tags:

views:

9897

answers:

10
+12  Q: 

Facebook graph API - OAuth Token

I'm trying to retrieve data using the new graph API, however the token I'm retriving from OAuth doesn't appear to be working.

The call I'm making is as follows;

$token = file_get_contents('https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=<app_id>&client_secret=<app secret>');

This returns a token with a string length of 41. To give you an example of what is returned I have provided below a sample (converted all numbers to 0, all capital letters to 'A' and small case letters to 'a'

access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA.

I take this access token and attach it to the call request for data, it doesn't appear to be the correct token as it returns nothing. I make the data call as follows; 

file_get_contents('https://graph.facebook.com/<my_page's_id>/statuses?access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA.')

When I manually retrieve this page directly through the browser I get an 500/Internal Server Error Message.

Any assistance would be grately appreciated.

Update:

I've since changed the method from file_get_contents() to curl. By retreiving the headers I get the following error message ... 

{"error":{"type":"OAuthException","message":"Missing client_id"}}

but my post array includes 'client_id'?!

A: 

Make sure you have url encoded your query parameters, your one should actually be:

000000000000%7CAaaAaaAaaAAaAaaaaAaaAa0aaAA

Note: also the type parameter seems to be required, without it you also get 500 error with message:

{
   "error": {
   "type": "OAuthException",
   "message": "Error validating verification code."
   }
}

rather than the message you get with other missing parameters. Cannot see that mentioned in the documentation.

 2010-04-23 12:49:34
at what point is the type parameter required. it's included in the $token = file_get_contents(...)
Simon R  2010-04-23 13:50:37
Oh, sorry that's a note to self -- you already have that in your access token part
 2010-04-23 20:59:36
+1  A: 

Try to follow the API, i.e without type but add redirect_uri and code (even though we don't need it):

$token = file_get_contents('https://graph.facebook.com/oauth/access_token?client_id=&lt;app_id&gt;&amp;client_secret=&lt;app secret>&redirect_uri=<url>&code=<code>');
 2010-04-27 06:25:18
+9  A: 

This works for me :-)

header('Location: https://graph.facebook.com/oauth/access_token?' . http_build_query(array(
    'client_id'     => FB_APP_ID,
    'type'          => 'client_cred',
    'client_secret' => FB_SECRET,
    'code'          => $code)));

Of course you would use file_get_contents instead and parse the token out of the response

phpslacker  2010-04-28 12:58:15
+1. Adding the type=client_cred fixed it for me.
harriyott  2010-05-13 10:17:01
+1 the type=client_cred worked for me. The page does not redirect to my redirect_uri though.
Richard  2010-05-26 21:35:37
type=client_cred seems to issue you a token without a user session (as described in "Authenticating as an Application"). It essentially behaves as if you never passed the code at all. A token without a user session mostly works, but some APIs that need to know who the current user is don't work, most notably: http://graph.facebook.com/me. I've been completely unable to get a token with a user session following the instructions here or at facebook. Kind of frustrating.
Brian Duff  2010-10-03 05:59:08
Turns out that facebook's oauth implementation has some quirky bugs related to the content of the redirect_uri parameter. If your redirect uri contains certain chars (e.g. a correctly url encoded colon), it will choke.
Brian Duff  2010-10-03 14:55:47
+1 it worked for me too. -1 to FB!
Javier  2010-10-06 22:55:17
A: 

You can also get this error if your connect URL isn't a base of your redirect URI. For example

Connect URL: http://www.example.com/fb/connect/

Redirect URI: http://www.example.com/fb/connect/redirect

I ran into an issue where my redirect URI was the same as the connect URL, but I forgot the trailing / on the redirect URI so FB saw them as different and failed the auth.

Jeremy Raymond  2010-05-08 01:22:55
A: 

you need to enter an actual values instead of the < app_id > and a secret value. the code is a unique value that you need to generate , and the redirect URL that you provide will then verify that the code is correct.

Yosi Oren  2010-06-06 14:26:01
+8  A: 

Here is a full blown walk-through of how to authenticate via the oAuth protocol.

For your specific problem, consider the following:

Per the Facebook documentation, you have to redirect to:

  • https://graph.facebook.com/oauth/authorize to get things started.

  • There are 3 query string parameters you have to include with this URL:

  • client_id: this is your Application ID

  • redirect_uri: this is the URI Facebook will redirect to after authentication is successful. This URI must be prefixed with the Connect URL that you provided to Facebook and is case sensitive. The redirect_uri will be a controller action we provide in our ASP.NET MVC application.

  • type: there are two options for this, you can do user_agent or web_server as the type. Because we are not Authentication via javascript/asynchronously, we will use the web_server option.

The redirect will take the user to a Facebook login screen. If the login is successful (and if the user authorizes your application), Facebook will redirect back to the url that was provided in the redirect_uri query string parameter with an access code for the Facebook session. For example the Facebook redirect url to something like:

http://www.example.com/someredirecthandler/?code=2.DQUGad7_kFVGqKTeGUqQTQ__.3600.1273809600-1756053625|dil1rmAUjgbViM_GQutw-PEgPIg.

You must then parse out the code query string and send it to the following uri to get your graph api access token:

https://graph.facebook.com/oauth/access_token?client_id={0}&redirect_uri={1}&client_secret={2}&code={3}

After you have the access token (the response will be a simple string), you can then query the Graph API. EG:

https://graph.facebook.com/me?access_token={0}
Amir  2010-06-14 15:55:37
+1  A: 

Please note that

'type' => 'client_cred',

is only a way to circumvent the below, having said that, the above also works

After the user authorizes your application, we redirect the user back to the redirect URI you specified with a verification string in the argument code, which can be exchanged for an oauth access token. Exchange it for an access token by fetching https://graph.facebook.com/oauth/access_token. Pass the exact same redirect_uri as in the previous step:

via: by: http://developers.facebook.com/docs/api see also: http://forum.developers.facebook.com/viewtopic.php?pid=238371

Martin  2010-07-05 20:37:17
+2  A: 

You can request an access token via terminal (OSX Users) using curl:

curl -F type=client_cred -F client_id=xxxxxxxxxxxxxxx -F client_secret=c0f88xxxxxxxxxxxxxxxxxx1b949d1b8 https://graph.facebook.com/oauth/access_token

Once you have your access token you can then use it in future curl requests to makes changes via the new graph API:

Post a message to a profile id:

curl -F 'access_token=xxxxxxxxxxxxx|mGVx50lxxxxxxxxxxxxhzC2w.'  -F 'message=Hello Likers'  -F 'id=1250000000000905'  https ://graph.facebook.com/feed
Volcanic  2010-07-26 08:46:51
+8  A: 

Hello,

Don't use type=client_cred, this is not the access token that a user grants for your app to use. You don't need redirect_uri or code or any approval to get the client_cred type access token.

Facebook implements an early draft of OAuth 2 at this time. So there is not support for "state" yet.

But it is nice that you can suffix your state to the redirect_uri, the important point to note here is that the site url that you specified (which is the redirect_uri)

should not have a

question mark at the end or anywhere in what you suffix as client state, encoded or not. If you did, you will get the dreaded "Error validating verification code"

Don't use like that

http://www.Redirect.com?

Correct Url is http://www.Redirect.com/

Hope it helps.

PrateekSaluja  2010-10-07 08:31:24
+1  A: 

Hey check out a small tutorial i made for Oauth 2.0 authentication for canvas apps.

http://kartiklad.com/oauth-2-0-and-graph-api-for-facebook-canvas-applications/

hope this helps

Kartik  2010-10-17 06:51:30

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases