views:

600

answers:

4

I am trying to put together a bash or python script to play with the facebook graph API. Using the API looks simple, but I'm having trouble setting up curl in my bash script to call authorize and access_token. Does anyone have a working example?

A: 

Here is the Python Code. Try running some of these examples on command line, they work fine for me..

gsharma
Thanks, I saw that, but I'm looking for a stand alone script. This is part of a Django app or something is it not?
justinhj
A: 

You first need to set up an application. The following will then spit out an access token given your application ID and secret:

> curl -F type=client_cred -F client_id=[...] -F client_secret=[...] https://graph.facebook.com/oauth/access_token
Ian Stevens
+1  A: 

Since a web browser needs to be involved for the actual authorization, there is no such thing as a "standalone script" that does it all. If you're just playing with the API, or are writing a script to automate something yourself, and want a access_token for yourself that does not expire, you can grab one here: http://fbrell.com/auth/offline-access-token

daaku
thanks that's pretty handy
justinhj
+1  A: 

There IS a way to do it, I've found it, but it's a lot of work and will require you to spoof a browser 100% (and you'll likely be breaking their terms of service)

Sorry I can't provide all the details, but the gist of it:

  1. assuming you have a username/password for a facebook account, go curl for the oauth/authenticate... page. Extract any cookies returned in the "Set-Cookie" header and then follow any "Location" headers (compiling cookies along the way).
  2. scrape the login form, preserving all fields, and submit it (setting the referer and content-type headers, and inserting your email/pass) same cookie collection from (1) required
  3. same as (2) but now you're going to need to POST the approval form acquired after (2) was submitted, set the Referer header with thr URL where the form was acquired.
  4. follow the redirects until it sends you back to your site, and get the "code" parameter out of that URL
  5. Exchange the code for an access_token at the oauth endpoint

The main gotchas are cookie management and redirects. Basically, you MUST mimic a browser 100%. I think it's hackery but there is a way, it's just really hard!

Hidden