
return authServices.loadAuthentication(token.getPayload());
} else {
throw new InvalidTokenException("ID token is null");
}
} catch (GeneralSecurityException | IOException e) {
throw new BadCredentialsException("Could not validate ID token");
}
}
This manages indeed to create an Authentication object, but how can I generate an access token after the authentication filtering?
To recap, so far I've got:
The Android app successfully retrieves the Google token ID and sends it to the server
The server sucessfully intercepts the request and validates the token
I'm basically missing the third point where I return a proper access token to the Android client.
Here you are a simple scheme to better understand the situation:
Is there any other way to validate the token and get an access token from the server, or should I completely change the authentication procedure on Android?
As far as I can tell: Yes, you need an access token from the server. If I understand this correctly, a webapp is already authenticated via Oauth on your backend, so the procedure is similar here: Load the user with the google-ID and generate a token. In my application I used a JWT which is valid for 30 days. If the token expires, the Google authentication in the app is usually still valid, so the token can be renewed using the Google ID. With Oauth you can also send a refresh-token directly.
It is important that the app always checks the Google authentication first and only in a second step that of the backend.
For the Authentication process on the backend u may need to manually implement a dedicated securityConfiguration for this. Have a look at the jhipster project, they implemented a custom jwt-authentication which may give you an idea how it works.
I've seen that with Javascript API and via GET requests, it is possible to get public posts from FanPages.
What i'm trying to acomplish is an Android Native App that doesn't ask user to get logged and with the FB App access token gets and shows the posts from the FB Page.
I'm wondering if this is possible via Android FB API as I can accomplish this via urls like
https://graph.facebook.com/{page_id}/feed?fields=message,picture&limit=10&access_token={your_acces_token}
When i'm trying this with Android Graph API, without user loging,
AccessToken.getCurrentAccessToken()
returns null
Thank you
I was struggling with the same for a while and after hours of research I came up with this (source):
#Override
protected void onCreate(Bundle savedInstanceState) {
FacebookSdk.sdkInitialize(getApplicationContext());
AppEventsLogger.activateApp(getApplication());
AccessToken at = new AccessToken(getString(R.string.facebook_access_token), getString(R.string.facebook_app_id), getString(R.string.facebook_page_id), null, null, null, null, null);
Bundle parameters = new Bundle();
parameters.putString("fields", "message,created_time,link,full_picture");
new GraphRequest(at, "/" + at.getUserId() + "/feed", parameters, HttpMethod.GET, new GraphRequest.Callback() {
public void onCompleted(GraphResponse response) {
Log.i(this.getClass().getName(), "onCompleted " + response.getRawResponse());
}
}).executeAsync();
}
I assume you already have a page access token. I created mine with the graph explorer from facebook. Here is a tutorial on how to create a never expiring one:
How to get a never expiring Facebook Page Access Token (look for the 2016 Method)
As far as I know, the extended token does not expire as long as it is used. But I am not sure about that. I think I red this somewhere in the facebook api docs but cannot find it anymore.
There are a lot other parameters you can set. See here Page and look for 'Fields'
Hope this clumsy solution is helpfull to someone.
There are two ways to do this and they are both documented here.
The simpler method is to simply concatenate your AppID and AppSecret (found in your Facebook developer dashboard) with a "|" character like so: 'App ID' + '|' + 'App Secret'
BE WARNED!
This will expose your App's Private Credentials in Client Side Code if someone decides to look carefully. Therefore it is much safer to setup a private backend server to act as a proxy for your mobile application's user-less access to the graph API.
You could set up an API in any language of your choice with a single public route that simply copies the request it receives, appends the credentials, sends the request to Facebook, and pipes Facebook's response back to the original requestor.
For Example:
Without Access Token:
Mobile App ---> http://www.YourServerDomain/{page_id}/feed?fields=message,picture&limit=10
With Access Token:
Your Server ---> http://graph.facebook.com/{page_id}/feed?fields=message,picture&limit=10&access_token=AppID|AppSecret
Response Pipeline
Facebook ---> API RESULT ---> Your Server ---> API RESULT ---> Mobile App
A facebook user can control multiple pages. For example, a user can have their personal facebook account, their public figure page and their business page. This shows up as three distinct accounts with their own User information in facebook's server.
I want to list these things, how can I retrieve what these accounts are using the Facebook SDK?
I feel like it has to do with the Request.newMeRequest method, but this returns a GraphUser object.
and the Request.newMyFriendsRequest returns a list of users, but not a list of the personal account's connected accounts.
edit I am now using this
new com.facebook.Request(
session,
"/me/accounts",
null,
HttpMethod.GET,
new com.facebook.Request.Callback() {
#Override
public void onCompleted(com.facebook.Response response) {
if(response!=null && response.getGraphObjectList()!=null){
}
}
}
).executeAsync();
but response is null. My session has the manage_pages permission requested as well
edit I tried replacing "/me/accounts" with "/"+userId+"/accounts" and I still get back a null response. Baffling.
Insight appreciated
You can test this procedure at Graph Api Explorer -> Just click on 'Get Access Token' button-> under 'Extended permission' check 'manage_pages' & submit it. It will give you the admin-page-details JSON.
And please see Graph API Reference /{user-id}/accounts
I'm trying to use the facebook Graph API in my android application to retrieve the last posts from a Facebook Page. I have everything set up, so I can login with any account and even make a "/me" request to get the user's basic info. But when I try to make this request:
new Request(Session.getActiveSession(),
"PokerNewsBrazil?fields=posts&fref=ts/posts",
null,
HttpMethod.GET,
new Request.Callback() {
public void onCompleted(Response response) {
/* handle the result */
}
}
).executeAsync();
I receive the following error: "An access token is required to request this resource".
But my access token exists and it is valid, because if I use the access token from the same session in the Graph API Explorer I receive a succesfull response containing the posts from that page.
Where am I getting it wrong?
Change HttpMethod.GET to HttpMethod.POST.
This error arises because the SDK posts the access token behind the scenes, while the API is looking for it in a GET parameter.
For some reason using HttpMethod.GET and appending the access token to the url string causes various malformed access token errors.
I also encountered various errors when batching requests. If you encounter such errors, try executing a request standalone and debug from there.
The Facebook SDK is iterating relatively quickly yet the documentation is lacking and not up to date. Stick with it.
I want to get the events list from a public Facebook page, and to do it I need an access token. This is not a problem when doing it server-side, because I can use both my secret and client app id in order to get an access token, but this is not possible on client-side (for example, on an iOS application), since it would make clear my app secret ID. What can I do? With the Facebook SDK for iOS, I think I can only get an access token making the user log-in, but, in my case, this is not necessary, since I only need to get a public list of events.
With PHP:
require '../facebook-php-sdk/facebook.php'; //MY FACEBOOK SDK
$facebook = new Facebook(array(
'appId' => '<#MYAPPID#>',
'secret' => '<#MYAPPSECRET#>', //<-- I CAN'T USE THIS ON CLIENT-SIDE!
));
Thanks