Facebook page feed without user login
https://stackoverflow.com//questions/25040565
-
21-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Maybe you can help me out with something. I want to fetch all publicly available posts on a Facebook page using Spring Social.
I don't need OAuth authentication with a certain user or something since I don't want to post, comment or whatsoever in the name of a somebody.
Still, Facebook requires to pass an access token when doing a request. So I am doing the following to fetch all public posts.
Now my question is: is there an easier, concise way to do this or does Spring Social only support the complete user authentication OAuth dance and not this rather simple way?
public List<Post> fetchFacebookPosts() {
String accessTokenUrlString = String.format("https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=%s&client_secret=%s&redirect_url=%s", getFacebookAppId(), getFacebookAppSecret(), "http://www.return.url");
String token = "";
try {
// HTTPURLConnection stuff omitted
// returns: accessToken=xxxx|xxxxxxxxxxxxx
token = response.toString().substring(response.toString().indexOf("=")+1);
} catch (IOException e) {
// ...
}
FacebookTemplate facebookTemplate = new FacebookTemplate(token);
return facebookTemplate.feedOperations().getFeed("12345678");
}
Solution
For getting the feed of a Facebook Page, you can even use the most basic Access Token, the App Access Token, without User Login/Authorization.
String appAccessToken = APP-ID + '|' + APP_SECRET;
Read more about the different Access Tokens in those articles:
OTHER TIPS
In addition to OAuth 2 authorization code grant (the full user-authorized token flow), Spring Social's OAuth2Template also supports password grant and client credentials grant.
Password grant would require that you obtain a user's credentials, but you wouldn't have to take them through the entire OAuth flow. It's generally recommended that password grant only be used for native applications where the redirect flow would be awkward or impossible. Even so, Facebook (as far as I know) doesn't support password grant, so that option is off the table.
Facebook does support client credentials grant via OAuth2Template's authenticateClient() methods. In this scenario, you trade your application's credentials (given to you by Facebook) for an access token. Be aware, however, that the token you get is limited to only be used for requests that aren't user-centric.
Generally, most of Facebook's API requires a user token...which you must get via the full authorization flow. This isn't a limitation of Spring Social...it's strict security limitation enacted by Facebook.
The documentation [1] is pretty clear in that case. You need an access_token. Requiring an access_token does not imply that it is only used for posting content. It is a requirement from Facebook and there is not much Spring Social can do about it.
[1] https://developers.facebook.com/docs/graph-api/reference/v2.0/page/feed/
