facebook extended permissions

2019-07-07 00:43发布

问题:

UPDATE 2:

OK, got it "kind of" working by changing:

$loginUrl = $facebook->getLoginUrl(array(
           'canvas' => 1,
           'fbconnect' => 0,
           'req_perms' => 'publish_stream',
           'next' => 'http://'.$_SERVER['SERVER_NAME'].'/success.php',
           'cancel_url' => 'http://'.$_SERVER['SERVER_NAME'].'/cancel.php'
        ));

to this:

$loginUrl = $facebook->getLoginUrl(array(
           'canvas' => 1,
           'fbconnect' => 0,
           'req_perms' => 'publish_stream',
           'next' => 'http://'.$_SERVER['SERVER_NAME'].'/success.php',
           'cancel_url' => 'http://'.$_SERVER['SERVER_NAME'].'/cancel.php'
        ));
        header('Location: '.$loginUrl);

i.e. I added the header('Location: '.$loginUrl);.

But the page is behaving strangely. I have to navigate to the page, login, then refresh the page, login again, then it will ask me for permission to post to the page, and eventually it posts to the page.

Why do I have to login twice?

UPDATE 1:

I now have the following script which does not seem to be working. At this state, I am just trying to post to my own wall, but will eventually want to post to a friends wall too:

<?php
    /**
     *
     * Copyright 2011 Facebook, Inc.
     *
     * Licensed under the Apache License, Version 2.0 (the "License"); you may
     * not use this file except in compliance with the License. You may obtain
     * a copy of the License at
     *
     *     http://www.apache.org/licenses/LICENSE-2.0
     *
     * Unless required by applicable law or agreed to in writing, software
     * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
     * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
     * License for the specific language governing permissions and limitations
     * under the License.
     */


    require 'facebook.php';

    // Create our Application instance (replace this with your appId and secret).
    $facebook = new Facebook(array(
        'appId'  => '<appId removed for security reasons>',
        'secret' => '<secret removed for security reasons>',
        'cookie' => true,
    ));

    // We may or may not have this data based on a $_GET or $_COOKIE based session.
    //
    // If we get a session here, it means we found a correctly signed session using
    // the Application Secret only Facebook and the Application know. We dont know
    // if it is still valid until we make an API call using the session. A session
    // can become invalid if it has already expired (should not be getting the
    // session back in this case) or if the user logged out of Facebook.
    $session = $facebook->getSession();

    $me = null;
    // Session based API call.
    if ($session) {
        try {
            $uid = $facebook->getUser();
            $me = $facebook->api('/me');

            $post = $facebook->api("/me/feed", "POST",  array('message' => 'Hello! I\'m using the FB Graph API!'));
        } catch (FacebookApiException $e) {
            error_log($e);
        }
    }

    // login or logout url will be needed depending on current user state.
    if ($me) {
        $logoutUrl = $facebook->getLogoutUrl();
    } else {
        $loginUrl = $facebook->getLoginUrl(array(
           'canvas' => 1,
           'fbconnect' => 0,
           'req_perms' => 'publish_stream',
           'next' => 'http://'.$_SERVER['SERVER_NAME'].'/success.php',
           'cancel_url' => 'http://'.$_SERVER['SERVER_NAME'].'/cancel.php'
        ));
    }

?>

<!doctype html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
    <head>
        <title>php-sdk</title>

        <style>
            body {
                font-family: 'Lucida Grande', Verdana, Arial, sans-serif;
            }

            h1 a {
                text-decoration: none;
                color: #3b5998;
            }

            h1 a:hover {
                text-decoration: underline;
            }
        </style>
    </head>

    <body>
    <!--
        We use the JS SDK to provide a richer user experience. For more info,
        look here: http://github.com/facebook/connect-js
    -->
        <div id="fb-root"></div>
        <script>
        window.fbAsyncInit = function() {
            FB.init({
                appId   : '<?php echo $facebook->getAppId(); ?>',
                session : <?php echo json_encode($session); ?>, // don't refetch the session when PHP already has it
                status  : true, // check login status
                cookie  : true, // enable cookies to allow the server to access the session
                xfbml   : true // parse XFBML
            });

            // whenever the user logs in, we refresh the page
            FB.Event.subscribe('auth.login', function() {
                window.location.reload();
            });
        };

        (function() {
            var e = document.createElement('script');
            e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
            e.async = true;
            document.getElementById('fb-root').appendChild(e);
        }());
    </script>


    <h1><a href="example.php">php-sdk</a></h1>

    <?php if ($me): ?>
        <a href="<?php echo $logoutUrl; ?>">
            <img src="http://static.ak.fbcdn.net/rsrc.php/z2Y31/hash/cxrz4k7j.gif">
        </a>
    <?php else: ?>
        <div>
            Using JavaScript &amp; XFBML: <fb:login-button></fb:login-button>
        </div>
    <?php endif ?>

    <h3>Session</h3>
    <?php if ($me): ?>
        <pre><?php print_r($session); ?></pre>

        <h3>You</h3>
        <img src="https://graph.facebook.com/<?php echo $uid; ?>/picture">
        <?php echo $me['name']; ?>

        <h3>Your User Object</h3>
        <pre><?php print_r($me); ?></pre>
    <?php else: ?>
        <strong><em>You are not Connected.</em></strong>
    <?php endif ?>
  </body>
</html>

I get the following error:

[Wed Apr 27 22:28:16 2011] [error] [client <ip address removed for security reasons>] OAuthException: (#200) The user hasn't authorized the application to perform this action, referer: http://<ip address removed for security reasons>/index.php

ORIGINAL QUESITON:

I have the following working script which allows someone to login to my page using their facebook details, I can then capture their access_token so I can use it with the graph api:

<?php
    /**
     *
     * Copyright 2011 Facebook, Inc.
     *
     * Licensed under the Apache License, Version 2.0 (the "License"); you may
     * not use this file except in compliance with the License. You may obtain
     * a copy of the License at
     *
     *     http://www.apache.org/licenses/LICENSE-2.0
     *
     * Unless required by applicable law or agreed to in writing, software
     * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
     * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
     * License for the specific language governing permissions and limitations
     * under the License.
     */


    require 'facebook.php';

    // Create our Application instance (replace this with your appId and secret).
    $facebook = new Facebook(array(
        'appId'  => 'app id goes here',
        'secret' => 'secret id goes here',
        'cookie' => true,
    ));

    // We may or may not have this data based on a $_GET or $_COOKIE based session.
    //
    // If we get a session here, it means we found a correctly signed session using
    // the Application Secret only Facebook and the Application know. We dont know
    // if it is still valid until we make an API call using the session. A session
    // can become invalid if it has already expired (should not be getting the
    // session back in this case) or if the user logged out of Facebook.
    $session = $facebook->getSession();

    $me = null;
    // Session based API call.
    if ($session) {
        try {
            $uid = $facebook->getUser();
            $me = $facebook->api('/me');
        } catch (FacebookApiException $e) {
            error_log($e);
        }
    }

    // login or logout url will be needed depending on current user state.
    if ($me) {
        $logoutUrl = $facebook->getLogoutUrl();
    } else {
        $loginUrl = $facebook->getLoginUrl();
    }

?>

<!doctype html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
    <head>
        <title>php-sdk</title>

        <style>
            body {
                font-family: 'Lucida Grande', Verdana, Arial, sans-serif;
            }

            h1 a {
                text-decoration: none;
                color: #3b5998;
            }

            h1 a:hover {
                text-decoration: underline;
            }
        </style>
    </head>

    <body>
    <!--
        We use the JS SDK to provide a richer user experience. For more info,
        look here: http://github.com/facebook/connect-js
    -->
        <div id="fb-root"></div>
        <script>
        window.fbAsyncInit = function() {
            FB.init({
                appId   : '<?php echo $facebook->getAppId(); ?>',
                session : <?php echo json_encode($session); ?>, // don't refetch the session when PHP already has it
                status  : true, // check login status
                cookie  : true, // enable cookies to allow the server to access the session
                xfbml   : true // parse XFBML
            });

            // whenever the user logs in, we refresh the page
            FB.Event.subscribe('auth.login', function() {
                window.location.reload();
            });
        };

        (function() {
            var e = document.createElement('script');
            e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
            e.async = true;
            document.getElementById('fb-root').appendChild(e);
        }());
    </script>


    <h1><a href="example.php">php-sdk</a></h1>

    <?php if ($me): ?>
        <a href="<?php echo $logoutUrl; ?>">
            <img src="http://static.ak.fbcdn.net/rsrc.php/z2Y31/hash/cxrz4k7j.gif">
        </a>
    <?php else: ?>
        <div>
            Using JavaScript &amp; XFBML: <fb:login-button></fb:login-button>
        </div>
    <?php endif ?>

    <h3>Session</h3>
    <?php if ($me): ?>
        <pre><?php print_r($session); ?></pre>

        <h3>You</h3>
        <img src="https://graph.facebook.com/<?php echo $uid; ?>/picture">
        <?php echo $me['name']; ?>

        <h3>Your User Object</h3>
        <pre><?php print_r($me); ?></pre>
    <?php else: ?>
        <strong><em>You are not Connected.</em></strong>
    <?php endif ?>
  </body>
</html>

Once the user has logged in, I understand that I can get a list of their friends via:

https://graph.facebook.com/me/friends?access_token=...

What I can't figure out is how to use extended permissions, so my app can post to the users friends facebook walls.

Apparently I am supposed to use extended permissons plus the following:

curl -F 'access_token=...' \
     -F 'message=Hello, Arjun. I like this new API.' \
     https://graph.facebook.com/arjun/feed

I don't understand how I am supposed to do this from PHP.

回答1:

Update:

Well I can't really test it myself, so just a few suggestions what you could try. Change the $loginUrl to this:

$loginUrl = $facebook->getLoginUrl(array(
    'req_perms' => 'publish_stream',
    'next' => 'http://'.$_SERVER['SERVER_NAME'].'/success.php',
    'cancel_url' => 'http://'.$_SERVER['SERVER_NAME'].'/cancel.php'
));

In the whole context, the top of the file should look like this:

require 'facebook.php';

$facebook = new Facebook(array(
    'appId' => '<appId removed for security reasons>',
    'secret' => '<secret removed for security reasons>',
    'cookie' => true,
));

$session = $facebook->getSession();

$me = null;
if ($session)
{
   try
   {
       $uid = $facebook->getUser();
       $me = $facebook->api('/me');

       $post = $facebook->api("/me/feed", "POST", array('message' => 'Hello! I\'m using the FB Graph API!'));
   }
   catch (FacebookApiException $e)
   {
      error_log($e);
   }
}
else
{
$loginUrl = $facebook->getLoginUrl(array(
        'req_perms' => 'publish_stream',
        'next' => 'http://' . $_SERVER['SERVER_NAME'] . '/success.php',
        'cancel_url' => 'http://' . $_SERVER['SERVER_NAME'] . '/cancel.php'
   ));
   header('Location: ' . $loginUrl);
}

Well, first check whether you have a session, therefore you need to configure the Facebook SDK as in the example:

$facebook = new Facebook(array(
    'appId'  => 'app id goes here',
    'secret' => 'secret id goes here',
    'cookie' => true,
));

Then you can check whether the user is logged in and your app has been authorized:

if ($facebook->getSession() == null) {
   // not logged in or not authorized
}

In the if-clause you then have to do a redirect to the proper login-url to get all permissions you need:

$loginUrl = $facebook->getLoginUrl(array(
   'canvas' => 1,
   'fbconnect' => 0,
   'req_perms' => 'publish_stream',
   'next' => // url where to go when you were authorized
   'cancel_url' => // url to go to when user cancelled
));
header('Location: '.$loginUrl);

After you got the permissions, you can publish as mentioned in the documentation by using

$facebook->api(/* url */, array(/* additional parameters go here */));


回答2:

The documentation for Facebook shows the raw implementation for accomplishing this, which is the curl call you pasted. This is basically just demonstrating functionality and is not really explanatory about how to accomplish the task within your language of choice.

As Michael Rose pointed out below, you need to, first, ask for the extended permission to post on the users' wall. In order to do this, your $loginUrl call should be something similar to:

$loginUrl = $facebook->getLoginUrl(array(
   'canvas' => 1,
   'fbconnect' => 0,
   'req_perms' => 'publish_stream',
   'next' => // url where to go when you were authorized
   'cancel_url' => // url to go to when user cancelled
));

This will prompt the user to install your application and give you access to the publish_stream extended permission, which is required to post to their wall and their friends' walls.

In order to actually MAKE the wall post, your code will be something similar to this:

$facebook->api("/{$friends_fb_uid}/feed", "POST", 
    array('message' => 'Hello! I\'m using the FB Graph API!'));

You should use this on a POST request, or some request to a page (even an ajax request if you like), after you have the permission from the user. The FB PHP SDK should automatically pick up your users' access token, validate it, and make the request for you.



回答3:

Try changing from

header('Location: '.$loginUrl);

to

echo '<script>top.location="'.$loginUrl.'";</script>';
die();

I don't remember where, but I read somewhere that you have to do the redirect using javascript. Pretty long time ago I read that, so it might have changed.