tags:

views:

2571

answers:

6
+5  Q: 

Facebook access_token invalid?

I'm attempting to use the new Graph API Facebook recently released, but I can't seem to get it to work correctly.

I've gone through the steps, and after the /authorize call, I receive an access_token:

access_token=109002049121898|nhKwSTJVPbUZ5JYyIH3opCBQMf8.

When I attempt to use that token I get:

{ "error": { "type": "QueryParseException", "message": "An active access token must be used to query information about the current user." } }

I'm stumped as too why...

-AC

+1  A: 

Just to clarify -- after you call

https://graph.facebook.com/oauth/authorize?

you should receive a CODE which, in conjunction with your CLIENT_ID and CLIENT_SECRET (assuming you have registered your application) can be exchanged for an access_token at

https://graph.facebook.com/oauth/access_token?

If this is indeed how you came by your ACCESS_TOKEN, you should then be able to request 

https://graph.facebook.com/me/
Bosh  2010-04-24 19:56:33
thats what he is asking, he is getting QueryParseException error from the server!
Cem  2010-04-24 20:42:17
Alex Cook  2010-04-24 21:28:55
im struggling exactly the same thing here, if you find a solution please keep me posted.
Cem  2010-04-24 22:23:22
I FINALLY got a different access_token, but it is still considered invalid by Facebook...
Alex Cook  2010-04-25 15:04:30
is it url encoded the querystring you send? thats also needed, how did you manage to get a diff access_token?
Cem  2010-04-25 16:41:04
A: 

same thing here. I followed Ben Biddington's blog to get the access token. Same error when trying to use it. Facebook's OAuth implementation doesn't follow the spec completely, i am fine with it as long as the doc is clear, which obviously is not the case here. Aslo, it would be nice if the userid and username are returned with the access token.

Ji  2010-04-25 18:17:47
update, it looks like they fixed problem. Do NOT add type parameter. Aslo make sure redirect_uri is identical when making authroize and access_token call.
Ji  2010-04-28 15:27:31
Originally I want my own implemenation against their OAuth (and Twitter too) for control and performance, but began to have second thought. Different providers (e.g twitter and facebook) offer slightly different implementation, on top of that, oauth1/oauth2/ssl and new social features would requires a significant effort to keep up with changes and new stuff. For Facebook, just use their Social Gaph Javascript API, for twitter, just use @Anywhere api. Probably some overhead on page load, but should be acceptable in most cases. I can sleep better.
Ji  2010-04-28 15:29:29
A: 

I've been having the exact same problem. A couple of things I've done to resolve it:

  1. Try it all out in the browser first to make sure the urls are correct at each stage
  2. Ensure the redirect url is identical, not just equivalent. Parameters in the same order, encoding the same
  3. Don't use the type=client_cred, or anything else for that matter
  4. Encode any ampersands in the redirect_url (but not the rest of the url) e.g. http://example.com/fb?foo=234%26bar=567. This one caused me the most issues. When the callback page was run, only the url before the first ampersand was included, as the ampersand was assumed to be part of the url for graph.facebook.com, not part of the redirect_url. I was then getting the values from the querystring to put in the redirect_url for the second call, but they weren't there. Once I encoded the ampersands they appeared correctly.
  5. Don't have any empty values in you encoded querystring parameters (e.g. ?foo=%26bar=123)
harriyott  2010-05-18 19:18:44
+1  A: 

I want to point out what has sort of been said on Ben Biddington's blog, and what I noticed from looking at the "malformed" access_token in the initial question. Others have said similar things in this thread, but I want to be explicit.

The token is not actually malformed, but rather a token that allows you to do actions on behalf of the APP, not the user. This is the token you'd use if you wanted to get all of the users of the app, or view insights for your app, etc, with the requests typically coming from your server, not the client. This type of token is gained by using the type=client_cred parameter. If you want to do things on behalf of the user, do not specify type=client_cred, and make sure you specify the following parameters in your call to http://graph.facebook.com/oauth/access_token:

'client_id' => APP_ID
'redirect_uri' => REDIRECT_URI
'client_secret' => APP_SECRET
'code' => $_GET['code']

I've written this as key-value pairs of a PHP array, but I think you get the point. The code GET value is gained after making the initial call to http://graph.facebook.com/oauth/authorize with the following parameters:

'client_id' => APP_ID
'redirect_uri' => "http://your.connect.url/some/endpoint"

I hope this helps! What the Facebook docs say, but don't say well, is that getting an access_token is a two-request process.

Andrew  2010-06-18 17:34:37
A: 

Adding type parameter returns the auth_token for the application level, so it is better to OMIT it. What worked for me, after countless attempts and combinations, is using the same redirect_url parameter in the call to /oath/access_token as was used in the call to /oath/authorize.
So the full sequence to authorize your app on some one's behalf is:

  1. call or redirect to: "https://graph.facebook.com/oauth/authorize?client_id=" + my_clientId + "&scope=publish_stream,offline_access,manage_pages" + "&redirect_uri=" + "http://my_redirect_url?blah"
  2. in the page located at the return_url above, issue a request or what ever else to this url:
    "https://graph.facebook.com/oauth/access_token?client_id=" + client_id + "&client_secret=" + secret + "&code=" + Request.QueryString["code"] + "&redirect_uri=" + "http://my_redirect_url?blah"
Fil  2010-08-10 00:42:33
A: 

I had the same issue in IE8 only. The solution for me was sending the access_token in the API request. Something like this:

FB.api('/me/friends?access_token=<YOUR TOKEN>

I obtained my token thru php like this:

// Create our Application instance.
$facebook = new Facebook(array(
    'appId'  => '<API_ID>',
    'secret' => '<SECRET>',
    'cookie' => false,
));

$session = $facebook->getSession();
$token = $session['access_token'];

Hope that helps!

-- Alberto Miranda

Alberto Miranda  2010-08-31 23:46:15

related questions

Does the Facebook REST API allow you to get a friend's phone number?
Hosting a Facebook Application?
My Facebook application's Javascript doesn't work in Google Chrome
Successful sites using Asp.NET and the Facebook API
How do you remove the "box head" in a Facebook application?
Render Self-Closing Tag in ASP.NET custom control derived from Control
What does the new Facebook Connect platform offer over a traditional Facebook App?
I need help creating a modding system in a Facebook Application
New Facebook app - FBML or iFrame?
how much does facebook denormalize their databases to break things up by network and therefore shrink the tables and speed the system?
using a named function as the callback for $.getJSON in jQuery to satisfy Facebook request signing demands
Which Facebook .NET Library is the best to use?
In Facebook app, is there a way to link directly to "join a group"
Facebook Development vs. XNA, Which is Worth Learning?
What's a Good Resource for Learning Facebook Application/Game Development?
Example Facebook Application using TurboGears -- pyFacebook
How to authenticate in a Facebook Flash application?
Facebook RSS application
Using Merb for Facebook Application
How to start facebook app?
Is anyone developing facebook apps on Grails
How do I import facebook friends from another website
Facebook java integration
Developing and Testing a Facebook application
Anyone have a link to a technical discussion of anything akin to the Facebook news feed system?