How do I post to Facebook user's friend's wall with publish_stream but NOT offline_access using an application access token

4
votes

Documentation for publish_stream reads: "Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends. With this permission, you can publish content to a user's feed at any time, without requiring offline_access."

So the workflow is thus:

  1. FB.login() with publish_stream scope like so:

    FB.login(function (response) {
    if (response.authResponse) {
        FB.api('/me/permissions', function (permissions) {
            if (permissions.data[0].publish_stream == 1) {
                //user has now granted publish_stream to this application
            }
        });
    }
}, { scope: 'publish_stream' });

  2. Use the C# Facebook SDK to post to this user's friend's wall using the application's access token.

    var client = new FacebookClient(FacebookAppId, FacebookAppSecret);

// Build the wall post
dynamic parameters = new ExpandoObject();
parameters.message = facebookDeliveryQueueItem.MessageBody; // user message

// Post to the wall
client.Post(facebookRecipientId + "/feed", parameters);

This returns:

{"error":{"message":"(#200) The user hasn't authorized the application to perform this action","type":"OAuthException"}}

However! If I attempt to use this code to post to MY OWN wall, it works just fine.

If a user grants publish_stream to my application, I can then use the the APPLICATION access token (you get this by issuing a GET to https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=APP_ID_HERE&client_secret=APP_SECRET_HERE) to post on that user's wall -- but NOT to that user's friend's wall.

So is the "and to the streams of the user's friends" part of the Facebook documentation a lie or am I doing it wrong? There is a ton of misinformation out there.

1
c#facebookfacebook-graph-apioauthaccess-token
This one is strange. I was able to post to a friend's wall using that permission using the graph API explorer tool. developers.facebook.com/tools/explorer Can you try there to see if it works there for you?DMCS
As bool.dev said, you need user access token and not the app_access_token.. I tried with graph api explorer and used post method to post into both my wall and my friend's wallVijay
@bool.dev Well that's my question -- is the documentation wrong in saying that I can use the application token to post on a user's friend's wall or is this just not how you would do it?Daniel Coffman
yeah, obviously people decline offline_access quite often, you can try and explain to them that you need offline_access for such and such reasons, anyway it's good practice to let your users know why you need certain permissions. Otherwise let's hope that someone has an answer. I had gone through your questions, and i thought some answers were acceptable, imho.bool.dev

1 Answers

1
votes

You should explicitly specify access_token before issuing request, if you omit it access_token of current user is used.

Add this before call to client.Post

parameters.access_token = FacebookAppId+"|"+FacebookAppSecret;

The documentation is correct (in this case). You can post on user's and his friends wall once user granted you publish_stream permission using application access_token (without need to ask for offline_access!) with respect of wall owner preferences. Some users set privacy settings to deny specific users/application or even anyone other to post content.

Ensure you can post on that specific friend (one you have issue with) wall using http://facebook.com and using Graph API Explorer tool (providing application access_token for sure).