Thursday, May 17, 2012

Facebook offline access step-by-step



UPDATE : Facebook offline_access permission is being deprecated. Please refer to the official documentation for more information.







You'll have till May 1, 2012 , at which date this setting will be disabled. refer to the Developer Roadmap for more info.





After searching literally 1 day on facebook and google for an up-to-date and working way to do something seemingly simple:



I am looking for a step-by-step explanation to get offline_access for a user for a facebook app and then using this (session key) to retrieve offline & not within a browser friends & profile data.



Preferrably doing this in the Fb Java API.



Thanks.



And yes I did check the facebook wiki.



Update: Anyone?



this: http://www.facebook.com/authorize.php?api_key=<api-key>&v=1.0&ext_perm=offline_access gives me offline_Access, however how to retrieve the session_key?



Why can't facebook just do simple documentation, I mean there are like 600 people working there?



The seemingly same question: Getting offline_access to work with Facebook Does not answer how to retrieve the session key



Edit: I am still stuck with that. I guess nobody really tried such a batch access out yet...


Source: Tips4all
Post by On
Tags , , ,

5 comments:

  1. UserMay 17, 2012 at 4:11 AM

    If you want finally want to use PHP, with the Facebook PHP SDK v3 (see on github), it is pretty simple. To log someone with the offline_access permission, you ask it when your generate the login URL. Here is how you do that.

    Get the offline access token

    First you check if the user is logged in or not :

    require "facebook.php";
    $facebook = new Facebook(array(
    'appId' => YOUR_APP_ID,
    'secret' => YOUR_APP_SECRET,
    ));

    $user = $facebook->getUser();

    if ($user) {
    try {
    $user_profile = $facebook->api('/me');
    } catch (FacebookApiException $e) {
    $user = null;
    }
    }


    If he is not, you generate the "Login with Facebook" URL asking for the offline_access permission :

    if (!$user) {
    $args['scope'] = 'offline_access';
    $loginUrl = $facebook->getLoginUrl($args);
    }


    And then display the link in your template :

    <?php if (!$user): ?>
    <a href="<?php echo $loginUrl ?>">Login with Facebook</a>
    <?php endif ?>


    Then you can retrieve the offline access token and store it. To get it, call :

    if ($user) {
    $token = $facebook->getAccessToken();
    // store token
    }


    Use the offline access token

    To use the offline access token when the user is not logged in :

    require "facebook.php";
    $facebook = new Facebook(array(
    'appId' => YOUR_APP_ID,
    'secret' => YOUR_APP_SECRET,
    ));

    $facebook->setAccessToken("...");


    And now you can make API calls for this user :

    $user_profile = $facebook->api('/me');


    Hope that helps !

    ReplyDelete
  2. UserMay 17, 2012 at 4:11 AM

    I did a tutorial not too long ago on my blog. It doesn't require any plugins or whatnot, it is done in PHP, and I have tested it. I did it for mainly wall posts, but after you authenticate you can use whatever function you want.

    EDIT: Post no longer exists. FB API is updated anyway...

    ReplyDelete
  3. UserMay 17, 2012 at 4:11 AM

    I know two solutions: Java and JavaScript

    Java :
    a. servlet code (don't forget to import relevant jar's) :

    String url="http://www.facebook.com/login.php?api_key=YOUR_API_KEY&v=1.0";
    url+="&fbconnect=true&return_session=true&req_perms=offline_access,status_update";
    url+="&next=http://YOUR_FaceBookCallback_SERVLET";
    response.sendRedirect(url);
    return;


    //You will get prompt to log in to facebook and permit the extended permissions

    b. Don't forget to define your ConnectUrl(in your facebook account application) as http://YourUrlFromWhereDoYouTurnToTheServletAbove

    c. make another servlet : YOUR_FaceBookCallback_SERVLET (see above) with this code:

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String session = request.getParameter("session");
    //from this string you can obtain your infinite session_key.In order to do this, parse this string as JSON.
    //Save it in the database or in the other data storage
    response.sendRedirect(ThePlaceThatYouWant);}


    d. Use this secret session_key like this:

    FacebookXmlRestClient client = new FacebookXmlRestClient(YOUR_API_KEY, FACEBOOK_APPLICATION_SECRET,SECRET_SESSION_KEY);
    client.setIsDesktop(false);
    client.users_setStatus("YourMessage");


    If anybody wants the JavaScript solution(the big hole in security) write me

    ReplyDelete
  4. UserMay 17, 2012 at 4:11 AM

    Hi
    I figured out how to "retrieve" the offline access infinite session key after a lot of hair-splitting, some trial and error & wondering about all the other productive ways I could have spent that time... agree facebook documentation could be a lot better

    1) If you are using the facebook-java-api.. then take a look at the facebook demo site for "mobile web" on how to format the URL for requesting offline access
    http://itsti.me/index.php

    <a href="http://www.facebook.com/connect/prompt_permissions.php?api_key=YOUR_API_KEY&ext_perm=publish_stream%2Coffline_access&next=http%3A%2F%2Fmysite%2Ffacebookconnect&cancel=http%3A%2F%2Fmysite%2Fhome&display=wap"><img alt="Connect" src="http://static.ak.fbcdn.net/images/fbconnect/login-buttons/connect_light_medium_long.gif" id="fb_login_image"/></a>


    2) As to how get the offline session key from the session..The trick is : when facebook redirects the user to the "next" url right after granting offline access, you should get the facebook session "again"..this new session will have the infinite session key.
    here is an example for mobile web...you should be able to figure it out for a regular website.The auth_token is used only for mobile web sites.. you may not need it for a regular web site

    FacebookJsonRestClient fbc = new FacebookJsonRestClient(MY_API_KEY, SECRET, sessionKey);
    String auth_token = request.getParameter("auth_token");
    System.out.println("infinite session kEY = " + fbc.auth_getSession(auth_token));

    ReplyDelete
  5. UserMay 17, 2012 at 4:11 AM

    For session access, i had to use the loginurl provided by the facebook php api, as there seem to be 2/3 additional variables that it sends in the auth request, including return_session and session_version. Also the new php5-sdk sends the request to login.facebook.com instead of https://graph.facebook.com/oauth/authorize. Here's how i worked it out :

    $b=new facebook(array('appId'=>APP_ID,'secret'=>SECRET))

    To ask for authentication :

    $facebook->getLoginUrl(array('next'=>$redirect_uri,'req_perms'=>$scope))

    Rember to include offline_access in $scope.
    Once you are redirected to this page (after logging in to fb, and granting permissions), you will have a $_GET['session'] in json format.

    Just store it wherever you want (I do it in a database). The next time you wish to do something with the user's account, just use the following:

    $session = json_decode($db->query("SELECT ..."));//get session from db
    $this->facebook->setSession($session);

    After this any requests that the api makes will be via this user's access.

    The worst thing about the current facebook graph api is (correct me if I'm wrong) that the current api neglects the session (which seems to be a remain from the old api) in all its documentation and only talks about the access_token. But the current api (php5-sdk) has got no feature to send an actual request using only the access_token. If there is a function to start a session a session using only the access_token, I'm not aware of it.

    ReplyDelete

Subscribe to: Post Comments (Atom)