Are Facebook Page Access Tokens temporary? - token

I am trying to determine if page access tokens used with the messenger api are permanent. Seeing this code in one of their examples, which indicates to me that they are using the token as a constant value :
access_token: PAGE_ACCESS_TOKEN
I get the Page Access Token shown on my facebook app dashboard in this way:
I log into facebook, go to developer.facebook.com, select my messenger app, then on the dashboard go to Products > Messenger > Settings and can select my page and then get a token.
Can I put that value in a properties file and then use it indefinitely with my application when getting/sending messages to and from the page?
I am getting a bit confused regarding the documentation around other tokens, like user tokens and login tokens vs. page tokens.
Editing to add that I am using the page access token in order to make a POST request to this url : https://graph.facebook.com/v2.6/me/messages in order to reply to a message sent to my page by a user.

I believe I have solved this and wanted to post in case anyone else had the same confusion.
I assumed I needed to make a GET request to a facebook url in my code to get a new token before each Request to GET or POST to the messenger API. Using the information in the links above, I learned how to get an extended token here:
https://developers.facebook.com/tools/explorer/<my app id here>?method=GET&path=me%2Faccounts&version=v2.10
I then can use that ID indefinitely as it is supposed to not expire. I am going to assume it is OK to put this id into my properties file, if anyone has opinions on a better place to store this token value I would be interested.

Extended Page Tokens are valid forever.
You need to use a User Token, extend the User Token and then get an Extended Page Token with the Extended User Token.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens/
http://www.devils-heaven.com/facebook-access-tokens/

Related

Getting "FacebookAds::ClientError (Invalid parameter: Terms of Service Not Accepted (fbtrace_id: Ch/RdwGB+D3))" after i call api to create App

I will explain the scenarios here
1) When user click on link facebook button facebook permission dialog is bypassed and returns back directly on redirect uri(http://localhost:3000/ in my case) with code and state.
2) I am successfully able to exchange the code return above with access token.
3) I used facebooks access token debugger to analyze the token above and shows be proper scopes i need.
4) After this i fetch ad_accounts id, page token and page ids using this token.
5) when i use this token to create campaign for ads i get the following error.
FacebookAds::ClientError (Invalid parameter: Terms of Service Not Accepted (fbtrace_id: Ch/RdwGB+D3))
I use ruby facebook-business-sdk.
My app is in development mode and not live yet.
I can see both facebook login and marketing api green live in my app dashboard.
It makes sense to me that i am getting "Terms not accepted error" as user is never prompted to permissions dialog to permit my app for token.
I also observed that if add scope params to facebook login uri, the user is prompted to permission dialog.
I must be missing some configuration here, i have not yet submitted my app for review.
Any help/clue is appreciated.

dropbox oauth token flow: redirect without needing to click "allow"?

I am learning to use dropbox APIs and got confused when came up with the token flow.
As guide indicates, the flow should be like this:
the app redirect the user to a Dropbox webpage, i.e. .../oauth2/authorize
user logs in and approves the app
redirect back to the app. At this point, the app gets an access token.
However, when i requested the URL:
.../oauth2/authorize?client_id=xxx&response_type=token&redirect_uri=xxx
I was directly redirect to the destination with
REDIRECT_URI = "#access_token=xxx&token_type=bearer&uid=xxx"
And the "approve step" was skipped, i.e I got an access token without being allowed.
Is it a bug or my fault?
Any help would be appreciated :]
In certain cases, when the user has already approved the app to access their account previously, they will be automatically redirected through the app authorization flow.
If you want, your app can prevent this behavior from happening by using the force_reapprove parameter, documented for the /oauth2/authorize page here:
https://www.dropbox.com/developers/core/docs#oa2-authorize

Get Twitter id with Screen Name

Hi I'm trying to get Twitter ID by Screen name..
Screen name is: KTutorials
Here is my link to get Twitter Id
https://api.twitter.com/1.1/followers/ids.json?cursor=-1&screen_name=ktutorials&count=5000
But I'm getting this error.
{"errors":[{"code":215,"message":"Bad Authentication data."}]}
Here is my Twitter link https://twitter.com/ktutorials
Any Help?
I can see that you are using Twitter API to GET followers/ids method. GET request for this method require OAuth Signature. This means that you should have Twitter App created and if not, you should have create one here.
Subsequently, you should visit GET followers/ids documentation page, and get OAuth Signature using the "OAuth Signature Generator" located at bottom of page.
Bad Authentication data tells that you it can't do the operation due to the bad authentication.
From API V1.1, all requests should be authenticated first. So, create
an app in Twitter console and put the important keys like Access keys
and Consumer keys.
If you feel you are authenticated user, then re-generate your token and give another try!

Confirm Facebook Post Exist

I am having a scenario within our iPhone App where people post things on their Facebook wall through our App. User's signup to our App. At a certain action, they post something on their Facebook wall and we want to track if this post will still exist after a certain time.
Once they signup to our App, they will either select as "Public" or "Friends" when they download our App. Is it possible to track from our end whether a certain post still exist or not?
Is there anything on the Facebook account settings as a user to disallow this to check?
When you post a feed, a post-id in returned in response. You can make a call using Graph API: \GET /{post-id}. If the post still exists, it'll return you all the details of the post but if not it will return the error in the response.
But, according to the documentation of /user/feed,
A user access token with read_stream permission is required.
Now this will make the things a bit complicated. Since a user token is valid for only few hours, you have to extend it (validity: 60days) and save it at your end. Also, read_stream perms is required.
To know more about extending the token and refreshing it again, see the "Expiration and Extending Tokens" section here: Access Tokens.

fb_graph / general facebook API question

How is the server-side flow supposed to be for Facebook Apps? What I mean is, on every page load, do I have to get an access token?
Currently, in my application_controller, I have a before filter that basically
redirect_to #fb_auth.client.web_server.authorize_url (authorizes the app)
#fb_auth.client.web_server.get_access_token (gets the access token)
This seems really slow to have to get another access_token from Facebook on every page load. How is this normally done? The problem that I'm having is that to access the /me object you have to get an access token, which requires me to get the access token on every page load.
You shouldn't need to get a new access token on every page load. The access token should be good for many page loads as it takes over an hour to expire (expiration info is available when you get the token).
Also you don't have to redirect every time. On POSTs to your app (such as when the user clicks over to your app) a signed_request is included with the post data. If the user has not authorized your app, that's the time to redirect to the fb_auth. If the user has previously authorized your app, an access_token should be in the signed_request.
More info here:
http://developers.facebook.com/docs/samples/canvas/
there is a sample skeleton application available # https://github.com/michaelbaldry/fb_graph_canvas
access_token is gained when a person first visits the canvas url on apps.facebook.com/appname/ once this has happened the access_token is stored in a table and used until the next time the user comes straight to the canvas url.

Resources