Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Issue with access_tokens expiring for photos? #360

Closed
cmccarty opened this issue Mar 11, 2021 · 2 comments
Closed

Issue with access_tokens expiring for photos? #360

cmccarty opened this issue Mar 11, 2021 · 2 comments
Labels
no-issue-activity

Comments

@cmccarty
Copy link

cmccarty commented Mar 11, 2021
edited
Loading

Is it possible that PR #344 added access_tokens to all types of scoped requests?

I am seeing cases where FB returns Error validating access token, but if I remove access_token from the URL completely, then the URL works.

{
  "error": {
    "message": "Error validating access token: The user has not authorized application 1698300210405782.",
    "type": "OAuthException",
    "code": 190,
    "error_subcode": 458,
    "fbtrace_id": "AbR6lWzzqYH1RoWbOtIJbbK"
  }
}

From the FB docs https://developers.facebook.com/docs/graph-api/reference/user/picture/#requirements
it seems that an access_token is not needed for /picture requests for app-scoped user_ids. Does the current code account for this context?

Anyone else seeing similar issues? Or is it just me?
@swiknaba
Copy link
Contributor

swiknaba commented Mar 11, 2021
edited
Loading

from https://developers.facebook.com/docs/graph-api/reference/user/picture/#requirements

If querying an App-Scoped User ID:

None
If querying a User ID:

User or Page access token for Facebook Login authenticated requests
App access token for server-side requests
Client access token for mobile or web client-side requests

and from https://developers.facebook.com/docs/messenger-platform/identity/id-matching/ we learn:

When a person uses Facebook Login on a website or a mobile app, an ID is created for the specific Facebook app, which is called app-scoped ID

From this I understand, that we are in the first case If querying an App-Scoped User ID, thus an access token might indeed not be necessary.

The Issue linked in the PR #344 is: #343
where we see the reported posted the following:

Image urls that saved in my database are like: http://graph.facebook.com/v4.0/10207720064671302/picture

we see that this is an http URL, so the issue with fetching the image might not be related to the access token, but to the fact, that facebook rejects non-ssl connections to the image endpoint since a while, as discussed here: #345 and fixed here: #346, not yet released: v8.0.0...master though.

@github-actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@Rubyist007 Rubyist007 mentioned this issue Apr 14, 2024
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
no-issue-activity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cmccarty @swiknaba