CODEWITHSUNDEEP
facebook
Alex Cook
Alex Cook

Reputation: 171

Facebook Graph API - authorization types?

I'm struggling with the new Facebook Graph API, perhaps someone here can help.

Here is what I want to do: provide a ‘login w/ FB’ button, throw to /authorize, get a code, throw to /access_token, get an access_token, and be able to hit https://graph.facebook.com/me for info about the user.

When I try to use type=client_cred in the /authorize call, I get an access_token that lets me hit URLs with userIDs or names, but not /me. I receive an error stating I need a valid token.

If I can't hit /me, how do I figure out who the current user is?

What exactly should I use in the type param if I want a website to access a users data? I've seen posts with type=web_server, etc, but I can't seem to find a sure fire way to do, what I think, is pretty simple...

Thanks ahead of time for any help thats provided...

Upvotes: 4

Views: 15067

Answers (5)

Jc Danton
Jc Danton

Reputation: 41

I had the same problem and I solved it.

First: Dont use &type=client_cred.

Second: Use the same URL everywhere!!!

My example:

My firs link:

<a href="https://www.facebook.com/dialog/oauth?client_id=_MY_APP_ID_&state=_RANDOM_NUMBER_&redirect_uri=http://mysite.ru/ru/site_users.html?op=fbreg">FB login</a>

When I got the code:

$nexturl  = "https://graph.facebook.com/oauth/access_token?client_id=".$AppId."&redirect_uri=http://mysite.ru/ru/site_users.html?op=fbreg&client_secret=".$AppSec."&code=".$fbCode;
$response = @file_get_contents($nexturl);   
$params   = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token=".$params['access_token'];
$arrResponse = json_decode(@file_get_contents($graph_url));

In $arrResponse i got all info about current user.

The value of URL should be the same everywhere. In the code and in https://developers.facebook.com/apps/.

In my case it is this: http://mysite.ru/ru/site_users.html?op=fbreg

The following are all incorrect using my example.

  • http://mysite.ru/
  • http://mysite/
  • http://mysite/ru/site_users.html

Thats all. Very stupid problem. I solved it for three days :(

Upvotes: 4

just__matt
just__matt

Reputation: 484

This answer should clarify nategood's last comment

nevermind. figured out my problem. make 100% sure that redirect_uri is identical when making authroize and access_token call! – nategood Mar 24 at 0:54

I struggled with this issue for a long time. Facebooks documentation is poor, and answers on these sites seem to fall in to one of two categories: use type=client_cred or don't use type.

Don't use "type=client_cred". Follow the facebook documentation and just make sure that the redirect_uri you use in your code request to:
http://www.facebook.com/dialog/oauth/?

is the same as the redirect_uri you use in your access_token request to: *https://graph.facebook.com/oauth/access_token?*

Upvotes: 0

wingoo
wingoo

Reputation: 41

do you solve it?i have the same error like yours
i find a page that explain this problem http://benbiddington.wordpress.com/2010/04/23/facebook-graph-api-getting-access-tokens/

if use type=client_cred, you need to change "me" to a user id, and the userid can find in the "code" param, just see the airtle:)

Upvotes: 0

ceejayoz
ceejayoz

Reputation: 180125

When I try to use type=client_cred in the /authorize call, I get an access_token that lets me hit URLs with userIDs or names, but not /me. I receive an error stating I need a valid token.

client_cred is intended for your app to validate that it is, indeed, the app. It's used for things like subscribing to Facebook's real-time update API. It imparts no user authentication.

You need to follow Facebook's OAuth instructions. It does not use the type parameter in any way. You'll be:

That access token lets you function as the user and access the me URLs.

Upvotes: 5

Fedor
Fedor

Reputation: 43422

I think it should be something like that:

https://graph.facebook.com/oauth/authorize?client_id=...&redirect_uri=...&scope=user_photos,user_videos,publish_stream&display=page

The scope should specify permissions you need as listed here http://developers.facebook.com/docs/authentication/permissions

Display values can be found here http://developers.facebook.com/docs/authentication/

Upvotes: 1

Related Questions