I'm building an application that needs to query and fetch the Facebook public feed every hour or so. I only need read access to the public feed. I can make the query using the Access Token generated on the Graph Explorer page but that token expires after an hour or so. I know there is a way to get a 60 days token and use that, but that requires updating the token every 60 days.
Whats the correct way of doing this? All the material I have found so far assumes a front end application that needs a user's login authentication.
You can't get offline access token for facebook (unlike google).
You can get access token for 60 days, and when user asks for page that requires authentication, redirect him to login page.
In playframework you can do this with securesocial module (and i am sure there is social module for whatever server you choose to use).
Alternatively, you can extend the short-lived access token.
I am unsure of the technical details of how to do this, only that it is possible.
Maybe this link can help you:
Facebook full permission AccessToken alternative to Offline access token
Related
Imagine you've to implement following user story:
"User should be able to publish message on social media(facebook/twitter/etc) using simple web form and one-click button[without need to login in fb/twitter/etc]."
In general, authentication in social networks is based on OAuth 2.0. Facebook distinguish three types of access tokens:
User access token
App access token
Page access token
I've tried first option with facebook4j, and it's working - however, we are supposed to supply token each time, we want to use it. I've found long-lived tokens, but their validity is also limited - 60 days.
Generating app access tokens is very simple, but I haven't succeed in publishing any post. From facebook docs:
App access tokens can also be used to publish content to Facebook on
behalf of a person who has granted an open graph publishing permission
to your application.
Page access tokens - I haven't tried. Is it possible to publish message on fb/twitter simultaneously, without login, of course, to predefined destination(fb wall)? If so, please provide me with any working example :)
Thanks in advance
I'm creating an ecomerce app for a local store and they use Quickbooks Online. I can see the Quickbooks Online API requires a "Connect to Quickbooks" button where the user then logs in, but that's not what I'm looking for. What I'm looking for is something when they look at the products page, the app queries (or sends a REST/SOAP call) and gets back product data for my store. Our customers will have no idea that we're using quickbooks online, and definitely won't have a login. The flow would be like:
Customer clicks Products
ProductsAction will execute a service call to QuickBooks to get the products we sell (select * from products)
ProductsAction will return Success passing in the list of products to the page to be rendered.
mycompany/Products renders the items returned from QuickBooks Online.
Is there any possible way to do this? Everything I've read requires O'Auth authentication (meaning the user would have to login to QBO).
Feel free to ask any questions an thanks in advance!
I can see the Quickbooks Online API requires a "Connect to Quickbooks" button where the user then logs in, but that's not what I'm looking for.
Yes, it is.
You only have to log in ONCE. Exactly ONCE, and then you never, ever have to log in ever again. So, your QuickBooks admin logs in ONCE using the "Connect to QuickBooks" button, and then NEVER LOGS IN AGAIN.
Instead, you store the OAuth tokens, and use the stored tokens to do you queries from there on out.
What I'm looking for is something when they look at the products page, the app queries (or sends a REST/SOAP call) and gets back product data for my store.
This is all perfectly do-able. The reason you can't do it right now is because you're not storing the OAuth tokens like you should be.
Our customers will have no idea that we're using quickbooks online, and definitely won't have a login.
They don't need to have any idea about this. Store the OAuth tokens after you connect ONCE, and then everything can be unattended, no login, you just query away whenever you want to.
Is there any possible way to do this?
Yes!
Everything I've read requires O'Auth authentication (meaning the user would have to login to QBO).
The QuickBooks admin logs in ONCE and then never again. Store the OAuth tokens after that one and only login, and then use those to do all of your queries in the future.
This is how OAuth works for every single application that uses OAuth on the entire planet. Log in and authenticate once, store the tokens you get for future queries.
...
...
Did I mention you should be storing the OAuth tokens that you get back after that one single time your QuickBooks admin logs in? :-P
Yes, you can do this:
Create an account on https://developer.intuit.com using your accounts QBO login.
Make an app
Grab OAuth creds from the API Explorer.
See my tutorial for help on the first two steps: http://minimul.com/integrating-rails-and-quickbooks-online-via-the-version-3-api-part-1.html
You still need OAuth creds but since you only desire to interact with your company/personal QBO account you don't need to do anything formal, just get the OAuth credentials somehow. Once you have the credentials you can start building your integration code.
I need to make a simple query SELECT url FROM url_like WHERE user_id={friendId} in my Facebook app that I build with help of Spring Social. To do this I use authentication code provided by this library. The authentication works fine. But the query mentioned above returns an empty array. I would like to emphasizes that all the needed permissions are given (user_likes and friend_likes). However similar access token given to me by facebook graph explorer works perfectly.
Access token debugger from Facebook says that both tokens are valid and have needed permissions. The only difference in the duration of token validity: my app gives token that expires in 2 months and Graph Api gives for an hour.
What is the reason of this strange behaviour? Why token given by my app with needed permissions is unable to make this query. How to fix this issue? Thank you in advance.
UPDATE
Ok, it seems that Facebook gives access token for application that is different from access token of a user. So now the question is how to get user's access token with Spring Social Facebook?
You need to submit a post request to spring social ConnectController for the specific provider e.g. http://wwww.yourdomain:8089/connect/facebook. Spring social then will redirect the user to facebook authorization page where the user will grant your app with the asked permissions and send back a code to your server. Spring social then will exchange that code for an access token. You need to establish a connection for that user to be able to perform requests against FB on his/her behalf. Here is a doc page that might help http://static.springsource.org/spring-social/docs/1.0.0.M2/reference/html/connecting.html
I'm currently developing an application that essentially perform background fetch of reports from a salesforce account and save them into a db, the flow goes more or less like this:
-A user logs-in in my app.
-Selects add salesforce connection.
-He is presented with a form to provide consumer key (client_id in some docs) and consumer_secret as shown in Develop-Remote Access (in a salesforce account).
-Then the app initiates web server flow as described here and the salesforce login form is presented so user can authorize my app, app get access token, then request refresh token.
-Once the app goes through all this process it obtaines the refresh token to update the access token once it expires so it can make subsequent call to API functions. Once the refresh token is get, the user doesn't have to go through all the flow, just log-in to my app and see his data updated.
This refresh token is obtained to perform updates of reports even when the user is not logged into the system.
However, before doing all that user has to go to the Develop - Remote Access section to get consumer and secret and provide it to the app. Average user don't get this easily, is there any way to simplify this? Any experience on how to simplify the process, am I looking at the wrong flow? Btw I'm working with java.
Thanks.
You can create one remote access setting in your own developer org and then re-use that, it's automatically shared, you don't need to have your customers create their own ones.
My quick investigations appear to suggest that FB has deprecated all auth mechanisms while leaving their custom oauth implementation.
Can someone comment or clarify this statement ?
Why ?
I want users to authenticate against my app and not FB
At some later stage i wish to grab some assets from FB such as the current users photo etc.
You will need at least once to let them authenticate with the facebook ID and authorize your app. From that moment, you will receive an access_token in the JSON response that will allow you to perform operations for your user.
There are two types of access tokens:
Session based: expires in a short term, are used when the user will be logged to FB every time you need to perform an operation.
Offline access: do not expire and allow the app to perform operations for the user in any moment. This requires the offline_access permission when the app is authorized.
Check here: http://developers.facebook.com/docs/authentication/ for the oauth mechanism and here: http://developers.facebook.com/docs/authentication/permissions/ for the permissions list.