1
votes

I've integrated my website with Facebook Connect, authorization/single-sign on all working great.

Now im trying to post something to the user's wall, which im having some problems with.

First of all, im using the "old" JavaScript API (FeatureLoader.js).

These are the Graph API URL's im using:

private const string UserDetails_Url = @"https://graph.facebook.com/{0}?access_token={1}";
private const string Feed_Url = @"https://graph.facebook.com/{0}/feed?access_token={1}";
private const string TokenExchange_Url = @"https://graph.facebook.com/oauth/access_token?{0}";

I'm using the TokenExchange_Url URL to receive the unique user OAuth token to make calls with.

This is working fine, because a) i receive the token back, and b) i can issue HTTP Get Requests to the Graph API (i.e UserDetails_Url) and it works fine.

But, i cannot Post to the User's wall using the Feed_Url.

I'm pretty sure the issue is i haven't got the appropriate user permissions to post to a wall (i.e facebook-side setting).

Now, i realise i can use the fbPublish API method client-side to do this, but i want to do it server-side with the Graph API.

I wont bother showing my code which attempts the call to the Graph API to post to the user's wall, as its pretty straightforward (HttpWebRequest, set method to "POST', set content type/length, write bytes to Stream, etc).

I think the problem is i need the user to grant my aplpication "publish_stream" extended permissions.

The Facebook Graph API doco says to do this in your authorization request:

https://graph.facebook.com/oauth/authorize?
    client_id=...&
    redirect_uri=http://www.example.com/callback&
    scope=user_photos,user_videos,publish_stream

Which confuses me because im using the following URL to get the OAuth token:

https://graph.facebook.com/oauth/access_token?bunchofqsparams

Am i using the wrong Token Exchange URL? Why is there two different URL's to seemingly get the same piece of information?

Yes - i have read the Facebook API doco (numerous times), and yes i have read other similar SO questions, but they all result in using the client-side API to publish to wall, i want to do it server side.

For the actual "Facebook Connect" button, i'm using the standard FBML:

<fb:login-button length="long" size="medium" autologoutlink="false" background="light" onlogin="facebookLogin('/login')" class=" fb_login_not_logged_in FB_login_button FB_ElementReady"><a id="RES_ID_fb_login" class="fbconnect_login_button"><img id="RES_ID_fb_login_image" src="http://static.ak.fbcdn.net/rsrc.php/zB6N8/hash/4li2k73z.gif" alt="Connect"></a></fb:login-button>

When i click this (and not logged into Facebook), it pops up a window which the user can login. But it doesnt have the "Request Extended Permissions" dialog - shouldnt it? Or is that another popup i need to manually trigger?

So to sum up, here are my questions:

  • How do i grant extended permissions to publish to the user's wall?
  • What is the correct URL for obtaining an OAuth token?
  • Is there a definitive source for showing how to post to a user's wall using server-side Graph API calls?
1

1 Answers

4
votes

As i presumed, i was missing a call to the client-side API to request extended permissions. (ie publish_stream).

I had a simple JavaScript function which was executed as part of the "onlogin" attribute of the FBML Login control.

Previously, i was simply doing a redirect (which would then do a single-sign-on in the server-side code).

Now, im doing this:

function postLogin(targetUrl) {
   FB.Facebook.apiClient.users_hasAppPermission('publish_stream', function(result) {
        if (result == 0 || result == null) {
            FB.Connect.showPermissionDialog('publish_stream', function() { redirectTo(targetUrl); });
        } else {
            redirectTo(targetUrl);
        }
    });
}

Translated to english:

// On "Facebook Connect" click (which passes in a redirect URL)
// Check if user has 'publish-stream' permissions
// If they do, just redirect.
// If they dont, show a dialog requesting that permission, then redirect.

Now the server-side Graph API calls all work fine.

So to answer my own original three questions:

  • How do i grant extended permissions to publish to the user's wall?

Answer: make use of the client-side JavaScript API function 'FB.Connect.showPermissionDialog' to show the popup, and 'FB.Facebook.apliClient.users_hasAppPermission' to check if they have the permission.

  • What is the correct URL for obtaining an OAuth token?

Answer: I still believe it is "https://graph.facebook.com/oauth/access_token?{0}", but "https://graph.facebook.com/oauth/authorize?{0}" might be able to be used for a server-side authentication/authorization process.

  • Is there a definitive source for showing how to post to a user's wall using server-side Graph API calls?

Answer: If there was, i wouldnt have to had asked this question - so the answer in short, is no. =)

Advice to anyone starting Facebook Connect work, try to avoid the "Old JavaScript API". Do as much as you can server-side (Graph API), and only use the client-side JavaScript API for the initial handshake (cross domain receiver).