why does posting to facebook page yield "user hasn't authorized the application"

Question

I have read the fb docs and written code to publish a message to a facebook "page", however I am getting an error that I don't expect to see:

(#200) The user hasn't authorized the application to perform this action

Here's what I've done:

• I set up a facebook application, which provides my APP_ID and APP_SECRET.
• I set up a test facebook "page". Let us refer to its fb id as PAGE_ID.
• Used OAuth to get a USER_ACCESS_TOKEN with scope "publish_actions,manage_pages" for the user. I accepted the permissions requested by my app when redirected to the facebook auth page.
• I did a GET on https://graph.facebook.com/me/accounts using the USER_ACCESS_TOKEN, and I get back a list of pages I administrate, including the one I want to post to.

This block of data for my page looks like:

{
  "data": [
    {
      "category": "Community", 
      "name": "My Generic Test Page", 
      "access_token": PAGE_ACCESS_TOKEN, 
      "id": PAGE_ID, 
      "perms": [
        "ADMINISTER", 
        "EDIT_PROFILE", 
        "CREATE_CONTENT", 
        "MODERATE_CONTENT", 
        "CREATE_ADS", 
        "BASIC_ADMIN"
      ]
    }, 
    ....
  ]
}

Then I use the PAGE_ACCESS_TOKEN to post a message to the page:

• I did a POST on https://graph.facebook.com/PAGE_ID/feed with a field message equal to This is a test post.

Facebook returns:

{
  "error": {
    "message": "(#200) The user hasn't authorized the application to perform this action", 
    "type": "OAuthException", 
    "code": 200
  }
}

Using the token debugger, I can confirm that my PAGE_ACCESS_TOKEN is valid, and has scopes: manage_pages and publish_actions.

Where am I missing authorizing the application? Do I need additional scopes? Did I miss clicking something on the facebook authorization screen? Is there a setting on the app I am missing? After days of debugging this, I must be blind to the problem. :-|

Answer 1

You should add permission called status_update, for example

https://www.facebook.com/dialog/permissions.request?_path=permissions.request&app_id=145634995501895&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html%3Fdisplay%3Dpage&response_type=token&fbconnect=1&perms=status_update&from_login=1&m_sess=1&rcount=1

and i'm able post to page i liked with the access token i get just now:

If you want to post as the admin of the page, you're require both manage_pages and status_update permissions, for example

https://www.facebook.com/dialog/permissions.request?_path=permissions.request&app_id=145634995501895&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html%3Fdisplay%3Dpage&response_type=token&fbconnect=1&perms=manage_pages%2Cstatus_update&from_login=1&m_sess=1&rcount=1

Cheers

Answer 2

status_update is not used anymore. To publish on pages, I had to use both manage_pages and publish_pages.

Answer 3

Well, this seems to be a common mistake that most of us make while trying to do an activity in social netwroks. Before trying to put up an open graph action,You need to set the permissions in your initial authorization request . By default you only gain 'read-only' access to their basic information. Settintg up permisson at teh time of authetication is a must for Facebook and LinkedIn APIs..

See the public_actions section in Facebook open graph permissions here and make relevant changes in the authorization code , and get your issue solved.

Answer 4

I found the best way to get a valid token and check permissions was via the Graph API Explorer BUT while Facebook's documentation is extensive it is not always the easiest to follow.

In the explorer you have to look at both:

1. The Application Currently at the top and quite subtle, I missed this for ages.
2. Get Token Dropdown What you click to get a Token, when you click the arrow you can choose pages and other items you have access to for selecting a token for.