7

I need to post a message on my own Facebook page; and I need to do it programmatically (in my case using Python). I managed to do this part using this code (in Python):

import urllib, urllib2

access_token='XXXX'
fb_page_id='YYYY' # my page ID

post_data = {'access_token':access_token, 'message':'hey this is a test!'}
request_path = str(fb_page_id)+'/feed'
post_data = urllib.urlencode(post_data)
response = urllib2.urlopen(
    'https://graph.facebook.com/%s' % request_path, post_data
)

The ID of the generated post on the FB page is correctly returned:

In [11]: response.readlines()
Out[11]: ['{"id":"135386143198208_461964357207050"}']

Problem:

In order to generate the access_token and make the API request above I had to manually follow the three steps detailed here.

But in practice this manual process is unacceptable as I need to run this task from a cron job. Hence I need to automate it because access_token in Facebook is temporary. I.e. I need to get an access token each time I run this script. How to do that?

Feel free to use any scripting tool in your answer (curl, JavaScript, Java, PHP) as long you communicate the steps involved. Note that I need to do this using any server-side language (Python/Ruby/PHP).

Joseph Victor Zammit
  • 14,760
  • 10
  • 76
  • 102
  • You cannot bypass the manual user authentication for a Facebook access token. It is there for a purpose. – phwd Mar 26 '13 at 16:55
  • @phwd And one has to manually authenticate at least once every two months for a manual `access token`... am I correct? – Joseph Victor Zammit Mar 26 '13 at 17:02
  • If you implement the extend user access token scenario, yes. – phwd Mar 26 '13 at 17:05
  • @phwd Does it matter whether it is short-lived vs long-lived access token? – Joseph Victor Zammit Mar 26 '13 at 17:15
  • If it's short-lived it's two hours and you can extend it, if it's long lived you must carry the user back through the process to get a short-lived token then re-extend it again. – phwd Mar 26 '13 at 17:17
  • @phwd Updated question with further detail (in bold). I won't be using a browser; it's a server-side script! – Joseph Victor Zammit Mar 26 '13 at 17:25
  • Extend the token then feed that to the cron. That's how Facebook login works, there is no way around it – phwd Mar 26 '13 at 17:29
  • @phwd So it can be automated by "extending the token and then feed that to cron". Can you provide more detail (or link) about this and post it as answer? If I manage to do it that'll be the correct answer. Thanks. – Joseph Victor Zammit Mar 26 '13 at 17:34

4 Answers4

4

You cannot retrieve a short-lived token programmatically. It defeats the purpose of user interaction.

Facebook intentionally has made it this way to ensure the user has full manual control over what apps they install.

Once the user grants initial access you can then automate the process up to two months (or earlier if the user invalidates the token, for example by changing their password)

by doing an HTTP request to 

https://graph.facebook.com/oauth/access_token?  
    grant_type=fb_exchange_token&           
    client_id=APP_ID&
    client_secret=APP_SECRET&
    fb_exchange_token=SHORT_LIVED_ACCESS_TOKEN

After these two months are over, the user must be the one to re grant access to the application giving a new short lived token which you can then re-extend using the code above.

phwd
  • 19,975
  • 5
  • 50
  • 78
4

If you extend your (User) access token, you can then request a (Page) access token which does not in fact expire at all.

See the "Extending Page access tokens" section of the following document: https://developers.facebook.com/docs/howtos/login/extending-tokens/

James Pearce
  • 2,332
  • 15
  • 14
2

Bless the soul who wrote this code. Not me, but found it somewhere. Works smoothly. Call this function with your email & password.

MOBILE_USER_AGENT = "Mozilla/5.0 (Linux; U; en-gb; KFTHWI Build/JDQ39) AppleWebKit/535.19 (KHTML, like Gecko) Silk/3.16 Safari/535.19"
FB_AUTH = "https://www.facebook.com/v2.6/dialog/oauth?redirect_uri=fb464891386855067%3A%2F%2Fauthorize%2F&display=touch&state=%7B%22challenge%22%3A%22IUUkEUqIGud332lfu%252BMJhxL4Wlc%253D%22%2C%220_auth_logger_id%22%3A%2230F06532-A1B9-4B10-BB28-B29956C71AB1%22%2C%22com.facebook.sdk_client_state%22%3Atrue%2C%223_method%22%3A%22sfvc_auth%22%7D&scope=user_birthday%2Cuser_photos%2Cuser_education_history%2Cemail%2Cuser_relationship_details%2Cuser_friends%2Cuser_work_history%2Cuser_likes&response_type=token%2Csigned_request&default_audience=friends&return_scopes=true&auth_type=rerequest&client_id=464891386855067&ret=login&sdk=ios&logger_id=30F06532-A1B9-4B10-BB28-B29956C71AB1&ext=1470840777&hash=AeZqkIcf-NEW6vBd"

def get_access_token(email, password):
    s = robobrowser.RoboBrowser(user_agent=MOBILE_USER_AGENT, parser="lxml")
    s.open(FB_AUTH)
    ##submit login form##
    f = s.get_form()
    f["pass"] = password
    f["email"] = email
    s.submit_form(f)
    ##click the 'ok' button on the dialog informing you that you have already authenticated with the Tinder app##
    f = s.get_form()
    s.submit_form(f, submit=f.submit_fields['__CONFIRM__'])
    ##get access token from the html response##
    access_token = re.search(r"access_token=([\w\d]+)", s.response.content.decode()).groups()[0]
    #print  s.response.content.decode()
    return access_token
Jugal Anchalia
  • 393
  • 1
  • 2
  • 11
0

To get a facebook token for even normal users programmatically, you might be interested in this: https://github.com/fbessez/Tinder/blob/master/fb_auth_token.py, it's a python script to automatically retrieve the token when supplied email/password.

Make sure you have lxml, requests and robobrowser installed, as these are prerequisities. Both requests and robobrowser can be easily aquired with running

pip install robobrowser and

pip install requests

The lxml is a "little" more tricky, as it will have to be compiled (to have a recent version). Follow this SO for it: How to install lxml on Ubuntu

Community
  • 1
  • 1
Axel Latvala
  • 576
  • 3
  • 7
  • 21