2

As mentioned in this other question, if a user grants the publish_stream permission, I can publish to that user's wall using an app access_token. I tested that and it works. But I couldn't publish to the user's pages using the app access_token! Am I missing something?

Right now I use the /me/accounts/ connection to get the access_token of the pages, and use that to publish. But this is a huge headache for me and for users because these tokens expire often (when users change their password, ...et), and every time that happens the publish fails and I need to email the user to come login again so I can retrieve a new access_token for the page. It's a bad user experience and I'm trying to find a way around it. The app token works for publishing to users, which is great, but I couldn't find a way to make it work for pages. Any tips?

Edit: To clarify further, I currently request the manage_pages and offline_access permissions, and then fetch the access_token of each page and use that to publish to it. That works. The main problem is that tokens expire, even with the offline_access permission. The most common reason a token would expire is if the user changes her password. Here is a common error that I get a lot when publishing to Facebook pages.

Facebook error. type: OAuthException, message: 'Error validating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons.'

To handle this, I email the user and ask them to visit our app again, and when they do I grab a fresh set of access_token to work with. But that's problematic because users are confused about why the error happened and blame us for it, and some users don't open their emails so the problem doesn't get solved and then they're angry later when they discover that our app had stopped weeks ago without them asking it to stop.

That's why I was hoping that I can publish with the app access_token to avoid these problems. Since it works for user profiles, I hoped it would work for pages as well. But so far no luck, unless I'm missing something obvious.

Community
  • 1
  • 1
Waleed Abdulla
  • 1,873
  • 1
  • 14
  • 20

3 Answers3

1

What you're describing used to work - all last year we were able to successfully post to fan page walls using the app access token. In fact, for some of our users, I see it still working. However, I think the other two answers are correct, this is no longer the way to post to pages (see "Page Login" here)

That said, you should be able to store the access token of the page to spare yourself the step of re-querying the users' linked accounts.

Unfortunately, the page's access token will suffer the same fragility as a user's, per the answer here: Facebook Page Access Tokens - Do these expire? . The page access token will expire when the user who gave you that access token changes their password.

Community
  • 1
  • 1
Tom Lianza
  • 4,012
  • 4
  • 41
  • 50
0

To publish to pages, there is an extra step where you use their token to get a list of their pages. Each page has its own token, use that token to post to the page. Keep in mind that when setting up the original token, you need to specify that you need access to pages.

box86rowh
  • 3,415
  • 2
  • 26
  • 37
  • That's what I'm doing (as mentioned in the question) and it's also what I'm trying to stop doing and find a better way. – Waleed Abdulla Dec 27 '11 at 11:06
  • Are you grabbing the token for the page right before you try to post? – box86rowh Dec 27 '11 at 13:09
  • I was just unsure, as we use oath with Facebook all the time and our tokens have never expired. Are your tokens the permanent ones? – box86rowh Dec 27 '11 at 21:57
  • Thanks. We're asking for the manage_pages and offline_access permissions, but unfortunately that doesn't guarantee that tokens won't expire. I added more details to the question to clarify. – Waleed Abdulla Dec 27 '11 at 23:40
  • We hold onto the regular oauth otken and use that to fetch a new page access token at the time that we are trying to post something. This sounds different then your process. Souns like you get the page tokens at the point that the user authorizes your app. – box86rowh Dec 28 '11 at 00:58
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/6175/discussion-between-waleed-and-box86rowh) – Waleed Abdulla Dec 28 '11 at 02:29
0

my app does exactly what you're after.

  1. I request both manage_pages and offline_access permissions from a user.
  2. I store the user's access_token.
  3. I ask the user which page (determined by me/accounts) they want a stream item posted to and when.
  4. Later, when it is time to publish to a page's feed, I grab the user's access_token from the database, the pageid, and the message.
  5. Using that user's access token, I query the me/accounts and grab the latest access token for that account (aka page)
  6. Using that page's access token, I me/feed (or is it me/posts...away from my codebase at the moment) post the stream item.
DMCS
  • 31,720
  • 14
  • 71
  • 104
  • But how do you handle it when the user access_token is invalidated when she changes her password? Because that's the main problem I'm trying to solve. – Waleed Abdulla Dec 28 '11 at 08:21
  • My app has the same potential issue. Your user will have to come back to your app and get a new token after they update their password. I suggest when you code sees that the token is not valid, to email the user to come back to your app. Really, Facebook should warn users when changing their passwords that their never expires tokens they've granted will need to be re-granted. You can have your company's business relations rep contact Facebook to see if Facebook can add something like that. Good luck. – DMCS Dec 28 '11 at 17:07