Sunday, February 6, 2022

[FIXED] Given APP secret and client ID retrieve Facebook user access token

      , , , ,      No comments   

Issue

The following Facebook URL:

https://developers.facebook.com/tools/accesstoken/

Shows all the user tokens from the Facebook user created apps.

Here is how I can retrieve at the moment my Facebook User Access Token manually (source):

OAuth 2.0

  1. With the standard OAuth 2.0 implementation, the first step is to invoke the OAuth Dialog of the service provider (facebook)-

    \GET http://www.facebook.com/dialog/oauth

    Parameters-

    • client_id (APP ID)
    • redirect_uri (App's Redirect Url)
    • scope (permissions - optional)

    Returns-

    • code (appended with the redirect url)

  2. After the user successfully authenticated the app, a code is returned by the service provider(facebook) appended with the redirect_url passed. So you'll be redirected to-

    {redirect-url}?code=XXXXXXXXXXXXXXXXX

    We use this code then and request for the access_token-

    \GET https://graph.facebook.com/oauth/access_token

    Parameters-

    • client_id (APP ID)
    • client_secret (APP Secret)
    • code
    • redirect_uri

This works fine, but as you can see it requires a manual step in order to retrieve the code from the redirected URL and add it to the second URL that returns the User Access Token. However I don't know how to make this process automatic, that is, given an user App ID and App Secret, retrieve my User Access Token without manual steps.

Is there any way to retrieve the user access token with a PHP script?

Here is what I've tried in order to achieve this using the PHP SDK:

require_once __DIR__ . '/vendor/autoload.php';

$fb = new Facebook\Facebook([
  'app_id' => '<my app id>',
  'app_secret' => '<my app secret>',
  ]);

$helper = $fb->getRedirectLoginHelper();

$accessToken = $helper->getAccessToken();

However $accessToken returns NULL.

May be there is some other way to do this using the Facebook PHP SDK?


Solution

There is no way to automate getting a user token or to automate user authorization. That would make the whole user authorization pointless, and there is no serious use case for it. The only way to get a User Token is to manually authorize a user (by building a manual login flow or using one of the SDKs).



Answered By - andyrandy

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...