Facebook Graph API - authorization types?

Question

I\'m struggling with the new Facebook Graph API, perhaps someone here can help.

Here is what I want to do: provide a ‘login w/ FB’ button, throw to /authorize, get a cod

Answer 1

do you solve it?i have the same error like yours
i find a page that explain this problem http://benbiddington.wordpress.com/2010/04/23/facebook-graph-api-getting-access-tokens/

if use type=client_cred, you need to change "me" to a user id, and the userid can find in the "code" param, just see the airtle:)

Answer 2

When I try to use type=client_cred in the /authorize call, I get an access_token that lets me hit URLs with userIDs or names, but not /me. I receive an error stating I need a valid token.

client_cred is intended for your app to validate that it is, indeed, the app. It's used for things like subscribing to Facebook's real-time update API. It imparts no user authentication.

You need to follow Facebook's OAuth instructions. It does not use the type parameter in any way. You'll be:

• Sending the user to https://graph.facebook.com/oauth/authorize with a callback URL set.
• If the user says OK, they'll be redirected to your callback URL with a verification string as a URL parameter.
• You take that verification string and request an access token from https://graph.facebook.com/oauth/access_token

That access token lets you function as the user and access the me URLs.

Answer 3

I think it should be something like that:

https://graph.facebook.com/oauth/authorize?client_id=...&redirect_uri=...&scope=user_photos,user_videos,publish_stream&display=page

The scope should specify permissions you need as listed here http://developers.facebook.com/docs/authentication/permissions

Display values can be found here http://developers.facebook.com/docs/authentication/

Answer 4

I had the same problem and I solved it.

First: Dont use &type=client_cred.

Second: Use the same URL everywhere!!!

My example:

My firs link:

<a href="https://www.facebook.com/dialog/oauth?client_id=_MY_APP_ID_&state=_RANDOM_NUMBER_&redirect_uri=http://mysite.ru/ru/site_users.html?op=fbreg">FB login</a>  

When I got the code:

$nexturl  = "https://graph.facebook.com/oauth/access_token?client_id=".$AppId."&redirect_uri=http://mysite.ru/ru/site_users.html?op=fbreg&client_secret=".$AppSec."&code=".$fbCode;
$response = @file_get_contents($nexturl);   
$params   = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token=".$params['access_token'];
$arrResponse = json_decode(@file_get_contents($graph_url));

In $arrResponse i got all info about current user.

The value of URL should be the same everywhere. In the code and in https://developers.facebook.com/apps/.

In my case it is this: http://mysite.ru/ru/site_users.html?op=fbreg

The following are all incorrect using my example.

• http://mysite.ru/
• http://mysite/
• http://mysite/ru/site_users.html

Thats all. Very stupid problem. I solved it for three days :(

Answer 5

This answer should clarify nategood's last comment

nevermind. figured out my problem. make 100% sure that redirect_uri is identical when making authroize and access_token call! – nategood Mar 24 at 0:54

I struggled with this issue for a long time. Facebooks documentation is poor, and answers on these sites seem to fall in to one of two categories: use type=client_cred or don't use type.

Don't use "type=client_cred". Follow the facebook documentation and just make sure that the redirect_uri you use in your code request to:
http://www.facebook.com/dialog/oauth/?

is the same as the redirect_uri you use in your access_token request to: *https://graph.facebook.com/oauth/access_token?*