Koala gem and getting album photos from friends

Question

I am creating a facebook application. I am signing in the user with the omniauth-facebook gem. I am asking the following permissions:

provider :facebook, 'app_id', 'secret_key',
scope: "public_profile,user_friends,friends_photos,user_photos"

After the user signs in, I am getting his friends' list with koala gem and something like the following code:

@graph = Koala::Facebook::API.new(current_user.oauth_token)
@profile = @graph.get_object("me")
@friends = @graph.get_connections("me", "friends?fields=id,name,gender")

I don't know if I can get the albums and the photos for each one of his friends. I've tried the following fql query:

SELECT pid FROM photo WHERE aid IN (SELECT aid,name FROM album WHERE owner=user_id)

which it works only for me when I am testing it on graph api explorer, but it doesn't work from my application (neither for my friends nor for me).

Am I missing some permissions or is it impossible to get the photos and the albums of someone's friends? Any other suggestion for getting all the photos of someone's friends through facebook graph API?

Update

I've uploaded the code here https://github.com/johndel/fbgame You can see the above code and the rest of it on config/initializers/omniauth.rb and on the app/controllers/pages_controller.rb

Answer 1

The problem has to do with the permissions that your app is asking during the sign up. If you check it, it doesn't ask for your friend's photos.

The above means that the problem has to do with the omniauth-facebook gem as this is what you are using. You are using an old version of it (version 1.4.0), even though I updated and it still didn't work with the current version (1.6.0).

I made it work with a javascript version which it was generating a correct omniauth key and asking the preferable permissions (friend's photos access). After the sign in, it worked nicely with the koala gem, so you probably have to get the omniauth key through some other method, as the current omniauth-facebook gem seems to have some bug (I think the javascript method which I've used, is the suggested way to do it).

Here is the code with the javascript (most of it is copy-paste from the facebook graph api):

<!DOCTYPE html>
<html>
  <head>
    <title>Facebook Login JavaScript Example</title>
    <meta charset="UTF-8">
  </head>
  <body>
    <div style="width: 900px; margin: 0 auto;">

      <script>
        // This is called with the results from from FB.getLoginStatus().
        function statusChangeCallback(response) {
          // The response object is returned with a status field that lets the
          // app know the current login status of the person.
          // Full docs on the response object can be found in the documentation
          // for FB.getLoginStatus().
          if (response.status === 'connected') {
            // Logged into your app and Facebook.
            testAPI();
          } else if (response.status === 'not_authorized') {
            // The person is logged into Facebook, but not your app.
            document.getElementById('status').innerHTML = 'Please log ' +
              'into this app.';
          } else {
            // The person is not logged into Facebook, so we're not sure if
            // they are logged into this app or not.
            document.getElementById('status').innerHTML = 'Please log ' +
              'into Facebook.';
          }
        }

        // This function is called when someone finishes with the Login
        // Button.  See the onlogin handler attached to it in the sample
        // code below.
        function checkLoginState() {
          FB.getLoginStatus(function(response) {
            statusChangeCallback(response);
          });
        }

        window.fbAsyncInit = function() {
        FB.init({
          appId      : 'api_key',
          cookie     : true,  // enable cookies to allow the server to access
                              // the session
          xfbml      : true,  // parse social plugins on this page
          version    : 'v2.0' // use version 2.0
        });

        // Now that we've initialized the JavaScript SDK, we call
        // FB.getLoginStatus().  This function gets the state of the
        // person visiting this page and can return one of three states to
        // the callback you provide.  They can be:
        //
        // 1. Logged into your app ('connected')
        // 2. Logged into Facebook, but not your app ('not_authorized')
        // 3. Not logged into Facebook and can't tell if they are logged into
        //    your app or not.
        //
        // These three cases are handled in the callback function.

        FB.getLoginStatus(function(response) {
          statusChangeCallback(response);
        });

        };

        // Load the SDK asynchronously
        (function(d, s, id) {
          var js, fjs = d.getElementsByTagName(s)[0];
          if (d.getElementById(id)) return;
          js = d.createElement(s); js.id = id;
          js.src = "//connect.facebook.net/en_US/sdk.js";
          fjs.parentNode.insertBefore(js, fjs);
        }(document, 'script', 'facebook-jssdk'));

        // Here we run a very simple test of the Graph API after login is
        // successful.  See statusChangeCallback() for when this call is made.
        function testAPI() {
          FB.api('/me/albums', function(response) {
            console.log(JSON.stringify(response));
            // document.getElementById('status').innerHTML =
            //   'Thanks for logging in, ' + response.name + '!';
          });

        }
      </script>

      <!--
        Below we include the Login Button social plugin. This button uses
        the JavaScript SDK to present a graphical Login button that triggers
        the FB.login() function when clicked.
      -->





      <fb:login-button scope="public_profile,user_friends,friends_photos,user_photos" onlogin="checkLoginState();">
      </fb:login-button>

      <div id="fb-root">
      </div>


      <div id="status">
      </div>


      <script src="//code.jquery.com/jquery-1.11.0.min.js"></script>

      <script>
      $(function() {
        // FB.api('/me', function(response) {
        //   console.log(JSON.stringify(response));
        // });
      });
      </script>
    </div>
  </body>
</html>

After the successful generated omniauth key with the right permissions it works. You can test it with koala or with the javascript way, as I have done it by calling the above method.