jinson
Reputation: 331
how to set manage_pages permission to a particular facebook page?
how i can set a manage_pages permission of my application to a particular page only. Now my application get permission to manage all pages of fb user.. How i can restrict this and get permission to access a specific page only ?
I am using one simple authentication method.
$app_id = 'xxxxxxxxxxxxx';
$app_secret = 'xxxxxxxxxxxxxxxx';
$my_url = 'http://xxxxxxxxxxx.com/xxxx/facebook?client=params';
$code = $_REQUEST["code"];
//auth user
if(empty($code)) {
$dialog_url = 'https://www.facebook.com/dialog/oauth?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url).'&scope=offline_access,read_stream,publish_stream,manage_pages';
echo("<script>top.location.href='" . $dialog_url . "'</script>");
}
//get user access_token
$token_url = 'https://graph.facebook.com/oauth/access_token?client_id='
. $app_id . '&redirect_uri=' . urlencode($my_url)
. '&client_secret=' . $app_secret
. '&code=' . $code;
$access_token = file_get_contents($token_url);
am using the above code for authentication. when i try to print the $_REQUEST params, i couldnt find any variable names 'signed_request'. is any other method can we use with the above code..??
Upvotes: 2
Views: 3648
Answers (2)
ifaour
Reputation: 38135
You should do this from your side. Facebook will send you the page id in the signed_request so you can verify the page and show/disable content:
<?php
if(!empty($_REQUEST["signed_request"])) {
$app_secret = "APP_SECRET";
$data = parse_signed_request($_REQUEST["signed_request"], $app_secret);
if (isset($data["page"])) {
echo $data["page"]["id"];
} else {
echo "Not in a page";
}
}
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;
}
// check sig
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
This code is taken from this answer. Just check the $data["page"]["id"] against the one you want.
Upvotes: 0
ThiefMaster
Reputation: 318698
Unfortunately that's not possible. Very annoying but well.. it's facebook so there's nothing else to expect.
Upvotes: 2
Related Questions
- manage_pages permission
- How can I use 'manage_pages' permission with the SDK on Facebook?
- Cannot get manage_pages publish_pages permission for admin of a Facebook app
- How do I obtain manage_pages permission for my application from facebook?
- manage_page permissions for facebook page using test user
- Post to a facebook page without "manage_pages" permission using php
- facebook API: manage_pages permission is not working
- How to get Manage Pages permission to a particular facebook page or app?
- Facebook SDK Manage pages error: The user hasn't authorized the application to perform this action
- how to get manage_pages permission automatically