View Facebook events outside of Facebook - where to put the access token?

Question

Unfortunately, there are many snippets, but no complete code examples. I'm trying to allow my group's events to be seen in a webpage outside of FB, and following the Javascript SDK example quick start I'm able to put the login and share buttons. But when I try to access my group's events, I get the error - "An access token is required to request this resource." Where do I put the access token in this code?

window.fbAsyncInit = function() {
FB.init({
appId : '{myappID}',
xfbml : true,
version : 'v2.8'
});
FB.AppEvents.logPageView();
FB.api(
'/myGroupID/events',
'GET',
{},
function(response) {
// Insert your code here
}
);
};

A couple of things:

1. I don't need my users to log in, as my group is public; my events are public. If someone is casually browsing through my website I want them to be able to see the events.

2. One of the other things that I've had trouble with is extremely short answers. Coming from the .NET community, I'm used to seeing lots of tutorials, and lots of complete code examples for how to do things. There are few "long form" answers or tutorials - even stackoverflow answers (like this one) don't contain enough detail on how to do this stuff. Especially the access token thing.

Is there a complete example of how to do this? Thanks in advance.

Answer 1

You COULD add the Token like this:

FB.api(
'/myGroupID/events',
'GET',
{access_token: 'xxx'},...

...but that would expose your Token (which is always meant to be kept secret) to everyone visiting the website. You have to do that API call server side. Check out the PHP SDK or just use PHP cURL. The Token is just a GET parameter.

Answer 2

Ok, I figured it out. The point of all of this is to get the Access Token that Facebook says it wants. The Access Token is really the appsecret_proof (and not the access_token - the access_token is a different thing. See later in this post), so be aware of that. I cobbled together some different code examples (like this one, and a super, very careful reading of the Facebook graph api docs, to reach an answer. I coded in C# rather than Javascript because a lot of this needs to be done server side, and I'm more comfortable there anyway.

I created a console app as a proof of concept. A few notes:

• the page_id is, in my case, for a group, not a (capital P) Page, which is a different thing.

• The access_token and app_secret are from the app you've (hopefully) already created. (If you need to get the access_token in the first place, there are some docs out there to help you get this part started.) You should also make sure to use (as of .NET 1.0) the dotnet core secret manager to protect your secrets when you develop so you don't pass them around via source control.

• This last one is big - the appsecret_proof is a combination of your access_token and your app_secret hashed together (with the app_secret being the key) and then made part of the query string. This is what Facebook wants when it says "An access token is required to request this resource."

  public static string page_id = {your_page_id};
  public static string access_token = {your_app_access_token};
  public static string app_secret = {your_app_secret};
  public static string appsecret_proof = FaceBookSecret(access_token, app_secret); 
  
  static void Main(string[] args)
      {
          Console.WriteLine("Making API Call...");
          using (var client = new HttpClient(new HttpClientHandler { AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate }))
          {
              client.BaseAddress = new Uri("https://graph.facebook.com/" + page_id + "/");
              HttpResponseMessage response = client.GetAsync("events?access_token=" + access_token + "&appsecret_proof=" + appsecret_proof).Result;
              response.EnsureSuccessStatusCode();
              string result = response.Content.ReadAsStringAsync().Result;
              Console.WriteLine("Result: " + result);
  
          }
          Console.ReadLine();
      }
  
  internal static string FaceBookSecret(string content, string key)
  {
      byte[] keyBytes = Encoding.UTF8.GetBytes(key);
      byte[] messageBytes = Encoding.UTF8.GetBytes(content);
      byte[] hash;
      using (HMACSHA256 hmacsha256 = new HMACSHA256(keyBytes))
      {
          hash = hmacsha256.ComputeHash(messageBytes);
      }
  
      StringBuilder sbHash = new StringBuilder();
      for (int i = 0; i < hash.Length; i++)
      {
          sbHash.Append(hash[i].ToString("x2"));
      }
      Console.WriteLine(sbHash);
      return sbHash.ToString();
  }
  

So after all of this runs, I get a nice json string with all of my events.