您是否可以使用Graph API获取公共Facebook页面的订阅源而无需要求用户允许？

Question

I've never used Facebook's Graph API, or OAuth. I'm simply trying to get a public Facebook page's feed using the Graph API, but it requires an access token. I don't want to hassle the users to login and allow access to get their token. A Facebook app access token could be used to get a public feed, but I'm trying to do this entirely in Javascript, so I can't use the app secret to do so. I read somewhere that a Facebook app access token doesn't ever expire or change unless I manually reset the secret. Is this true? Would it be safe to just hard code in the Access Token? If not, is there some way I could authenticate an app to get the token without having to involve a user? Is there some type of generic app token I could use?

Answer 1

If you're anything like me your clients won't want a standard Facebook likebox plugin, they'll want it all styled and customised their own way.

You don't need to spend all day going round the official documentation wondering if any of it applies to you for something simple like this, it's quite easy. The confusion arises because you'd assume that with all these keys and secret ids you'd have to get permission or authentication from the Facebook page you wanted to pull the feed from - you don't. All you need is a valid app and you can get the feed for any public page.

Set your app up in Facebook and it will give you an app id and an API key. Get the profile id for the public page feed you want, and that's all you need. You can then use the following code to retrieve the auth token and then then use that to return the feed data as a JSON object.

<?php

function fetchUrl($url){

 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($ch, CURLOPT_TIMEOUT, 20);
 // You may need to add the line below
 // curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,false);

 $feedData = curl_exec($ch);
 curl_close($ch); 

 return $feedData;

}

$profile_id = "the_profile_id_of_the_page_you_want";

//App Info, needed for Auth
$app_id = "your_app_id_in_here";
$app_secret = "your_app_secret_in_here";

//Retrieve auth token
$authToken = fetchUrl("https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id={$app_id}&client_secret={$app_secret}");

$json_object = fetchUrl("https://graph.facebook.com/{$profile_id}/feed?{$authToken}");

Thanks to an edit someone suggested I reckon this code came from here (looks familiar anyway :) ) and there's some more info in the comments there that might help.

You can then parse the object, here's some code to do it in PHP based on this thread;

Handling data in a PHP JSON Object

$feedarray = json_decode($json_object);

foreach ( $feedarray->data as $feed_data )
{
    echo "<h2>{$feed_data->name}</h2><br />";
    echo "{$feed_data->message}<br /><br />";
}

To find out what's available to you in the json object you can output the url in a browser and copy/paste it into this useful json visualisation tool;

http://chris.photobooks.com/json/default.htm

Answer 2

Facebook app access token doesn't ever expire or change unless I manually reset the secret

That's correct.

App tokens do not expire unless the App Secret is reset. App access tokens are unique to each app.

Since public feeds take any valid access token, application tokens can be used.

Go to https://developers.facebook.com/tools/access_token and you would not require a flow. Then you can just hard code it in. The moment you reset the secret this method is void.

$access_token = '1111111111|2Cha_1-n5'
$graph_url = "https://graph.facebook.com/Boo/posts?access_token=" 
    . $access_token;
$page_posts = json_decode(file_get_contents($graph_url), true);

Then iterate through the pages

foreach($page_posts['data'] as $post){
    $post_link = $post['actions'][0]['link'];
    $page_id = $post['from']['id'];
    $page_name = $post['from']['name'];
    $message = ($post['message']) ? $post['message'] : " ";
    $name = ($post['name']) ? $post['name'] : " ";
    $story = ($post['story']) ? $post['story'] : " ";
    $post_time = $post['updated_time'];
}

_{Source: http://philippeharewood.com/facebook/how-to-get-facebook-access-tokens-in-php-for-public-posts-the-basic-sauce/}

Answer 3

In response to the message of @Psyked and @James_David_Low, it is not recommended to use FQL because is deprecated.

"...There are two low-level HTTP APIs that are also used at Facebook to access the graph: FQL and the Legacy REST API. These APIs contain similar and overlapping functionality, but are deprecated."

New features are generally only available in the Graph API . To future-proof your app you should be using the Graph API in your app if you can.

Answer 4

The accepted answer does not provide a dynamic way of retrieving the profileId/pageId or even explain how to retrieve it. Check out my answer/question . From my experience, the accepted answer is also wrong in requiring the curly braces around the app-id and app-secret . I got an error when I included those and it worked with them out.

It doesn't get any simpler than this.

Answer 5

I think in order to do this you have to use FQL not simply the Graph API. This is what I'm doing (replace PAGE_ID with the ID of your page, keep the quotes):

SELECT post_id, created_time, type, message, attachment 
FROM stream 
WHERE source_id = 'PAGE_ID' 
AND actor_id = source_id

https://developers.facebook.com/docs/reference/fql/stream/

Answer 6

If you want to use page feed (like your own page feed) in an app for showing it to others. Just use your own access_token to get it.
BUT! as it's not considered as a good practice you can also login with the Page or Application and use their access_token.

For more information please read the official documentation on authentication