Reputation: 9837
Given APP secret and client ID retrieve Facebook user access token
The following Facebook URL:
https://developers.facebook.com/tools/accesstoken/
Shows all the user tokens from the Facebook user created apps.
Here is how I can retrieve at the moment my Facebook User Access Token manually (source):
OAuth 2.0
With the standard OAuth 2.0 implementation, the first step is to invoke the OAuth Dialog of the service provider (facebook)-
\GET http://www.facebook.com/dialog/oauthParameters-
client_id(APP ID)redirect_uri(App's Redirect Url)scope(permissions - optional)
Returns-
code(appended with the redirect url)
After the user successfully authenticated the app, a
codeis returned by the service provider(facebook) appended with theredirect_urlpassed. So you'll be redirected to-{redirect-url}?code=XXXXXXXXXXXXXXXXXWe use this
codethen and request for theaccess_token-\GET https://graph.facebook.com/oauth/access_tokenParameters-
client_id(APP ID)client_secret(APP Secret)coderedirect_uri
This works fine, but as you can see it requires a manual step in order to retrieve the code from the redirected URL and add it to the second URL that returns the User Access Token. However I don't know how to make this process automatic, that is, given an user App ID and App Secret, retrieve my User Access Token without manual steps.
Is there any way to retrieve the user access token with a PHP script?
Here is what I've tried in order to achieve this using the PHP SDK:
require_once __DIR__ . '/vendor/autoload.php';
$fb = new Facebook\Facebook([
'app_id' => '<my app id>',
'app_secret' => '<my app secret>',
]);
$helper = $fb->getRedirectLoginHelper();
$accessToken = $helper->getAccessToken();
However $accessToken returns NULL.
May be there is some other way to do this using the Facebook PHP SDK?
Upvotes: 2
Views: 2252
Answers (1)
Reputation: 73984
There is no way to automate getting a user token or to automate user authorization. That would make the whole user authorization pointless, and there is no serious use case for it. The only way to get a User Token is to manually authorize a user (by building a manual login flow or using one of the SDKs).
Upvotes: 3
Related Questions
- Facebook login message: "URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings."
- Facebook OAuth "The domain of this URL isn't included in the app's domain"
- Facebook Access Token for Pages
- Design for Facebook authentication in an iOS app that also accesses a secured web service
- Why is there an "Authorization Code" flow in OAuth2 when "Implicit" flow works so well?
- Facebook API returns "Invalid OAuth access token signature."
- What is the difference between the OAuth Authorization Code and Implicit workflows? When to use each one?
- How to get the Facebook user id using the access token
- How is native client only Facebook Login secure if you never send your client secret to get an access token?