0

I'm constantly getting the OAuthException (#15) "This method must be called with an app access_token" while trying to register achievement for my app in the following way:

FB.api("/APP_ID/achievements",
'post',
{achievement: FULL_ACHIEVEMENT_URL, access_token: ACCESS_TOKEN, display_order: 1},
function(response){
    getFlashMovieObject(referrer).fbDataCallback(response);
});

Achievement file structure has been verified and is correct, ACCESS_TOKEN value is OK too - if I change HTTP method to 'get' I receive an array that stores registered achievements.

Can you, please, tell me how to register achievements correctly using the JS API methods?

Vyacheslav Orlovsky
  • 329
  • 1
  • 6
  • 15

3 Answers3

0

You can't call methods which require app access token from client SDKs such as javascript SDK. Javascript SDK will always send user access token implicitly for API calls. This is by design due to security reasons.

hope this helps

Anatoly Lubarsky
  • 3,026
  • 1
  • 18
  • 16
  • Seems it is not the cause - as have I mentioned above, 'get' reguest with the same access token required successfully returns actual data. – Vyacheslav Orlovsky Sep 12 '11 at 10:27
  • "get" request is a different method which simply lists achievements and it might be less restricted (doesn't require app access token). – Anatoly Lubarsky Sep 12 '11 at 15:24
  • You are right about restrictions ot the 'get' request, but, actually, user access token is added to params of JS API call in case there is no "access_token" variable passed. I pass my app access token and sniffer proves that it is the one that goes out. – Vyacheslav Orlovsky Sep 13 '11 at 11:48
0

Seems there is no answer. I've tried it once again today - and it simply starts working.)

NOTE: don't expect for a POST request to appear in your sniffer (as I did:)) even if you have specified respective 'method' value while calling FB.api() - any way you'll see the GET one. It's a forced workaround and it works.

Vyacheslav Orlovsky
  • 329
  • 1
  • 6
  • 15
0

My solution to this problem was grabbing the APP access token with PHP and then passing that token as part of the post object. The USER access token will not work.

I had to do this for a Flash game I was building which uses the Javascript SDK through External interface. You can't get the app access token with Javascript because you would reveal the app secret which is a security issue.

<?php

$APPLICATION_ID = YOUR_APP_ID;
$APPLICATION_SECRET = YOUR_APP_SECRET;

$token_url =    "https://graph.facebook.com/oauth/access_token?" .
        "client_id=" . $APPLICATION_ID .
        "&client_secret=" . $APPLICATION_SECRET .
        "&grant_type=client_credentials";
$app_token = file_get_contents($token_url);

?>
Mark Goldsmith
  • 21
  • 2