Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Facebook offline access step-by-step

People also ask

How does Facebook offline activity work?

The offline activity feature allows you to add multiple offline events. Create the event and it will populate those events in the drop-down menu. Select the previously created events from the drop-down menu. Add or remove any of the event audience as per the objective.


With the new Facebook Graph API, things got a bit simpler but far less well documented. Here's what I did to be able to load my wall posts as me from a server side only (not part of a browser session) php script:

  1. create a facebook application, if you don't already have one usable for this project http://www.facebook.com/developers/apps.php#!/developers/createapp.php -- and set sandbox/developer mode on! @ Advanced Settings > Sandbox Mode > Enable (Lets only the developers of your application see it.) You'll need the Application ID (APP_ID) and Secret Key (SECRET_KEY) that are listed on your developer account summary of that application but not the old API Key.

  2. load in your browser, already logged in to fb as the account you want your server side app to connect as, and click "allow" for the requested permissions: https://graph.facebook.com/oauth/authorize?client_id=APP_ID&scope=offline_access,read_stream&redirect_uri=http://www.facebook.com/connect/login_success.html

  3. copy the "code" parameter from the resulting url's query string, use that in: https://graph.facebook.com/oauth/access_token?client_id=APP_ID&redirect_uri=http://www.facebook.com/connect/login_success.html&client_secret=APP_SECRET&code=CODE_FROM_2 And copy the right hand side of access_token= in the resulting page's text, which will be in the structure of: APP_ID|HEXNUM-USER_ID|WEIRD_KEY

  4. now download either from the graph api or the classic rest api using the oath access token you just got ala (where SOURCE_ID is the facebook id for the user/group/whatever that you are looking up):

    <?php
    $stream = json_decode(file_get_contents("https://api.facebook.com/method/stream.get?source_ids=SOURCE_ID&access_token=ACCESS_TOKEN&format=json"));
    var_dump($stream);
    // this one gives a 500 internal server error from the http get if any of the fields are invalid, but only in php, not when loaded in a browser... weird.
    $feed = json_decode(file_get_contents("https://graph.facebook.com/SOURCE_ID/feed?fields=id,from,created_time,link,type&access_token=ACCESS_TOKEN"));
    var_dump($feed);
    ?>
    

Noting that the graph api and rest api return not just different structures, but also different information -- so here, I prefer the results from the rest api (the first one) even though I like being able to restrict the fields in the new graph api (the second one).

Look at http://developers.facebook.com/docs/authentication/ in the sections "Requesting Extended Permissions" and "Authenticating Users in a Web Application" for the official (sparse) details.

If you want to do this routinely, i.e. programmatically, here's the automated version of steps 2+3:

Put this on your web server as "facebook_access_token.php":

<?php $token = explode('=', file_get_contents("https://graph.facebook.com/oauth/access_token?client_id=APP_ID&redirect_uri=http://$_SERVER[SERVER_NAME]$_SERVER[PHP_SELF]&client_secret=APP_SECRET&code=" . 
(get_magic_quotes_gpc() ? stripslashes($_GET['code']) : $_GET['code']))); 
echo $token[1]; 
// store this, the access token, in the db for the user as logged in on your site -- and don't abuse their trust! ?>

And direct users in their browsers to: https://graph.facebook.com/oauth/authorize?client_id=APP_ID&scope=offline_access,read_stream&redirect_uri=http://www.example.com/facebook_access_token.php


If you want finally want to use PHP, with the Facebook PHP SDK v3 (see on github), it is pretty simple. To log someone with the offline_access permission, you ask it when your generate the login URL. Here is how you do that.

Get the offline access token

First you check if the user is logged in or not :

require "facebook.php";
$facebook = new Facebook(array(
    'appId'  => YOUR_APP_ID,
    'secret' => YOUR_APP_SECRET,
));

$user = $facebook->getUser();

if ($user) {
  try {
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    $user = null;
  }
}

If he is not, you generate the "Login with Facebook" URL asking for the offline_access permission :

if (!$user) {
    $args['scope'] = 'offline_access';
    $loginUrl = $facebook->getLoginUrl($args);
}

And then display the link in your template :

<?php if (!$user): ?>
    <a href="<?php echo $loginUrl ?>">Login with Facebook</a>
<?php endif ?>

Then you can retrieve the offline access token and store it. To get it, call :

if ($user) {
    $token = $facebook->getAccessToken();
    // store token
}

Use the offline access token

To use the offline access token when the user is not logged in :

require "facebook.php";
$facebook = new Facebook(array(
    'appId'  => YOUR_APP_ID,
    'secret' => YOUR_APP_SECRET,
));

$facebook->setAccessToken("...");

And now you can make API calls for this user :

$user_profile = $facebook->api('/me');

Hope that helps !


I did a tutorial not too long ago on my blog. It doesn't require any plugins or whatnot, it is done in PHP, and I have tested it. I did it for mainly wall posts, but after you authenticate you can use whatever function you want.

EDIT: Post no longer exists. FB API is updated anyway...


You want to start by reading the Server Side Flow section in the authentication guide. Basically, start with this URL:

https://www.facebook.com/dialog/oauth

Add your application id (available here) to the URL, which in OAuth parlance is client_id:

https://www.facebook.com/dialog/oauth?client_id=184484190795

Add the offline_access permission or scope in OAuth parlance:

https://www.facebook.com/dialog/oauth?client_id=184484190795&scope=offline_access

Add a redirect_uri which is where Facebook will redirect to after the user completes the authorization step ("Allow" or "Dont Allow", look at docs for response format or just try it out):

https://www.facebook.com/dialog/oauth?client_id=184484190795&scope=offline_access&redirect_uri=https%3A%2F%2Ffbrell.com%2Fecho

If you follow the link above, it will take you to a prompt, and then upon clicking Allow/Dont Allow it'll take you to a page that "echos" back the request. If you click Allow, you'll get a code parameter back, which you can exchange for an access_token by making an HTTP request to Facebook from your server, which does something along the lines of this:

https://graph.facebook.com/oauth/access_token?client_id=184484190795&client_secret=XXX&code=YYY&redirect_uri=ZZZ

You need to pass in your client_id, your application secret must be passed in as the client_secret, the same redirect_uri as you used earlier and the code you received as the response. This will return the offline_access enabled access_token for that user.

One thing to keep in mind though is that even if you request offline_access your application must gracefully handle invalid or expired access_tokens, as that can happen for various reasons.


I know two solutions: Java and JavaScript

Java : a. servlet code (don't forget to import relevant jar's) :

String url="http://www.facebook.com/login.php?api_key=YOUR_API_KEY&v=1.0";
url+="&fbconnect=true&return_session=true&req_perms=offline_access,status_update";
url+="&next=http://YOUR_FaceBookCallback_SERVLET"; 
response.sendRedirect(url);
return;

//You will get prompt to log in to facebook and permit the extended permissions

b. Don't forget to define your ConnectUrl(in your facebook account application) as http://YourUrlFromWhereDoYouTurnToTheServletAbove

c. make another servlet : YOUR_FaceBookCallback_SERVLET (see above) with this code:

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String session = request.getParameter("session");
//from this string you can obtain your infinite session_key.In order to do this, parse this string as JSON.
//Save it in the database or in the other data storage  
response.sendRedirect(ThePlaceThatYouWant);}

d. Use this secret session_key like this:

FacebookXmlRestClient  client = new FacebookXmlRestClient(YOUR_API_KEY, FACEBOOK_APPLICATION_SECRET,SECRET_SESSION_KEY);
client.setIsDesktop(false); 
client.users_setStatus("YourMessage");

If anybody wants the JavaScript solution(the big hole in security) write me


I figured out how to "retrieve" the offline access infinite session key after a lot of hair-splitting, some trial and error & wondering about all the other productive ways I could have spent that time... agree facebook documentation could be a lot better

1) If you are using the facebook-java-api.. then take a look at the facebook demo site for "mobile web" on how to format the URL for requesting offline access
http://itsti.me/index.php

<a href="http://www.facebook.com/connect/prompt_permissions.php?api_key=YOUR_API_KEY&ext_perm=publish_stream%2Coffline_access&next=http%3A%2F%2Fmysite%2Ffacebookconnect&cancel=http%3A%2F%2Fmysite%2Fhome&display=wap"><img alt="Connect" src="http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_medium_long.gif" id="fb_login_image"/></a>

2) As to how get the offline session key from the session..The trick is : when facebook redirects the user to the "next" url right after granting offline access, you should get the facebook session "again"..this new session will have the infinite session key.
here is an example for mobile web...you should be able to figure it out for a regular website.The auth_token is used only for mobile web sites.. you may not need it for a regular web site

FacebookJsonRestClient fbc = new FacebookJsonRestClient(MY_API_KEY, SECRET, sessionKey);
String auth_token = request.getParameter("auth_token");
System.out.println("infinite session kEY = " +   fbc.auth_getSession(auth_token));