Reputation: 18627
Where is the access token in the URL that Facebook returns?
I made a request to authenticate server side into Facebook for my Django application.
def authenticateViaFacebook(request):
'''
Redirects users to a page that allows for Facebook login.
'''
consumer = oauth2.Consumer(
key = settings.FACEBOOK_APP_ID,
secret = settings.FACEBOOK_APP_SECRET)
# Request token URL for Facebook.
request_token_url = "https://www.facebook.com/dialog/oauth/"
# Create client.
client = oauth2.Client(consumer)
# Other arguments to Facebook.
otherArguments = 'client_id=' + settings.FACEBOOK_APP_ID
otherArguments += '&scope=email'
otherArguments += '&redirect_uri=' + settings.SITE_URL
otherArguments += 'authenticationRedirect/facebook'
otherArguments += '&secret=' + settings.FACEBOOK_APP_SECRET
# The OAuth Client request works just like httplib2 for the most part.
res, content = client.request(request_token_url, "GET", otherArguments)
# Examine the response.
return HttpResponse(str(res))
I got this response from Facebook.
{'status': '200', 'content-length': '15753', 'x-xss-protection': '0',
'content-location': u'https://www.facebook.com/dialog/oauth/?oauth_body_hash=1YZMc0vtMcUa5nO81ZkuwoCSct4%3D&oauth_nonce=14826580&oauth_timestamp=1342669603&oauth_consumer_key=117889941688718&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=t2cIAmQYs4r5IqcsoODqorFIHbs%3D',
'x-content-type-options': 'nosniff', 'transfer-encoding': 'chunked',
'expires': 'Sat, 01 Jan 2000 00:00:00 GMT', 'connection': 'keep-alive',
'-content-encoding': 'gzip', 'pragma': 'no-cache',
'cache-control': 'private, no-cache, no-store, must-revalidate',
'date': 'Thu, 19 Jul 2012 03:46:44 GMT', 'x-frame-options': 'DENY',
'content-type': 'text/html; charset=utf-8',
'x-fb-debug': 'cXSDiq5jL9ZffjalabM6QKEgr50QOhPJsNlHW2MpSSQ='}
I am a bit confused because I do not see a variable called "access token" I even see weird terms like auth_signature_method and oauth_signature, but I have no idea what they mean.
How do I retrieve the access token from Facebook? Furthermore, how can I use this access token to retrieve basic information such as "name" from the user? The access token is just a string, right?
Upvotes: 0
Views: 776
Answers (3)
Reputation: 38046
Your code is wrong in several ways, mainly in forgetting that you need to have a user participate in the transaction.
See https://developers.facebook.com/docs/authentication/server-side/ for the the steps to follow, these are actually pretty simple and you can do them all by hand using curl.
Upvotes: 0
Reputation: 2492
Just like most auth processes, you pass in your app ID, and get back a "code." In a second "GET", you send that in for the access_token. You need to decrypt the result, which may be in HMAC. Use the SDK to manage these functions, as the other person recommended, and it will be easier.
"auth_signature_method" means the way in which the encrypted signature was signed. It's not the final access_token you can use to query the user's data on Facebook.
Upvotes: 0
Reputation: 340
I don't know with your code. But if you use Facebook graph api it would be simple.
def authorize(self):
warnings.filterwarnings('ignore', category=DeprecationWarning)
savout = os.dup(1)
os.close(1)
os.open(os.devnull, os.O_RDWR)
try:
webbrowser.open(FBOAuth.FACEBOOK_GRAPH_URL+'/oauth/authorize?'+urllib.urlencode(
{'client_id':FBOAuth.CLIENT_ID,
'redirect_uri':FBOAuth.REDIRECT_URI,
'scope':'read_stream, publish_stream'}))
finally:
os.dup2(savout, 1)
FBOAuth.SECRET_CODE = raw_input("Secret Code: ")
self.save_secret_code(FBOAuth.SECRET_CODE)
return FBOAuth.SECRET_CODE
def access_token(self):
if not FBOAuth.SECRET_CODE:
FBOAuth.SECRET_CODE = self.authorize()
args = {'redirect_uri': FBOAuth.REDIRECT_URI,
'client_id' : FBOAuth.CLIENT_ID,
'client_secret':FBOAuth.CLIENT_SECRET,
'code':FBOAuth.SECRET_CODE,}
access_token = urllib.urlopen(FBOAuth.FACEBOOK_GRAPH_URL + "/oauth/access_token?" + urllib.urlencode(args)).read()
access_token = urlparse.parse_qs(access_token)
FBOAuth.ACCESS_TOKEN = access_token['access_token'][0]
self.save_access_token(FBOAuth.ACCESS_TOKEN)
return FBOAuth.ACCESS_TOKEN
And by these 2 functions you can get access tokens. Here is the link for tutorial i used. Facebook graph api documents for reference.
Upvotes: 1
Related Questions
- Programmatically getting an access token for using the Facebook Graph API
- Facebook api graph access token
- Get user access token on Facebook API
- oauth_access_token in facebook API
- How to get Facebook access token using Python library?
- How can I get oauth_access_token for facebook-sdk
- getting the facebook access token from url in flask
- How to obtain a user access token in Python
- How to get the access token from facebook's oauth redirect in python?
- Getting facebook OAuth access_token through Python SDK does not seem to be working, any ideas?