Facebook Graph API - authorization types?

views:

1502

answers:

+1 Q:

Facebook Graph API - authorization types?

I'm struggling with the new Facebook Graph API, perhaps someone here can help.

Here is what I want to do: provide a ‘login w/ FB’ button, throw to /authorize, get a code, throw to /access_token, get an access_token, and be able to hit https://graph.facebook.com/me for info about the user.

When I try to use type=client_cred in the /authorize call, I get an access_token that lets me hit URLs with userIDs or names, but not /me. I receive an error stating I need a valid token.

If I can't hit /me, how do I figure out who the current user is?

What exactly should I use in the type param if I want a website to access a users data? I've seen posts with type=web_server, etc, but I can't seem to find a sure fire way to do, what I think, is pretty simple...

Thanks ahead of time for any help thats provided...

+1 A:

I think it should be something like that:

https://graph.facebook.com/oauth/authorize?client_id=...&redirect_uri=...&scope=user_photos,user_videos,publish_stream&display=page

The scope should specify permissions you need as listed here http://developers.facebook.com/docs/authentication/permissions

Display values can be found here http://developers.facebook.com/docs/authentication/

Fedor 2010-05-15 01:32:01

That got me further than the FB instructions, but I'm still hitting a wall. Now I get an error when I hit the /authorize call: { "error": { "type": "OAuthException", "message": "Error validating verification code." }}

Alex Cook 2010-05-16 17:42:48

+2 A:

When I try to use type=client_cred in the /authorize call, I get an access_token that lets me hit URLs with userIDs or names, but not /me. I receive an error stating I need a valid token.

client_cred is intended for your app to validate that it is, indeed, the app. It's used for things like subscribing to Facebook's real-time update API. It imparts no user authentication.

You need to follow Facebook's OAuth instructions. It does not use the type parameter in any way. You'll be:

Sending the user to https://graph.facebook.com/oauth/authorize with a callback URL set.
If the user says OK, they'll be redirected to your callback URL with a verification string as a URL parameter.
You take that verification string and request an access token from https://graph.facebook.com/oauth/access_token

That access token lets you function as the user and access the me URLs.

ceejayoz 2010-05-15 02:13:35

I have followed FBs instructions, but can't get an access_token. When I do exactly as stated by you and FB I get this error when hitting /authorize: { "error": { "type": "OAuthException", "message": "Error validating verification code." }}

Alex Cook 2010-05-16 17:41:41

Make sure your Connect URL in your application settings at http://facebook.com/developers has the same domain name as your callback URI. If they don't match, Facebook will reject your requests.

ceejayoz 2010-05-16 23:06:27

+1 for ceejayoz for stressing on using the same callback url...it can be a nightmare guessing how a verification code can go wrong....

Mulki 2010-10-04 18:55:13

Hi, I just made a website where i'm authorizing the users using the oauth2.0 and graph api. I also want to user logout from my website and facebook site,when they click on the logout button. I'm unable to find a solution for this last 24 hours. Thanks in Advacnce

Sam 2010-05-30 11:47:36

do you solve it?i have the same error like yours
i find a page that explain this problem http://benbiddington.wordpress.com/2010/04/23/facebook-graph-api-getting-access-tokens/

if use type=client_cred, you need to change "me" to a user id, and the userid can find in the "code" param, just see the airtle:)

wingoo 2010-06-07 12:51:12

ansaurus

tags:

views:

answers:

Facebook Graph API - authorization types?

related questions