Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Facebook Graph API - Using, 'app access token' to fetch facebook page feeds (Solution)

Well, this may sound strange. When a facebook application is configured to be a Native/Desktop app (Apps->Your APP->Advanced->App type), the 'app access token' obtain from this procedure

https://graph.facebook.com/oauth/access_token?" + "client_id=" + APP_ID + "&client_secret=" + APP_SEC + "&grant_type=client_credentials"

Will not work, to fetch feeds or post from a Facebook page. As per facebook documentation fetching feeds only requires any valid access_token or user access_token, strange enough it doesn't work this way, if the app is configured to be Native/Desktop.

1 Solution, found after a days research, came to frustrating conclusion that it has to be configured as 'web' based application in (Apps->Your APP->Advanced->App type).

Once set up, the above procedure to fetch feeds works.This gives raise to a question, is this a bug ? or have i misunderstood the documentation.

I hope i have saved a day for you, if you have been working on facebook page feeds these days and pulling your hair off, out of frustration for obvious reasons.

[1] Facebook forum post

like image 576
alkber Avatar asked Feb 25 '12 18:02

alkber


People also ask

How do I get data from Facebook Graph API?

Open the Graph Explorer in a new browser window. This allows you to execute the examples as you read this tutorial. The explorer loads with a default query with the GET method, the lastest version of the Graph API, the /me node and the id and name fields in the Query String Field, and your Facebook App.

What is access token in Facebook API?

An access token is an opaque string that identifies a user, app, or Page and can be used by the app to make graph API calls. When someone connects with an app using Facebook Login and approves the request for permissions, the app obtains an access token that provides temporary, secure access to Facebook APIs.


1 Answers

Here is the relevant documentation about Use an App Access Token

App Access Tokens should only be used when the posting functions are originated directly from your servers in order to keep them private to the app. For example, you should not publish using an App Access Token from within a client such as a native mobile app. Doing that could allow individuals to obtain the App Access Token, which could then allow them to take actions on behalf of your app. Instead, you should have your native mobile app queue actions up with your server and then have your server publish the stories to Facebook using the App Access Token. For this reason, if your 'App Type' in Settings > Advanced is set to 'Native/Desktop', we assume that your client app contains the App Secret or an App Access Token in its binary, and do not allow calls signed with an App Access Token to proceed. The API will behave as though no access token was provided.

Source

Also about Obtaining an App Access Token:

Because it requires you to include your App Secret you should not attempt to make this call client-side as that would expose this secret to all your app users. It is important that your App Secret is never shared with anyone. For this reason, this call should be performed server-side [...]

Source

like image 190
user362515 Avatar answered Sep 24 '22 08:09

user362515