How to get user access_token if I have his/her oauth_token?

Question

When user opens my canvas app I get a signed_request from Facebook, from which I derive the user_id and oauth_token. How can I then get the access_token and check/get user permissions and other data?

Answer 1

    <?php
include '../../src/config.php';
// Get User ID
$user = $facebook->getUser();

// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.

if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
  }
}

// Login or logout url will be needed depending on current user state.
if ($user) {
  $logoutUrl = $facebook->getLogoutUrl();
  $access_token = $facebook->getAccessToken();
$user_xml = "<?xml version=\"1.0\"?>\n"; 
$user_xml .= "<roots>\n";
$user_xml .= "<access>\n";
$user_xml .= "<token>" . $access_token . "</token>\n"; 
$user_xml .= "</access>\n";
$user_xml .= "</roots>\n";
echo $user_xml; 



} else {
  $loginUrl = $facebook->getLoginUrl();
}




?>

Answer 2

The oauth_token you're talking about is also the users access_token, they should be exactly the same.

To check the users permissions you can make a GET call to /me/permissions this should return a data array similar to the below

{
  "data": [
    {
      "installed": 1, 
      "read_stream": 1, 
      "manage_notifications": 1, 
      "manage_pages": 1, 
      "user_likes": 1, 
      "user_activities": 1, 
      "user_interests": 1, 
      "user_photos": 1, 
      "user_about_me": 1, 
      "type": "permissions"
    }
  ]
}

Depending on what the other data you wish to access you will need to ask for more permissions and then call the appropriate API end points. For example to get the users basic information make a call to /me or to get a list of their friends /me/friends

You can find all the permissions you can ask for at https://developers.facebook.com/docs/reference/api/permissions/

And all the information about where to call in the API for retrieving the different bits of data you require here https://developers.facebook.com/docs/reference/api/

Answer 3

When you say you have their 'oauth token' - are you sure that isn't the access token? Can you try making an API call to /me/permissions with that token and see if it's working? It should return a list of the permissions the user has granted your app (which are usable via that token)