Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Unusual behavior of facebook grap API ("type": "GraphMethodException", "code": 100)

I am having some unusual errors while fetching some data for some users via graph API. As for example w all know we can get basic user info via graph.facebook.com/username And it works. But it is not working for some users. Like the user www.facebook.com/sanzida.tanzum is a valid facebook user. So, we should get her basic info via graph.facebook.com/sanzida.tanzum. But when you will try that, you will get the error

 {
   "error": {
      "message": "Unsupported get request.",
      "type": "GraphMethodException",
      "code": 100
   }
}

And it is not a permission issue because use user herself gets the same error when she try to retrive her own data via graph API. Actually the user sanzida.tanzum is invisible to graph API. For example user sanzida.tanzum is on my friend list. You can check here. my friendlist.(it is public). But when I retrive my friendlist via graph API, my friendlist is shown excluding the user sanzida.tanzum ! But she is in my friendlist! I have tried to contact facebook for this matter because I did not find any doccument related to this matter. They replied it is usual. (probably they did not read my mail at all. I am including the email conversation with facebook)

Hi তৌফিক,

They are getting errors because they are not you... they dont have permissions to see the same things you do. They might also be missing an access token. Either way: no bug here.

Thanks,

Emrakul Security Facebook

-----Original Message----- From: *****@ovi.com To: Subject: Report a Security Vulnerability - Unusual bug in facebook graph API

Your Email Address: *****@ovi.com Do you have technical details of a security vulnerability?: Yes Vulnerability Type: Privacy / Authentication Vulnerability Scope: Platform Developer API Title: Unusual bug in facebook graph API Product / URL: https://graph.facebook.com/sanzida.tanzum Description and Impact: I was doing some graph API calls for testing purpose. Mostly I was doing mostly user profile calls. (https://graph.facebook.com/exampleuser)

Somehow I realized facebook is giving following errors for some users even they are on my friendlist. Same thing occurs when they try by themselves.

As for eample the user "https://www.facebook.com/sanzida.tanzum" is on my friendlist. (My friendlist is public.You can check if you want.) So, according to facebook graph API, I can request the user's basic info using (https://graph.facebook.com/sanzida.tanzum) But it returns this error:

"{ "error": { "message": "Unsupported get request.", "type": "GraphMethodException", "code": 100 } }"

Actually graph API can't access nothing of this user. Another example.. When I request my friendlist via graph API , All friends of my friendlist is shown except the user (sanzida.tanzum). But she is in my friendlist! check here (my friendlist is public) "https://www.facebook.com/toufiqueimam/friends". So why is this happening only for few users?

Just now I got confirmation that the user herself gets the same error if she tries to access (https://graph.facebook.com/sanzida.tanzum)

{ "error": { "message": "Unsupported get request.", "type": "GraphMethodException", "code": 100 } }

Reproduction Instructions / Proof of Concept: Reproduction: first go to https://www.facebook.com/sanzida.tanzum You will see it is a valid profile. Now try https://graph.facebook.com/sanzida.tanzum You will get following error

{ "error": { "message": "Unsupported get request.", "type": "GraphMethodException", "code": 100 } }

like image 732
Tonmoy Avatar asked Mar 21 '23 02:03

Tonmoy


1 Answers

This isn't a bug, the error means that the data you're trying to access is not accessible to you, does not exist, has been deleted, is not available because you haven't provided an access token from a user who can see it, etc.

See this answer for an example of this error message in relation to Facebook pages: https://stackoverflow.com/a/6847088/21062 - the same is true when trying to access user profiles if that user has blocked you, blocked your app, disabled their account or disabled all apps from accessing their information.

like image 140
Igy Avatar answered Apr 28 '23 12:04

Igy