I start to working with the Facebook graph API and I have question:
I make Facebook Authentication, so after user approve my application I got accessToken and the facebookUserID. note: The accessToken is expire after One hour(!!!).
Then, in another webpage "index.html", I want to show all the users who approved the application with their full name and profile picture taken from Facebook.
Now I don't understand.. if someone will enter the "index.html" page to see list of users who accepted the application - 5(!!) month after their authentication, when i will make the HTTP call to get thier fullname and profile picture, the accessToken is now expire(a lot time before) so the HTTP call will not succeed.
The last option is to save the full name just in the One hour between user accept the application and before the accesstoken expiration. but if the user will change his name sometime... I don't have the updated Name!
if its important - I'm usind the javascriptSDK with asp.net project.
Please help me to understand how to solve this situation.
It would appear that it is not possible to generate a long-lived token with the JS SDK directly, you will have to involve the server side, see this page for details.
Related
Hope I will get some help and not get marked as duplicate because spent a couple of days and still didn't find a solution for this one.
My problem is that I am working on an application that should get data from Facebook marketing API and I didn't manage to do it and am working in C#, FE is in React but would like to do this all on BE.
I created an app on Facebook, have appId, app secret, my client Id, accountId, set business manager and realize that one way to go is to go through app review but this is not an option because there are too many clients and it is not the best scenario.
Is there any other way that I implement fully user authentication, to first get authorization code and then user access token so I could get the data I need.
If I get the code over the browser I can generate a token but I would like to do it automatically over my code.
If I call https://www.facebook.com/v9.0/dialog/oauth?client_id=%7Bapp_id%7D&redirect_uri=%7Bredirect_uri%7D over httpClient it gives back some HTML text and I would need the URL it redirects you to in the browser (like on facebook - how to get a new authorization code for an access token)
And didn't find a way access token without that authorization_code
Question:
I'm using a DropBox csharp API from here:
https://github.com/dkarzon/DropNet
From the Unit tests, and the only working sample from here
https://github.com/dkarzon/DropNet/blob/master/DropNet.Samples/DropNet.Samples.Web/Default.aspx.cs
I figured that it works like this:
DropNet.DropNetClient client = new DropNet.DropNetClient(strApiKey, strAppSecret);
DropNet.Models.UserLogin login = client.GetToken();
client.UserLogin = login;
var accountInfo = client.AccountInfo();
str = accountInfo.quota_info.quota.ToString();
The probem is, it throws an exception on accountinfo. (System.Net.HttpStatusCode.Unauthorized)
Everything before works fine, I get the login (usertoken & usersecret) .
I think my problem is this part of the sample application:
var url = _client.BuildAuthorizeUrl(Request.Url.ToString() + "?dropboxcallback=1");
Response.Redirect(url);
Where it redirects to dropbox for a login...
I don't have a web application, so I have no URL...
What I have is a console application, that should make a backup of my database every evening automatically as a service, for which it certainly is very bad requiring a webbrowser and a user which has to type in email/username + password.
How can I do a login by directly supplying the hardcoded username and password ?
If I use the sample application, then it works, but that requires typing in the username and password on the web, and that sucks big time for a console application...
As far as I know from other API's (facebook, google, stack exchange etc.) you'll have to redirect your user to a webpage of Dropbox, where it will grant permissions to you to use it's account to perform things.
So in general it is not possible to achive this without a webbrower. Otherwise you'll have to perform really dirty hacks to hack arround the permission system of dropbox.
Please have a look at "OAuth 2.0 authorization flow" on google.
Here's a diagram I found at Yahoo which show's how it works:
For uisng the DropnetClient's 4 argument constructor also we need to build web based url and allow the user to authenticate his account this is compusory thing, accesstoken will generate after the user hit allow button in authentication process
As GameScripting explained the Dropbox API uses oauth which requires user login through the dropbox website to authenticate the access tokens.
Checkout the documentation here: http://dkdevelopment.net/what-im-doing/dropnet/ for the 3 step process.
What sort of application are you building? Normal process is to load a browser control inside the application and navigate to the login URL with it.
Also have a look at the sample Windows Phone app to give you an idea of how this process works: https://github.com/dkarzon/DropNet/blob/master/DropNet.Samples/DropNet.Samples.WP7/MainPage.xaml.cs
Instead of hardcoding the username and password, you can hardcode the OAuth access token.
First, create a simple program (using the same app key) that follows the standard browser-based authorization flow. Then use it to authorize the app with the desired user. This will give you an OAuth access token (a "token" and "token secret") associated with that user and your app key.
Then, in your service-style application, just hardcode the OAuth access token (using DropNetClient's 4-argument constructor).
It is possible, using SharpBox - tested, works.
One needs to acquire the AccessToken as a one-time-action manually, then after that, one can omit the login page and use the saved AccessToken.
http://www.jayway.com/2012/02/06/unboxing-dropbox-and-sharpbox-2/
The magic line is:
Globals.DropBox.Token = AppLimit.CloudComputing.SharpBox.StorageProvider.DropBox.DropBoxStorageProviderTools
.ExchangeDropBoxRequestTokenIntoAccessToken(
Globals.DropBox.config
, Globals.DropBox.AppKey, Globals.DropBox.AppSec
, Globals.DropBox.requestToken
);
I have a Facebook canvas application written on asp.net mvc. I can't see what's going on in facebook.
I have client-side code that loads FB user picture:
FB.api('/' + userId, { fields: "id,link,name,picture" }, function (user) {
$('img[data-fb-user-img]', subjectVoterElement).attr('src', user.picture.data.url);
});
One day it responds picture url in user.picture, another day - in user.picture.data.url so i have errors time to time. Why FB gives different respond structure?
2.
To authorize FB user in my app i use facebook cookie being sent to my app server. Then i extract value from it, then parse the value with ParseSignedRequest method and exchange obtained code into token.
HttpCookie fbCookie = filterContext.RequestContext.HttpContext.Request.Cookies[
String.Format("fbsr_{0}", System.Configuration.ConfigurationManager.AppSettings["FB_Id"])];
string code =
((dynamic) FacebookService.FacebookService.Client.ParseSignedRequest(fbCookie.Value)).code;
using (var webClient = new WebClient())
{
var result = webClient.DownloadString(
String.Format(
"https://graph.facebook.com/oauth/access_token?client_id={0}&redirect_uri=&client_secret={1}&code={2}",
FacebookService.FacebookService.Client.AppId,
FacebookService.FacebookService.Client.AppSecret,
code
)
);
Sometimes i get authorization error saying the code is expired or specified user has logged off from facebook. In fact, i logged off a hour ago and since that moment this have already been worked successfull. Also, the facebook cookie expiration time is set long enough and hasnt come yet.
Does anyone have the same problem? Thanks
I am not sure if this is the issue with #1 or not but I have had issues so I will just throw it out there. There are actually at least two different types of facebook users (could be more):
Regular facebook users that have accounts like you and me
Accounts that are just setup for a facebook page
How to create a facebook account that is just for a page?
Step 1: Logout of your facebook account
Step 2: Go here: http://www.facebook.com/pages/create.php
Step 3: Setup a page for a fake business or whatever type of page you
want to test with
Step 4: Select I do not have a facebook account and create an account
with a new email address
Now try your application with your regular user and with this facebook page only user. Like I said, I am not sure if this is your problem or not but I have had a bunch of other problem with facebook page only accounts so it is could be worth a try.
I have no idea how to start to retrieve my Facebook friends using the Facebook API. I have read the Graph API docs.
Secondly, I'm doing TDD so I want to start with my test cases.
At first, these will be integration tests because I have to integrate the real life Facebook api. After that works, I'll mock out these tests to make them unit tests.
So this is why I'm stuck. Please assume that I have a Facebook account (eg. email + password) so I can authenticate and then use the access token to get my friends.
UPDATE:
I also do have an FB App already setup (eg. app id / app secret).
The first thing that you need to do to get the list of friends, or any other api request on the behalf of the user, is to authenticate the user and get a user access token.
There are two authentication flows:
Client-Side: will result with a short lived access token (expires within a few hours) which you can then extend (on the server side) for a long lived using the new endpoint.
Server-Side: results with a long lived access token for about 60 days.
It will probably be hard to do that with TDD (at least at first), and so you might want to use one of the following facebook tools which will generate the access token for you:
Access Token Tool: gives you a list of `access tokens for all your apps bound to your own user'. Per application you get both a user token and an app token.
Graph API Explorer: Select your application at the top right corner and then click the "Get Access Token" button, then select the permissions you need and approve it, when the dialog closes you'll see the access token in the field.
With the access token that you get you can start querying the api.
To get the list of friends simply issue a request to me/fiends as explained in the Friends connection of the User object documentation.
I'm not a C# developer, but I'm aware of this C# SDK for Facebook, it should (like all other facebook SDKs) have implemented most of the work for you for sending the api requests and parsing the returned data.
From a quick look at their getting started documentation it should look something like:
var accessToken = "THE ACCESS TOKEN YOU HAVE";
var client = new FacebookClient(accessToken);
dynamic me = client.Get("me/friends");
...
Folks, would really appreciate your help on this as maybe I'm just missing something really obvious. Basically, i'm trying to develop a Facebook canvas iframe app in C# ASP.NET that a business can install on a fan page and users can access via a tab.
Main Requirements:
1. Business clicks install which takes them to apps.facebook.com/myapp
2. I needs to check if I have record in database for that Facebook Profile
3. N: Display page where business enters a unique code. Save Profile Id and Code
4. Y: Display data from database related to that business.
The Issue:
I've created app in Facebook and created an ASP.NET website with a single page. The app is running on my dev machine under IIS. When I visit the app on Facebook, it hits my page. I retrieve and validate the signed_request with my API key. However, the decoded payload contains only the SHA256 parameter and no user, oauth, or profile data.
Is there something else I need to do or is my approach completely incorrect?
Appreciate any guidance on this.
Are you requiring user auth, doing the full handshake?
Have you enabled the "OAuth 2.0 for Canvas (beta)" migration in your Facebook app? It's the last tab of your app config.
If the user visiting your iframe inside the canvas page has not authorized your app, the payload inside the signed_request will be something like this:
{
"algorithm":"HMAC-SHA256",
"issued_at":1286824906
}
On the other hand, if your user has authorized your app, the payload inside the signed_request will be something like this:
{
"algorithm":"HMAC-SHA256",
"expires":1286827200,
"issued_at":1286821560,
"oauth_token":"Some Token",
"user_id":"Some ID"
}
Because you're missing the user_id inside the payload, it sounds like the user has not yet authorized your app.