How to know if user has granted extended permission requested by application. I use java at back end, and login and facebook registration is handled by socialauth api. I want to publish feed to user's timeline.
Javascript is unable to hit the url because it doesn't have access token for facebook communication.
Can this thing be done without using any client facebook java api?
Get /me/permissions from the Graph API, in which ever way you like.
In your implementation of a SignInAdapter, use the Connection object injected into the signIn(...) method to generate a facebook object and then use can use the userOperations object to get related permissions. The following code sample can help:
Facebook facebook = (Facebook) connection.getApi();
facebook.userOperations().getUserPermissions().stream().forEach(x -> log.info("Permission {}: {}", x.getName(), x.getStatus()));
I know this question is old but this answer might help anyone starting out. This is done based on the assumption that you are using spring-social-facebook.
Related
I'm working on a tiny Java Desktop project. Basically, I need to connect my users through their Facebook accounts, and once validated, I'd like to retrieve some of their public information (name, email, birthday)...
I've been doing heavy research regarding this, but the more i read, the more complicated it gets. And there were many points were I got so confused that I just wanted to slam my head through my screen :D
Anyway...
1- I understand that I'd need a Facebook SDK (I'm using restFB)
2- Create an App on Facebook
3- Request permissions
4- Get User Access Token
5- Retrieve required data (name, email, birthday)
One thing I dont understand, do I have to embed some form of Webbrowser in my Java app so that I can continue with the Facebook login process or can it be done through RestFB? and Unfortunately, RestFB doesnt explain nearly enough how to login a user, and when i found something close enough the user was hardcoded, but what if I want to register a new user everytime?
This is all i"ve got for now regarding the Login process:
AccessToken accessToken = new DefaultFacebookClient().obtainAppAccessToken("471150563090234", "97514014f41b3c1e7f5b697ab5708dec");
String token=accessToken.getAccessToken();
DefaultFacebookClient facebookClient = new DefaultFacebookClient(token);
ANY kind of help would be greatly appreciated!! Also, Where does OAuth fit in all this, i feel that this is the part I'm missing :)
You have two possibilities:
Use an embedded webbrowser. Depending on your app, they framework you use and so on this is no fun and a bit complicated to explain in some sentences. It is very specific and highly depends on how you app is working.
The easier way is to use a device access token. You have you user to open a provided url in his/hers browser and enter a code you show in your app. Your application has to poll Facebook as long as the user completed the authentication process or until a timeout occurs.
Have a look at the restfb documentation here: http://restfb.com/documentation/#access-token-device
and the device login explanation at Facebook here:
https://developers.facebook.com/docs/facebook-login/for-devices
I'm writing an app that incudes "news stream". One type of the entry is facebook post. I'd like to put those posts just like Twitter API allows to - without Login.
I do not want to implement Facebook Login feature from theirs API. It is redundant in my case.
What I am wondering is the security of this kind of bypass. Is it safe to get plain text (as JSON) from a link:
https://graph.facebook.com/{post-id}?access_token={token}
Token is my personal token that I generated at https://developers.facebook.com/tools/explorer/
Is it safe to use this token using it encoded in my apps code (Android)?
Using URLConnection, OutputStreamWriter, URLEncoder, BufferedReader.
Or schoud I make a .php on my server as the "middleman". (Pointless I guess).
Are there any other ways to get public posts from Facebook?
Because it is https, and because you are storing the token encrypted, it can be considered safe. However, you are missing a larger point: when you submit your app's APK to request permissions from Facebook, they expect you to use the Facebook SDK for Android when making use of the Graph API. This is mentioned in their conditions for approving permissions.
If you directly use the URLs' to get data, you will not receive permissions. By running your APK and observing the logcat data, Facebook is able to determine whether or not you are using the SDK.
So to answer your second question, Are there any other ways to get public posts from Facebook, the answer is YES, there is the Facebook SDK for Android, and you must make use of that in your app.
I need to make a simple query SELECT url FROM url_like WHERE user_id={friendId} in my Facebook app that I build with help of Spring Social. To do this I use authentication code provided by this library. The authentication works fine. But the query mentioned above returns an empty array. I would like to emphasizes that all the needed permissions are given (user_likes and friend_likes). However similar access token given to me by facebook graph explorer works perfectly.
Access token debugger from Facebook says that both tokens are valid and have needed permissions. The only difference in the duration of token validity: my app gives token that expires in 2 months and Graph Api gives for an hour.
What is the reason of this strange behaviour? Why token given by my app with needed permissions is unable to make this query. How to fix this issue? Thank you in advance.
UPDATE
Ok, it seems that Facebook gives access token for application that is different from access token of a user. So now the question is how to get user's access token with Spring Social Facebook?
You need to submit a post request to spring social ConnectController for the specific provider e.g. http://wwww.yourdomain:8089/connect/facebook. Spring social then will redirect the user to facebook authorization page where the user will grant your app with the asked permissions and send back a code to your server. Spring social then will exchange that code for an access token. You need to establish a connection for that user to be able to perform requests against FB on his/her behalf. Here is a doc page that might help http://static.springsource.org/spring-social/docs/1.0.0.M2/reference/html/connecting.html
I am able to load my app in facebook iframe, but can anyone help me with the user authentication in java. Any help will be really appreciated. Thanks
All java API clients provide extensive documentation on authentication. Here are two:
restfb
spring-social-facebook
Authentication follows the OAuth dance, which includes exchanging tokens. A tricky bit is that you should store the initial request token in your session, in order to be able to get it when facebook redirects the user back afterwards.
You can use a sdk like this one or you can find your way trough the facebook api, the requests are simple.
Im developing a Facebook app with java and spring social. Is it possible to find out if a logged in user is admin of the current app? I have been looking through the api but cannot find anything. Or is there any other good way to do this with java.
Update:
I did not find an specific api call in spring social to do this but it is possible to do the following which returns a json string with all the roles for the app.
facebook.restOperations().getForObject("https://graph.facebook.com/APP_ID/roles?access_token=your app token", String.class);
Call the Graph API with an HTTP GET to /me/accounts with that user's access token with manage_pages permission. If you see the app listed there, then they're an admin or a developer.
Or you can use an FQL call. See: http://developers.facebook.com/docs/reference/fql/page_admin/
SELECT page_id, type from page_admin WHERE uid=me() and see if the user is on that list.
EDIT
I just found a third way to check if a specific user is an admin of the Page, issue an HTTP GET request with the appropriate PAGE_ID, Page Access Token, and USER_ID to https://graph.facebook.com/PAGE_ID/admins/USER_ID