Facebook Graph API - authorization types?

Question

I\'m struggling with the new Facebook Graph API, perhaps someone here can help.

Here is what I want to do: provide a ‘login w/ FB’ button, throw to /authorize, get a cod

Answer 1

When I try to use type=client_cred in the /authorize call, I get an access_token that lets me hit URLs with userIDs or names, but not /me. I receive an error stating I need a valid token.

client_cred is intended for your app to validate that it is, indeed, the app. It's used for things like subscribing to Facebook's real-time update API. It imparts no user authentication.

You need to follow Facebook's OAuth instructions. It does not use the type parameter in any way. You'll be:

• Sending the user to https://graph.facebook.com/oauth/authorize with a callback URL set.
• If the user says OK, they'll be redirected to your callback URL with a verification string as a URL parameter.
• You take that verification string and request an access token from https://graph.facebook.com/oauth/access_token

That access token lets you function as the user and access the me URLs.