Facebook Graph API - authorization types?

Question

I'm struggling with the new Facebook Graph API, perhaps someone here can help.

Here is what I want to do: provide a ‘login w/ FB’ button, throw to /authorize, get a code, throw to /access_token, get an access_token, and be able to hit https://graph.facebook.com/me for info about the user.

When I try to use type=client_cred in the /authorize call, I get an access_token that lets me hit URLs with userIDs or names, but not /me. I receive an error stating I need a valid token.

If I can't hit /me, how do I figure out who the current user is?

What exactly should I use in the type param if I want a website to access a users data? I've seen posts with type=web_server, etc, but I can't seem to find a sure fire way to do, what I think, is pretty simple...

Thanks ahead of time for any help thats provided...

Answer 1

When I try to use type=client_cred in the /authorize call, I get an access_token that lets me hit URLs with userIDs or names, but not /me. I receive an error stating I need a valid token.

client_cred is intended for your app to validate that it is, indeed, the app. It's used for things like subscribing to Facebook's real-time update API. It imparts no user authentication.

You need to follow Facebook's OAuth instructions. It does not use the type parameter in any way. You'll be:

• Sending the user to https://graph.facebook.com/oauth/authorize with a callback URL set.
• If the user says OK, they'll be redirected to your callback URL with a verification string as a URL parameter.
• You take that verification string and request an access token from https://graph.facebook.com/oauth/access_token

That access token lets you function as the user and access the me URLs.