3

On October 24th 2020 Facebook will start blocking profile photos URLs if the user id is not an App-Scoped User ID (ASID).

We implemented Facebook login on our website before Facebook switched to ASID so we have many registered users before it. And the problem is that, for these old users, Facebook reports to us their global User Id (UID) instead of an ASID. "The ID will not change for people who already logged into your app. It will remain locked as the user's original Facebook ID." (source). And we have found no way to get an ASID for them (these answers do not work anymore: 1 and 2)

In these cases the classical Facebook profile URL will stop working:

Current situation:

https://graph.facebook.com/4/picture

From October 24th it won't work:

https://graph.facebook.com/4/picture?breaking_change=profile_picture

In the "picture" parameter in the JSON authentication token we get a photo URL but it is from Facebook CDN and it will probably expire (it changes every time a users logs in, even if almost no time has passed).

So the question is: how can we generate a public stable, permanent, picture URL for a user registered in our website before ASID was implemented?

We cannot add the access token to the URL because it will be used publicly in the website (we are not downloading the images, just inlining them).

Óscar
  • 650
  • 1
  • 4
  • 16
  • I'm stuck with the same problem myself. Every time Facebook change something its breaking my site. I really hate them for that. I'm thinking about saving the tmp profile picture on an aws bucket and use the link from there. Please update if you find a solution. – Rotem Grimberg Oct 20 '20 at 23:22

1 Answers1

1

Facebook API PM here. The best thing to do here is to use a client token on your request to fetch the image. This is normally not allowed on most Graph APIs, but is here in order to make it easier to migrate cases like this.

Unlike app tokens, a client token is safe to expose to users and is used for cases like this.

Dan Grover
  • 196
  • 2
  • 3
  • Thanks, this worked like a charm. Doc: https://developers.facebook.com/docs/facebook-login/access-tokens#clienttokens – Óscar Oct 24 '20 at 07:55
  • Dan, Is there any possible way to show a user's Facebook profile photo (as long as it's public) on a web app that doesn't use Facebook login? I'm running a website for a club, and many of the members belong to our Facebook group, so I was thinking I could somehow tap into the group data using Graph API, but I'm afraid of doing a bunch of work only to find out it's not possible to show profile photos outside of Facebook. Thanks! – devuxer Jun 04 '21 at 02:26