6

I have already authorized a user in my Facebook application using HybridAuth and stored his access_token in my database.

Days later, when the user is not online, I want to get his new Facebook friends, also using HybridAuth.

Can I 'recreate' that user from his access_token to get his friends, send notifications, etc.?

Thanks!

Marc
  • 1,029
  • 1
  • 10
  • 27

2 Answers2

7

I finally found a hack that works, I'll leave it here for the next guy looking for it. If you make sure that you have a valid token for your user and app, HybridAuth should not try to redirect or return any errors

(I'm using Codeigniter, but translating it to 'pure' HybridAuth should be straightforward:

    $token = "GET A TOKEN IN Facebook's API EXPLORER";
    $this->load->library('HybridAuthLib');
    $this->hybridauthlib->storage()->set( "hauth_session.facebook.is_logged_in", 1 );
    $this->hybridauthlib->storage()->set( "hauth_session.facebook.token.access_token", $token );        
    $service = $this->hybridauthlib->authenticate('Facebook');

    if ($service->isUserConnected()){

        $user_profile = $service->getUserProfile();
        $contacts = $service->getUserContacts();
        $access_token = $service->getAccessToken();

        var_dump($user_profile);
        var_dump($contacts);
        var_dump($access_token);

    }else{
        echo "something went wrong";
    }
Marc
  • 1,029
  • 1
  • 10
  • 27
  • Aren't you overriding the current logged in user's oauth's tokens(i.e, the one viewing the profile page)? Or maybe you're just setting the access tokens internally for HybridAuth to operate on? IIRC `authenticate()` method sets a session data for the user when completed - isn't that causing MAJOR security holes in your web app? A clarifcation might help; I'm facing a similar problem. Thanks – Abdulaziz Sep 01 '13 at 20:22
  • I am using that in a server side process (handled by cron) that I am using to asynchronously publish actions stored in a database, there's no user logged in - it is not accessible to users. If it would be accessed via browser, the behavior would be the one that you are saying – Marc Sep 02 '13 at 07:25
  • I used this to work with tokens retrieved with the javascript interface. It works with the rest of the social providers too, like, google plus, etc. Thank you very very much for your post. – Lucia Mar 05 '14 at 18:38
  • 4
    This answer save me :D Thank you :) – Shoshi Sep 10 '14 at 15:30
  • 2
    I think this should be a part of the core functionality. Sometimes you just have access_token taken from outside of HybridAuth. – Vladislav Rastrusny Sep 19 '14 at 15:09
  • Also, according to the [docs](http://hybridauth.sourceforge.net/userguide/IDProvider_info_Facebook.html), 'Facebook' must start from the capital letter. – Vladislav Rastrusny Sep 19 '14 at 15:37
1

While the above may work, I believe the recommend approach may be to use "Persistent Sessions" as described here: http://hybridauth.sourceforge.net/userguide/HybridAuth_Sessions.html

rinogo
  • 8,491
  • 12
  • 61
  • 102