I normally use a dirty method to get my Facebook Graph API token key in applications that fetches facebook data. I download the Graph API example page at graph dot facebook dot com then I locate the token key in the page. (The account is already connected)
Now, I need to program (for someone else) a commercial application that uses Graph API and I'm afraid such an hacky way could become non-functional if Facebook website changes.
Is there a static URL more common than the example page where the Graph API token_key resides, or do you think my method will be safe for a long time?
[Edit]
Just to comment my question, and the answer to my question:
I was trying to build a desktop application fetching data on Facebook using only Graph Explorer and the Graph API example page instead of doing the web request in the answer. I didn't want to have a desktop application that depends on a Facebook App so that's why I was always asking the user to connect via two text boxes (which is against Facebook t&c) then I was downloading the Graph API examples page to get the proper token.
But Graph Explorer and its examples are using a 'Facebook App' too. So it's not clear if the access_token are going to be valid for a long time or not: It's not a good practice.
The answer is: Redirecting a user to an authentification page then fetching an access token is safer, easy to handle and a lot more stable than connecting a user via text boxes and several WebBrowsers navigation.
You can get an application access token to query public data on Facebook from this URL:
https://graph.facebook.com/oauth/access_token?type=client_cred&client_id={yourappid}&client_secret={yourappscret}
You need to create an application on Facebook and pass it's ID and secret key.
More information on: http://developers.facebook.com/docs/authentication/applications/
Related
I am just starting out with a windows azure mobile services .net backend, and am running into so many headaches as a new programmer. I have gone into my azure mobile services account and downloaded the todoitems demo app (c# for .net backend). I then followed the tutorials regarding adding facebook authentication, but I am absolutely not pleased by this method, as it shuts down the app for a few seconds. As such, I set out determined to create a custom authentication login page which ties to my mobile backend.
I found this article and thought, "Great!" only to realize that I had no clue how to catch a user created account from a textbox and to pass it along to the public class RegistrationRequest. The example at the end of the link shows how to connect to a local machine - but I want it to connect to my actual database at the following location: https://mycustomapp.azure-mobile.net, return a token, and continueon.
What is frustrating is that I am able to obtain a facebook authentication token, as well as user information. BUT, I have no idea how to generate a windows azure mobile auth token so that the client may write/retrieve data from my azure table.
Essentially my question is this - using the above link, how in the world may I take a user's username and password from a textbox, run it through the RegistrationRequest, and not have to pop advil on this? Do I need to pass my facebook token? I assume not?
I am also not using a facebook SDK or anything like that - simply put, I am using the above site's code trying to get an auth token from my azure mobile services, despite having one from facebook already, to authenticate a user against my azure mobile services data table.
If you already have a FB token, the easiest way to login to your mobile service is by using the FB token, then you don't need to make a custom UI/etc.
This can be done by calling
var token = new JObject();
token.Add("access_token", "access_token_value");
await client.LoginAsync(MobileServiceAuthenticationProvider.Facebook, token);
see: http://azure.microsoft.com/en-us/documentation/articles/mobile-services-windows-dotnet-how-to-use-client-library/#authentication, Client Flow for more
if you want to login to your service with a Facebook account, you do not need to implement a custom authentication and to capture user name and password in your own textbox controls.
You should be able to use MobileServiceClient.LoginAsync() and pass as parameters the provider that you want to use. Check this article fro more information.
I'm just getting into the Graph API and am having having a hard time trying to figure out if/how I can go about showing MY profile albums on My website with out having to have the user log into facebook. I'm getting thrown off with the access token...I realize I can retreive an access token to retreive my photos if I have someone log on to the site, but I want it to be transparent, using my credentials through code (securely) some how if necessary.
How can I accomplish this? I'm looking for a general conceptual explaination, but pseudo code never hurts. Can any one clear it up for me a little?
Using:
Facebook Javascript Sdk
Mirosoft MVC
Facebook C# Sdk
There's no way, that I'm aware of, to do that.
Facebook apps treat all users the same, you can't have special privileges for your user.
If your user is public then you should be able to get all of the public using an application access token which does not expire.
If that's not the case then you have two options as I see it.
Use the server side authentication with your user, or extend a valid token (a method to replace the deprecation of the "offline_access" permission), that will get you a long lived token, about 60 days, and in that time frame you can then get your data from facebook.
Then when that expires re-authenticate in the same way and get another 60 working days, etc.
Another approach is to authenticate as yourself and then have your app save the data, then present it from your own db.
Be sure to update the data every once in a while.
I am trying to integrate a Facebook news feed into a website using Facebook C# SDK https://github.com/facebook-csharp-sdk
var client = new FacebookClient("token");
dynamic me = client.Get("username/feed");
I have not been able to find any examples of generating an access token at runtime. All examples seem to be targeted at client apps where a used would be required to authorise the application.
Based on what I've seen so far, there used to be a way to generate a permanent access token (using offline_access permission), but as of 2nd May 2012 that approach is deprecated.
At the moment, I am not sure this is even a supported scenario.
Is it possible to get Facebook news feed entirely using server-side code with no user involvement?
EDIT: Looks like there might be a way: https://developers.facebook.com/roadmap/offline-access-removal/#extend_token
Will try later and report back.
no, you can't do anything with username/password. the user has to enter these into facebook's login ui and click the button to agree to letting your code do whatever it's asking to do.
I've been googling for a couple of days, and I could not find any clue how to achieve that:
I have a desktop application(C#) in which I'd like to be able to login to my facebook profile, and pull some data from it(e.g. profile information, wall posts, likes on my posts, etc.)
Note that I DO NOT want to develop a facebook application, I simply would like to access my own user data.
As far as I see, the Graph API was designed to develop FB apps, and Graph API calls always need an access token, but I do not have token, since I do not use any Facebook application.
By now, the only way I see for that is to add a web browser component to my application, and login to the facebook through it, but it's quite inconvenient to process the pure HTML, and, since the HTML itself can change at any time, the maintenance of the application would be a horror.
So I'd like to find some way to pull data from facebook in JSON format, like the Graph API, but without having a Facebook application.
Thanks in advance for the answers.
It's not possible to access the data without a facebook application.
As you wrote, you need an access token for most graph requests, and in order to have an access token you need an application.
More than that, from what you wrote you'll need extra permissions which are not granted by default (for the user photos, wall posts, likes and so on).
Facebook can't just give you the info you see, the user has to grant a specific application the right to access their data, and because of that you must have a facebook app.
I don't see what the problem is though, just create a facebook app, it's not that complicated.
I'm currently toying around with the Clarity .NET Facebook API but am finding certain situations with authentication to be kind of limiting. I keep going through the tutorials but always end up hitting a brick wall with what I want to do. Perhaps I just cannot do it?
I want to make a Web Service that takes in the require credentials (APIKey, SecretKey, UsersId (or Session Key?) and whatever else I would need), and then do various tasks: Post to users wall, add events etc.
The problem I am having is this: The current documentation, examples and support provide a way to do this within the context of a Web site. Within this context, the required "connect" popup can be initiated and allow the user to authenticate and and connect the application. From that point on the Web can go on with its business to do what it needs to do.
If I close the browser and come back to the page, I have to push the connect button again. Except this time, since I was already logged into facebook, I don't have to go through the whole connection process.
But still ... How do applications like Tweetdeck get around this? They seemingly have you connect once, when you install their application, and you don't have to do it again. I would assume that this same idea would have to applied towards making a web service because: You don't know what context the user is in when making the Web service call. The web service methods being called could be coming from a Windows Form app, or code behind in a workflow.
I would advise you to try Steve's blog and starter kit
you can also find a reference to his post in this so question
Good luck
Edited/Added below
You cannot store the facebook login credentials for users and pass them to FB.
(terms & conditions)
but you can use: offline_access, to access some usage without flagging the user as logged in.
Cool tip from this forum:
Use the following URL with your API Key
http://www.facebook.com/login.php?api_key=YOURAPIKEY&connect_display=popup&v=1.0&next=http://www.facebook.com/connect/login_success.html&cancel_url=http://www.facebook.com/connect/login_failure.html&fbconnect=true&return_session=true&req_perms=offline_access
Register for the Facebook Developer
App on your facebook profile.
Create a new app Web App(By default)
through your "Facebook Developer
App". Change the Application Type to
"Desktop App". Note down the API Key
& Secret Key for you app.
Authorize the app & authenticate the user and
then get the permanent session_key.
Authentication
For a fully logged in session, you are asked to use (again terms and conditions) login.php and you can login via JavaScript
HTH
Ric