开发者

Facebook access_token invalid?

开发者 https://www.devze.com 2022-12-27 21:04 出处:网络
I\'m attempting to use the new Graph API Facebook recently released, but I can\'t seem to get it to work correctly.
相关专题:facebookoauth

I'm attempting to use the new Graph API Facebook recently released, but I can't seem to get it to work correctly.

I've gone through the steps, and after the /authorize call, I receive an access_token:

access_token=109002049121898|nhKwSTJVPbUZ5JYyIH3opCBQMf8.

When I attempt to use that token I get:

{
   "error": {
      "type": "QueryParseException",
      "message": "An active access token must be use开发者_StackOverflow社区d to query information about the current user."
   }
}

I'm stumped as too why...

-AC

When using your Facebook Application's token

If you're using the me alias as in https://graph.facebook.com/me/ but your token is acquired for a Facebook Application, then "me" isn't you anymore - it's the app or maybe nothing. Anyway, that's not your intention for the app to interact with itself.

In this case you will want to interact with your personal user account from an app. What you need to do (after giving the app the permissions it requests in the UI when it asks) is find your facebook userid # and put it in place of "me" to access your own info. e.g. Mark Zuckerberg's facebook userid is 4 so he is https://graph.facebook.com/4/

The alias me only works if you're you! Sometimes it's hard to remember who the current user is when programming facebook (i.e. you, the Page, the App, etc) because we're accustomed to using the facebook UI as ourselves most of the time. From a programming standpoint it depends on what the acquired token represents.

A great blog post that always helps correct me is Ben Biddington | Facebook Graph API — getting access tokens.

same thing here. I followed Ben Biddington's blog to get the access token. Same error when trying to use it. Facebook's OAuth implementation doesn't follow the spec completely, i am fine with it as long as the doc is clear, which obviously is not the case here. Aslo, it would be nice if the userid and username are returned with the access token.

Just to clarify -- after you call

https://graph.facebook.com/oauth/authorize?

you should receive a CODE which, in conjunction with your CLIENT_ID and CLIENT_SECRET (assuming you have registered your application) can be exchanged for an access_token at

https://graph.facebook.com/oauth/access_token?

If this is indeed how you came by your ACCESS_TOKEN, you should then be able to request 

https://graph.facebook.com/me/

Adding type parameter returns the auth_token for the application level, so it is better to OMIT it. What worked for me, after countless attempts and combinations, is using the same redirect_url parameter in the call to /oath/access_token as was used in the call to /oath/authorize.
So the full sequence to authorize your app on someone's behalf is:

1. call or redirect to:

"https://graph.facebook.com/oauth/authorize?client_id=" + my_clientId + "&scope=publish_stream,offline_access,manage_pages" + "&redirect_uri=" + "http://my_redirect_url?blah"

2. in the page located at the return_url above, issue a request or what ever else to this url:

"https://graph.facebook.com/oauth/access_token?client_id=" + client_id + "&client_secret=" + secret + "&code=" + Request.QueryString["code"] + "&redirect_uri=" + "http://my_redirect_url?blah"

I've been having the exact same problem. A couple of things I've done to resolve it:

  1. Try it all out in the browser first to make sure the urls are correct at each stage
  2. Ensure the redirect url is identical, not just equivalent. Parameters in the same order, encoding the same
  3. Don't use the type=client_cred, or anything else for that matter
  4. Encode any ampersands in the redirect_url (but not the rest of the url) e.g. http://example.com/fb?foo=234%26bar=567. This one caused me the most issues. When the callback page was run, only the url before the first ampersand was included, as the ampersand was assumed to be part of the url for graph.facebook.com, not part of the redirect_url. I was then getting the values from the querystring to put in the redirect_url for the second call, but they weren't there. Once I encoded the ampersands they appeared correctly.
  5. Don't have any empty values in you encoded querystring parameters (e.g. ?foo=%26bar=123)

I want to point out what has sort of been said on Ben Biddington's blog, and what I noticed from looking at the "malformed" access_token in the initial question. Others have said similar things in this thread, but I want to be explicit.

The token is not actually malformed, but rather a token that allows you to do actions on behalf of the APP, not the user. This is the token you'd use if you wanted to get all of the users of the app, or view insights for your app, etc, with the requests typically coming from your server, not the client. This type of token is gained by using the type=client_cred parameter. If you want to do things on behalf of the user, do not specify type=client_cred, and make sure you specify the following parameters in your call to http://graph.facebook.com/oauth/access_token:

'client_id' => APP_ID
'redirect_uri' => REDIRECT_URI
'client_secret' => APP_SECRET
'code' => $_GET['code']

I've written this as key-value pairs of a PHP array, but I think you get the point. The code GET value is gained after making the initial call to http://graph.facebook.com/oauth/authorize with the following parameters:

'client_id' => APP_ID
'redirect_uri' => "http://your.connect.url/some/endpoint"

I hope this helps! What the Facebook docs say, but don't say well, is that getting an access_token is a two-request process.

I actually noticed that if your return uri doesn't have a slash on the end you have issues. I'm currently testing in the browser and return_uri=https://mydomain.com doesn't work but return_uri=https://mydomain.com/ does work. If I use the first I get "Error validating verification code."

This seems a bit odd, but I prolly just missed a word in the spec/instructions some where. Did lose two hours of my life to it though.

I had the same problem, but getting rid of type=client_cred and making sure that the redirect_uri parameter is the same when making the authorize and the access_token call fixed the issue.

I had the same issue in IE8 only. The solution for me was sending the access_token in the API request. Something like this:

FB.api('/me/friends?access_token=<YOUR TOKEN>

I obtained my token through PHP like this:

// Create our Application instance.
$facebook = new Facebook(array(
    'appId'  => '<API_ID>',
    'secret' => '<SECRET>',
    'cookie' => false,
));

$session = $facebook->getSession();
$token = $session['access_token'];
0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

关注公众号

热门标签

图文推荐

Delphi - Custom drawing a message list

Delphi - Custom drawing a message list
C++ header-only include pattern

C++ header-only include pattern
IE7 Margin Collapses Into Padding

IE7 Margin Collapses Into Padding
in CoffeeScript, how can I use a variable as a key in a hash?

in CoffeeScript, how can I use a variable as a key in a hash?
Interactive visualization of a graph in python [closed]

Interactive visualization of a graph in python [closed]
How to customise PHP MYSQL tables?

How to customise PHP MYSQL tables?
High quality, simple random password generator

High quality, simple random password generator
Image Recognition ApI in android

Image Recognition ApI in android

开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9