0

I've been battling with the (apparently quite common...) problem of getting hold of a permanent page access token for a Facebook Page of mine, so that I can post stuff to the feed of this page using an external app.

While researching this, I finally found this excellent tutorial for how to accomplish that.

When I try to get an Access Token with the "Extended Permission" called "manage_pages" (as mentioned in step 1.5 in the above linked tutorial), Facebook shows me an ugly red warning though, saying:

Submit for Login Review - Some of the permissions below have not been approved for use by Facebook

and also a padlock with the text

This does not let the app post to Facebook

appears at the same time a bit below in the dialog, as per follows:

Screenshot of the message in question

The first confusing part is that there is still an "Okay" button in the dialog, and if I press it the procedure just moves forward without any more warning messages. "Okay" I thought to myself, "maybe it just removed the permissions in question automatically then".

The second confusing part though is that when I debug the resulting access token (using the Debug button in the Graph API Explorer), it does indeed report having all the permissions I requested (manage_pages, publish_actions and publish_pages).

The third and most of all confusing part is that if I use the page access token (resulting from the linked tutorial above) from my third-party application (a Python script issuing raw HTTP requests to the Graph API), it does indeed successfully post entries to the page's feed?!

At this point I'm utterly confused about what this review warning message was about to begin with (not to mention why there would be such a policy at all, preventing me from creating non-reviewed test apps that only post stuff to my own page?), so if anyone would be so kind as to explain this as clearly as possible, I (and most likely a lot of other people too) would be very grateful.

Community
  • 1
  • 1
QuestionOverflow
  • 649
  • 8
  • 20

1 Answers1

2

I'm confused why you make this so complicated. The answer you linked already contains all the info for the case you need a permanent page access token. The only thing you need is an simple app for this one-time purpose.

There's no need for this app to undergo Login Review if you don't want to authenticate other users than admins/testers/developers of this app, which I hardly doubt from what you wrote.

See

My app is only used by a small number of people, who are all listed in the Role section of the App Dashboard - do I need to go through Login Review?

  • No, it does not have to be reviewed. If your app is only used by a very limited number of people - for example, to use the Facebook for Wordpress plugin to publish to your profile - it's completely normal to list them all as having different roles in your app's dashboard. They can be listed as Admins, Developers or Testers

  • To enable you to develop and fully test your app, anyone listed in the Role section of your app's dashboard can be granted any permission necessary to test without review by Facebook. The purpose of Login Review is to protect the experiences of regular people who may interact with your app. Directly adding a small set of well-known people directly to your app is used for software development, testing and small application deployments.

Community
  • 1
  • 1
Tobi
  • 31,405
  • 8
  • 58
  • 90
  • How will Facebook know who is an "admins/testers/developers of this app" and not, you mean? (also, the question here isn't how to get the page access token, this is rather a question that arose during my quest for that, which is _related_ in the way that I became uncertain about if the page access token I get with that procedure will be "full featured" or not, due to the scary warning received during the procedure for getting it) – QuestionOverflow Jul 27 '15 at 12:14
  • Baseline is: If you just want to post as page, get an eternal page access token as described. Then you're done. Then warnings can be ignored. You can always inspect the access token via https://developers.facebook.com/tools/debug/accesstoken/ And, coming to your comment, Facebook knows the roles because you active can set them: `https://developers.facebook.com/apps/{your_app_id}/roles/` But I doubt whether this is necessary for your case. – Tobi Jul 27 '15 at 12:19
  • Thanks, accepted. Could you please just add the link (and even better also a complete quote of that FAQ entry) from the comment of @CBroe above, for an even clearer solution for people finding this question? That is: https://developers.facebook.com/docs/apps/faq#roles – QuestionOverflow Jul 27 '15 at 12:23