I'm just getting into the Graph API and am having having a hard time trying to figure out if/how I can go about showing MY profile albums on My website with out having to have the user log into facebook. I'm getting thrown off with the access token...I realize I can retreive an access token to retreive my photos if I have someone log on to the site, but I want it to be transparent, using my credentials through code (securely) some how if necessary.
How can I accomplish this? I'm looking for a general conceptual explaination, but pseudo code never hurts. Can any one clear it up for me a little?
Using:
Facebook Javascript Sdk
Mirosoft MVC
Facebook C# Sdk
There's no way, that I'm aware of, to do that.
Facebook apps treat all users the same, you can't have special privileges for your user.
If your user is public then you should be able to get all of the public using an application access token which does not expire.
If that's not the case then you have two options as I see it.
Use the server side authentication with your user, or extend a valid token (a method to replace the deprecation of the "offline_access" permission), that will get you a long lived token, about 60 days, and in that time frame you can then get your data from facebook.
Then when that expires re-authenticate in the same way and get another 60 working days, etc.
Another approach is to authenticate as yourself and then have your app save the data, then present it from your own db.
Be sure to update the data every once in a while.
Related
I wish my winforms application to be able to upload to the current logged in user's onedrive account (win 8+). I found this
http://www.codeguru.com/columns/dotnet/authenticating-a-onedrive-account.html
but it seems that they are actually creating a web browser to log in, to grab a token, which then expires after an hour anyway. I don't mind having the user log in once, or very infrequently, but every hour is not acceptable. Ideally, I just want to be able to pull the current logged in user (linked window/MS account), and use their current credentials to access Live stuff (i.e. oneDrive).
Any ideas?
Thanks
Thomas
There are actually a few different SDK's available that will allow you to authenticate the user using OAuth 2.0. You may want to look at the OneDrive API Explorer (http://onedrive.github.io/sample-code.htm). You can also make a call using REST which is described at http://onedrive.github.io/auth/msa_oauth.htm which also describes how to refresh the access token. I hope that helps.
Toan
I need an advise. I'm building a Web API for my app and I need to auth users who use it. The user will have access to his data, but may have access to others users data as well. In my database I manage the users and what other users they have access to (you might think of it like in Facebook where a user has access to his profile and his friends profiles, but not to other people profiles).
In my app, the user enters a username and password, and those are saved encrypted on the devise. They are later sent (via SSL) to the API on each call - what I've done is implement a Basic Authentication. If there is a better "best practice" to work please feel free to suggest - I'm new to this.
So far it works - but the problem is that working like this
the user once authenticated also has access to other profiles - what I would like to do is have him only get the profile (http://myaddress.com/Users/{id}) that belongs to him and the items that he owns (http://myaddress.com/Users/{id}/items) - and not for profiles and items by other users.
If the user is trying to access a profile or items of another user that he is connected to - allow that access.
What I thought about is passing the requested URI to my login method, and then check what user / resource the user is trying to access and than check the database - but that seems like a lot of work and a lot of IF statements.
So before I start writing, I thought I'd ask to see if there's a better way to do this. I have the HttpActionContext, I just don't know how to use it to my advantage.
Hope I was clear about my question. If not, feel free to ask for clarifications.
So you identify the user from his/her credentials that are sent on every API request. Could be switched some token based flow, that user authenticates just once and gets token(acts like user credentials) which is then sent to back-end API on every resource request. Then you can control the token, revoke access etc. What you could is make some kind of permission service, that all resources/objects have permissions attached to it and then just assign needed persmission to users read/write to this object maybe. Might be a massive task to implement. My opinions.
I've been googling for a couple of days, and I could not find any clue how to achieve that:
I have a desktop application(C#) in which I'd like to be able to login to my facebook profile, and pull some data from it(e.g. profile information, wall posts, likes on my posts, etc.)
Note that I DO NOT want to develop a facebook application, I simply would like to access my own user data.
As far as I see, the Graph API was designed to develop FB apps, and Graph API calls always need an access token, but I do not have token, since I do not use any Facebook application.
By now, the only way I see for that is to add a web browser component to my application, and login to the facebook through it, but it's quite inconvenient to process the pure HTML, and, since the HTML itself can change at any time, the maintenance of the application would be a horror.
So I'd like to find some way to pull data from facebook in JSON format, like the Graph API, but without having a Facebook application.
Thanks in advance for the answers.
It's not possible to access the data without a facebook application.
As you wrote, you need an access token for most graph requests, and in order to have an access token you need an application.
More than that, from what you wrote you'll need extra permissions which are not granted by default (for the user photos, wall posts, likes and so on).
Facebook can't just give you the info you see, the user has to grant a specific application the right to access their data, and because of that you must have a facebook app.
I don't see what the problem is though, just create a facebook app, it's not that complicated.
I normally use a dirty method to get my Facebook Graph API token key in applications that fetches facebook data. I download the Graph API example page at graph dot facebook dot com then I locate the token key in the page. (The account is already connected)
Now, I need to program (for someone else) a commercial application that uses Graph API and I'm afraid such an hacky way could become non-functional if Facebook website changes.
Is there a static URL more common than the example page where the Graph API token_key resides, or do you think my method will be safe for a long time?
[Edit]
Just to comment my question, and the answer to my question:
I was trying to build a desktop application fetching data on Facebook using only Graph Explorer and the Graph API example page instead of doing the web request in the answer. I didn't want to have a desktop application that depends on a Facebook App so that's why I was always asking the user to connect via two text boxes (which is against Facebook t&c) then I was downloading the Graph API examples page to get the proper token.
But Graph Explorer and its examples are using a 'Facebook App' too. So it's not clear if the access_token are going to be valid for a long time or not: It's not a good practice.
The answer is: Redirecting a user to an authentification page then fetching an access token is safer, easy to handle and a lot more stable than connecting a user via text boxes and several WebBrowsers navigation.
You can get an application access token to query public data on Facebook from this URL:
https://graph.facebook.com/oauth/access_token?type=client_cred&client_id={yourappid}&client_secret={yourappscret}
You need to create an application on Facebook and pass it's ID and secret key.
More information on: http://developers.facebook.com/docs/authentication/applications/
Is there any good tutorial how to make simple console facebook appplication which connect to facebook and get list of friends, user photos, status or something. I look at facebook examples of facebook SDK but if i want to authorize on facebook i must execute FacebookService.ConnectToFacebook method which show login window. But i want show my own login window. Or just store login and password in sql server and time to time get some information about users. Is it real?
Check out the tutorial and examples here.
It should have all the functions that you need and is fairly easy to implement. Trust me, you'll spend hours going elsewhere to figure it out.
As for custom login windows I recommend that you don't do that. People trust Facebook and don't want to give you their personal info, that's actually a part of your agreement with Facebook.
What you can do however is ask for offline access permission and store the token for future use. This way if you know who the user is on your end then you can make calls to the API without having to log them into Facebook again.
Facebook requires that users login with them and Facebook will send you back a token which you can use. This is prevent applications "stealing" usernames & passwords, which you could do with your login dialog and also allows users to stop applications in future from accessing their account even if they have logged in previously.
No way round that unfortunately, unless you going to build something that doesn't use the API - for example, a tool which loads a browser in a background, and automates the login as if the user did it. That would lead to pain and suffering though.