Facebook API without client authentication for public content
https://stackoverflow.com/questions/1000773
-
05-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm developing a site for a client who already have the photos of his products on Facebook, and he wants the same albums to be replicated over his site. I was already using Facebook Connect, so I dropped a combination of photos.getAlbums and photos.get to dynamically make the galleries.
So far so good, but then I realized that if there's no user logged trough FBC, no session is created and the API becomes unusable, even for content that is publicly available. I obviously want to show the albums to everyone and not just the people who connect their accounts.
Is this how all functions in the Facebook API work? What's the best (easier to implement) workaround for this situation?
Solution
As of September 2010, you can now authenticate just as an application, with no associated user. See http://developers.facebook.com/docs/authentication/ for details. Or you can run this example code to get an access token:
curl -F grant_type=client_credentials \
-F client_id=your_app_id \
-F client_secret=your_app_secret \
https://graph.facebook.com/oauth/access_token
OTHER TIPS
For the record, I managed to solve this situation by developing a small backend that requires the client to login to Facebook once and give offline_access extended permission to the FB app, so I can save his session key and use it to authenticate the Facebook API client every time I need to use FQL to get non-public content.
One could obviously add some caching in the middle to avoid unnecessary requests to Facebook, but it's been working fine for months now without hitting any limits that I know of.
That doesn't make sense to me - I have a (relatively simple) app that renders in facebook even if the user has never logged into facebook before (in which case it displays demo data).
When using the facebook PHP library, I just do this:
$facebook = new Facebook($api_key, $secret);
No session id required - but, obviously, api functions that depend on information about the user aren't going to work.
You can also look into an "infinite session" for your app - you could create an infinite session key for yourself and use that session to access the API.
