Posting scores with app access token

1
votes

I'm trying to post a score from my server.

  • I have my app set up as a game.
  • I've got my app access token.
  • I'm POSTing to https://graph.facebook.com/USER_ID/scores
  • I have authorized and given publish_stream and publish_actions permissions to my app for the USER_ID (which is me).

However, an error is telling me that I need a user access token for that action, which I don't as Facebook states here: https://developers.facebook.com/docs/score/

Create or update a score for a user

You can post a score or a user by issuing an HTTP POST request to /USER_ID/scores with the app access_token as long as you have the publish_actions permission.

I've seen a similar question but it was unanswered: Facebook Graph API Explorer won't POST scores (they've ended up creating a new app, which is not a real solution)

To verify that it's not me who is incorrectly using the API, I went to Graph API explorer and tried it also there with the same access token, no luck:

trying in Graph API

Funny, that if I follow what it says and try the same with my user access token, it then says: This method must be called with an app access_token.

Is there something that I'm missing or is there a bug with the Graph API?

Thanks, Can.

1
facebook-graph-apiaccess-tokenfacebook-access-token
I know this answer, but i think i answered it yesterday too, give me a few mins to find the dupe (if it exists...)Igy

1 Answers

2
votes

It looks like you have everything correct, but there's one relatively little-known case which will produce that error message.

Check the 'App Type' field in the Advanced Settings: screenshot of the app settings interface

If this is set to 'Native/Desktop' instead of 'Web' in the Advanced settings, it's assumed that your app's binary/native distribution contains the app secret. In this configuration, API calls made with the app access token are untrusted, effectively the token is completely ignored.

Change the app settings back to 'Web' and you should be able to post or delete Scores and/or Achievements with the App Access Token

If this is the issue, you can quickly verify if with a call to https://graph.facebook.com/app?fields=migrations&access_token=[APP ACCESS TOKEN HERE]

In 'Web' mode, the response contains the migration settings for the app, something like:

{
  "migrations": {
    "secure_stream_urls": false, 
    "expiring_offline_access_tokens": false, 
    "requires_login_secret": false, 
    //etc
}

In 'Native/Desktop' mode, the app access token is untrusted, so you can't access the app's private data, and the response is:

{
  "error": {
    "message": "An unknown error has occurred.", 
    "type": "OAuthException", 
    "code": 1
  }
}