0

I've found in documentation that it is possible to use appId and appSecret pair as access_token in the format "appId|appSecret".

The problem, when I'm using this technique with graph API, I don't receive the full information, only some of the fields (permissions are set in the app settings). When I'm trying to use it with FQL I get "A user access token is required to request this resource." exception.

Could somebody route me on the right track how to perform API requests?

My application is running on the server-side, that's why I've chosen these method.

E.g. When I run GET request on https://graph.facebook.com/me/friends?fields=name&access_token="app_id|app_secret" I get correct response. But when I run https://graph.facebook.com/me/friends?fields=name,notes&access_token="app_id|app_secret" the query returns only friends id's and names. It's worth to mention, that I user has granted access to "notes" for that application.

user1671010
  • 325
  • 4
  • 11
  • possible duplicate of [How to get user access token?](http://stackoverflow.com/questions/7856441/how-to-get-user-access-token) – Igy Aug 21 '13 at 21:16
  • This is not duplicate. I have very narrow question. Why when using "app_id|app_secret" as access_token does not work when using Graph API? From documentation: There is another method to make calls to the Graph API that doesn't require using a generated app token. You can just pass your app id and app secret as the access_token parameter when you make a call: https://graph.facebook.com/endpoint?key=value&access_token=app_id|app_secret – user1671010 Aug 22 '13 at 12:30
  • it does, your question is really 'how to get a user access token' - the exception you pasted in your question is very clear on what the issue is, you're making the API call with an app access token, it should be with a user access token – Igy Aug 22 '13 at 16:45

1 Answers1

3

I think this because this kind of access token can replace the app token, but not the user token. And with the app token, you can:

This can be used to modify the parameters of your app, create and manage test users, or read your application's insights. App access tokens can also be used to publish content to Facebook on behalf of a person who has granted an open graph publishing permission to your application.

It means that with this kind of token, you don't have any special permission, so your request cannot work.

What you could do is send the user access_token to your server and then use this token to perform the API request.

Sebastien C.
  • 2,099
  • 17
  • 21
  • Thank you, this is very good information. Is there a way to extend user tokens without the user's interaction? My app is going to run from the server-side and doesn't have much interaction with the user (only once a year maybe.. to change settings) – user1671010 Aug 22 '13 at 13:25
  • not without any user interaction. But what you can do is ask your user to accept permissions, then obtain an access-token, and then exchange it for a long-live token that will be available to use for 6 month. This way you user only have to check your application every 6 month... https://developers.facebook.com/docs/facebook-login/access-tokens/#changingtokens – Sebastien C. Aug 22 '13 at 13:30
  • @user1671010 if this answered your question be sure to check the checkmark of the answer to give credit for helping out :) – pherris May 03 '14 at 23:27