I have a Facebook canvas application written on asp.net mvc. I can't see what's going on in facebook.
I have client-side code that loads FB user picture:
FB.api('/' + userId, { fields: "id,link,name,picture" }, function (user) {
$('img[data-fb-user-img]', subjectVoterElement).attr('src', user.picture.data.url);
});
One day it responds picture url in user.picture, another day - in user.picture.data.url so i have errors time to time. Why FB gives different respond structure?
2.
To authorize FB user in my app i use facebook cookie being sent to my app server. Then i extract value from it, then parse the value with ParseSignedRequest method and exchange obtained code into token.
HttpCookie fbCookie = filterContext.RequestContext.HttpContext.Request.Cookies[
String.Format("fbsr_{0}", System.Configuration.ConfigurationManager.AppSettings["FB_Id"])];
string code =
((dynamic) FacebookService.FacebookService.Client.ParseSignedRequest(fbCookie.Value)).code;
using (var webClient = new WebClient())
{
var result = webClient.DownloadString(
String.Format(
"https://graph.facebook.com/oauth/access_token?client_id={0}&redirect_uri=&client_secret={1}&code={2}",
FacebookService.FacebookService.Client.AppId,
FacebookService.FacebookService.Client.AppSecret,
code
)
);
Sometimes i get authorization error saying the code is expired or specified user has logged off from facebook. In fact, i logged off a hour ago and since that moment this have already been worked successfull. Also, the facebook cookie expiration time is set long enough and hasnt come yet.
Does anyone have the same problem? Thanks
I am not sure if this is the issue with #1 or not but I have had issues so I will just throw it out there. There are actually at least two different types of facebook users (could be more):
Regular facebook users that have accounts like you and me
Accounts that are just setup for a facebook page
How to create a facebook account that is just for a page?
Step 1: Logout of your facebook account
Step 2: Go here: http://www.facebook.com/pages/create.php
Step 3: Setup a page for a fake business or whatever type of page you
want to test with
Step 4: Select I do not have a facebook account and create an account
with a new email address
Now try your application with your regular user and with this facebook page only user. Like I said, I am not sure if this is your problem or not but I have had a bunch of other problem with facebook page only accounts so it is could be worth a try.
Related
The Thing i want to do is , We have a user who is logged in a device .We have to restrict that user to login from other device.
To Login into Other device he should have to log out from the first device.
I have tried to create authentication token via web API.
Every time a user login ,a new oath token is generally passed in the request headers. (Token would be expire on logout.)
If Same User try to login from other device a new Oath token would be generated
is there anyway to check if a token is already assigned to that user then do not allow him to login
What if,
1.user close the working tab or browser
2.or He navigate to other web page by changing the URL
Are there other solutions to ensure one concurrent login per user ?
This should be simple enough to make sure a user have only one login at a time.
Steps to do would be (ASP.NET/ASP.NET MVC):
Step 1: As soon as user login, check if session for this user already exists.
Step 2: If Session already exists, delete the on going session (Here you can also prompt a message to user if he wants to stop currently going session and start a new one.)
Step 3: On User's action you may delete current session and start a new session for the user.
Step 4: If there is no current session going on, you can simply create a new one .
Update:
For ASP.NET WEB API
Here you have to use Authentication token.
On login you can provide authentication token to user.
On Relogin you can check if token is already issued for this user, and accordingly perform your action.
Hope this helps. Let me know if you have queries.
I assume you know how to code above, if not let me know.
I start to working with the Facebook graph API and I have question:
I make Facebook Authentication, so after user approve my application I got accessToken and the facebookUserID. note: The accessToken is expire after One hour(!!!).
Then, in another webpage "index.html", I want to show all the users who approved the application with their full name and profile picture taken from Facebook.
Now I don't understand.. if someone will enter the "index.html" page to see list of users who accepted the application - 5(!!) month after their authentication, when i will make the HTTP call to get thier fullname and profile picture, the accessToken is now expire(a lot time before) so the HTTP call will not succeed.
The last option is to save the full name just in the One hour between user accept the application and before the accesstoken expiration. but if the user will change his name sometime... I don't have the updated Name!
if its important - I'm usind the javascriptSDK with asp.net project.
Please help me to understand how to solve this situation.
It would appear that it is not possible to generate a long-lived token with the JS SDK directly, you will have to involve the server side, see this page for details.
I need to post a message from my personal website to the website´s facebook wall page. I dont want the user to authenticate against facebook, instead a default website account should be used(probably the facebook app).
This is what I have :
Created facebook App at https://developers.facebook.com
Add Facebook.dll to my ASP.NET webform site(the personal site)
Included the following code :
FacebookClient client = new FacebookClient();
result = client.Get("oauth/access_token", new
{
client_id = ConfigurationManager.AppSettings["FacebookAppId"],
client_secret = ConfigurationManager.AppSettings["FacebookAppSecret"],
grant_type = "client_credentials"
});
client.AccessToken = result.access_token;
result = client.Post("1418771281723422/feed", new { message = "Test Message from app" });
result = client.Get("1418771281723422");
This returns the following exception on client.Post
A first chance exception of type 'Facebook.FacebookOAuthException'
occurred in Facebook.dll
Additional information: (OAuthException - #200) (#200) The user hasn't
authorized the application to perform this action
What am I doing wrong and why is it so hard to do this simple task?
Of course you need to authorize a User to post on Facebook - else it would be incredibly easy to create a spam App.
What you need is a Page Access Token, take a look at the Facebook docs about the different Tokens and how to get them: https://developers.facebook.com/docs/facebook-login/access-tokens
More information about Access Tokens: http://www.devils-heaven.com/facebook-access-tokens/
The code is in PHP, but the text is valid for every language anyway.
This is how to generate an Extended Page Token with PHP: http://www.devils-heaven.com/extended-page-access-tokens-curl/
An Extended Page Token may be exactly what you need, it is valid forever and you can post "as Page" with it.
Doing this with ASP.NET should be pretty similar, but you don´t really need that Facebook SDK if you take a look at the tutorial for extending a Page Token with CURL. This question may help you: curl Request with ASP.NET
To create an Extended Page Token only for yourself, i suggest creating it without any coding:
Use the Graph API Explorer to create a User Access Token with your App.
Extend the User Access Token: https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=[app-id]&client_secret=[app-secret]&fb_exchange_token=[short-lived-token]
Put that resulting User Token in the "Access Token" field of the Graph API Explorer
Make a call to /me/accounts to get a list of all your Facebook Pages
Take the Access Token of your Page and use it in a server side call for posting
It´s explained in this article: http://www.devils-heaven.com/facebook-access-tokens/
I'm new to develop application to Facebook, we need a website page that shares on a Facebook page, only the admin of the page how can share on it, but i have undesired scenario that happened. what i made: 1- requesting code from Facebook at page load, then getting access token as this access token is expired after 2 h within those 2 h the user can log out from Facebook and try to share it will share, also if he logged in using another account that is not admin it will share on Facebook as the application still see a valid access token, i tried to fix it by getting a new access-token each time the share button is pressed but i get another undesired scenario which is at every click on share button it will refresh the page and get new code" as it doesn't used twice " and then get a new access token even if the user wants to make just multiple shares.
My question: their is a away to check if this access-token is valid to the current logged in user on Facebook?
Kinldy login your FB Account and go to develoeps.facebook.com . Click the tools->Graph Explorer and paste your access token in the Textbox.Click the debug button the validity of your code wiil be shown.Try to go with 60 days token.Then you can able to test your app continously with out changing accesstoken.Refer this link for further details.
https://developers.facebook.com/docs/facebook-login/access-tokens
I'm trying to add the ability to post to a users wall from a site I'm developing.
I've got some code in place using the Microsoft C# Facebook SDK. It checks if the current user is authenticated, if not, redirects to the OAuth page. If the user is authenticated, it tries to post to their wall:
CanvasAuthorizer auth = new CanvasAuthorizer();
bool authorized = auth.FacebookWebRequest.IsAuthorized(new string[] { "publish_stream" });
if (authorized)
{
FacebookClient client = new FacebookClient();
client.AccessToken = auth.FacebookWebRequest.AccessToken;
Dictionary<string, object> args = new Dictionary<string, object>();
args["message"] = "This is a test.";
args["name"] = "";
args["link"] = "http://subdomain.domain.lom/";
args["description"] = "Development site.";
client.Post("/me/feed", args);
}
else
{
long appId = {APP_ID};
string returnUrl = "http://subdomain.domain.com/share";
Response.Redirect("https://www.facebook.com/dialog/oauth?client_id=" + appId.ToString() + "&redirect_uri=" + returnUrl + "&scope=publish_stream");
}
The first time you load, it sees that you're not authenticated and redirects you to the Facebook auth page.
However, when it tries to return to my site, it goes into a redirect loop.
It looks like what is happening is that when it returns from Facebook, it does the authentication check, but it's saying the users isn't authenticated. This then redirects to the Facebook login again, which knows the user is authenticated, so returns to my site, causing the loop.
I'm developing on my local machine at the moment, http://subdomain.domain.lom/, which isn't accessible from the outside world.
My Facebook App settings are:
App Domain: domain.lom
Site URL: http://subdomain.domain.lom/
I was under the impression that it doesn't matter if you're working locally?
Sandbox mode
I would suggest creating second Facebook application (in terms of Facebook app id) for development and testing with sandbox mode turned.
With the testing app you can use the same code with different settings on limited number of users hidden from anyone else (really useful).
Here are some links:
Application Security from Facebook docs.
How do you limit a Facebook app to a small number of people during testing? from stackoverflow.com.
Possible bugs
Try encode returnUrl value.
It it won't work you have to debug it :(. My first guest is Facebook authorized you for another domain.
Something else to look at would be for IE to work without that infinite redirect looping, it needs to see a p3p policy from your web server.
Check in your web.config for the p3p header. If it's not there, then you can add one to make IE happy.
See http://www.hanselman.com/blog/TheImportanceOfP3PAndACompactPrivacyPolicy.aspx