I'm trying to retrieve data using the new graph API, however the token I'm retriving from OAuth doesn't appear to be working.
The call I'm making is as follows;
$token = file_get_contents('https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=<app_id>&client_secret=<app secret>');
This returns a token with a string length of 41. To give you an example of what is returned I have provided below a sample (converted all numbers to 0, all capital letters to 'A' and small case letters to 'a'
access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA.
I take this access token and attach it to the call request for data, it doesn't appear to be the correct token as it returns nothing. I make the data call as follows;
file_get_contents('https://graph.facebook.com/<my_page's_id>/statuses?access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA.')
When I manually retrieve this page directly through the browser I get an 500/Internal Server Error Message.
Any assistance would be grately appreciated.
Update:
I've since changed the method from file_get_contents() to curl. By retreiving the headers I get the following error message ...
{"error":{"type":"OAuthException","message":"Missing client_id"}}
but my post array includes 'client_id'?!
In the App Dashboard, choose your app and scroll to Add a Product Click Set Up in the Facebook Login card. Select Settings in the left side navigation panel and under Client OAuth Settings, enter your redirect URL in the Valid OAuth Redirect URIs field for successful authorization.
Don't use type=client_cred, this is not the access token that a user grants for your app to use. You don't need redirect_uri or code or any approval to get the client_cred type access token.
Facebook implements an early draft of OAuth 2 at this time. So there is not support for "state" yet.
But it is nice that you can suffix your state to the redirect_uri, the important point to note here is that the site url that you specified (which is the redirect_uri)
should not have a
question mark at the end or anywhere in what you suffix as client state, encoded or not. If you did, you will get the dreaded "Error validating verification code"
Don't use like that
http://www.Redirect.com?
Correct Url is http://www.Redirect.com/
Hope it helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With