facebook graph api not work from 2.2 to 2.3

Question

Because it's due date for graph api 2.2, I'm trying fix my graph api using v2.3 But I discover most api request response nothing when I use 2.3, but I can not found any update for this in the upgrade document. For example:

https://graph.facebook.com/v2.3/{$user_id}?date_format=U&fields=albums.order(reverse_chronological).limit(100).offset(0){id,count,name,created_time}

will return nothing if I use 2.3. And I can't get user's birthday when I call:

https://graph.facebook.com/v2.3/{$user_id}

It's only return name and live location. But in v2.2, it include birthday profile.

I use facebook SDK 3.2.2 because my php version is 5.3. Is there any update that I don't know? Thanks.

Answer 1

I have found the problem myself. It's because the SDK 3.2.2. For facebook update (from the Changelog for API version 2.3):

[Oauth Access Token] Format - The response format of https://www.facebook.com/v2.3/oauth/access_token returned when you exchange a code for an access_token now return valid JSON instead of being URL encoded. The new format of this response is {"access_token": {TOKEN}, "token_type":{TYPE}, "expires_in":{TIME}}. We made this update to be compliant with section 5.1 of RFC 6749.

But SDK is recognize the response as an array(in the getAccessTokenFromCode function):

$response_params = array();
parse_str($access_token_response, $response_params);
if (!isset($response_params['access_token'])) {
  return false;
}
return $response_params['access_token'];

This will not get user access token correctly, and you can't get user's data. So you should update this function to parse data as json:

$response = json_decode($access_token_response);
if (!isset($response->access_token)) {
  return false;
}
return $response->access_token;

Then all of the function will work as usual.

---

Additionally, you must make similar changes to setExtendedAccessToken(). Otherwise, your app won't be able to extend access tokens. The code below demonstrates how to upgrade the function.

  /**
   * Extend an access token, while removing the short-lived token that might
   * have been generated via client-side flow. Thanks to http://bit.ly/ b0Pt0H
   * for the workaround.
   */
  public function setExtendedAccessToken() {
    try {
      // need to circumvent json_decode by calling _oauthRequest
      // directly, since response isn't JSON format.
      $access_token_response = $this->_oauthRequest(
        $this->getUrl('graph', '/oauth/access_token'),
        $params = array(
          'client_id' => $this->getAppId(),
          'client_secret' => $this->getAppSecret(),
          'grant_type' => 'fb_exchange_token',
          'fb_exchange_token' => $this->getAccessToken(),
        )
      );
    }
    catch (FacebookApiException $e) {
      // most likely that user very recently revoked authorization.
      // In any event, we don't have an access token, so say so.
      return false;
    }

    if (empty($access_token_response)) {
      return false;
    }

    //Version 2.2 and down (Deprecated).  For more info, see http://stackoverflow.com/a/43016312/114558
    // $response_params = array();
    // parse_str($access_token_response, $response_params);
    //
    // if (!isset($response_params['access_token'])) {
    //   return false;
    // }
    //
    // $this->destroySession();
    //
    // $this->setPersistentData(
    //   'access_token', $response_params['access_token']
    // );

    //Version 2.3 and up.
    $response = json_decode($access_token_response);
    if (!isset($response->access_token)) {
      return false;
    }

    $this->destroySession();

    $this->setPersistentData(
      'access_token', $response->access_token
    );
  }