Facebook access_token not valid

Question

I am building a little website for an event. The idea is to add the attending persons from the facebook event to this website. The problem is that the attending service needs an access_token. I don't want a user to log in to the app, I just want to use the app access_token. But this doesn't seem to work.

I have the following php code for receiving the access_token:

// get facebook auth_token
$FB_APP_ID = '****';
$FB_APP_SECRET = '***';
$token_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $FB_APP_ID . "&client_secret=" . $FB_APP_SECRET . "&grant_type=client_credentials";
$app_token = file_get_contents($token_url);
parse_str($app_token); // creates: $access_token

In javascript I am using the following code:

/**
 * Gets all the attending Users
 * @param function callback: the function to call, when data loading is ready
 * @param function callback: the function to call, when data loading is broken
 * @return void
 */
this.getAttending = function(callback, errorHandler) 
{
    FB.api('/' + this.eventId + '/attending', function(response) {
        if(response.error) {
            errorHandler(response.error['message']);
        } else {
            callback(response.data);
        }
    } , {access_token: facebook.accessToken} );    
}

I receive the error: Invalid OAuth access token.

The access token looks like: 111737995591905|l9e3niEMM1RsIUhwHZv3pn3c19M

THe user access token looks like: 145634995501895|2.AQBcWfbvdzhloLYc.3600.1312138800.1-1146858041|cjCkHZqquyyFyX2dY0q2YCaSyy0

When i try to use the user access token, everything works fine. But when I hardcode the token, this will not work for other users. When I try the token that the server parsed for me, I get die invalid token action. Does somebody knows a solution for this? It is a public event, and I don't want the user to login before he/she knows who is attending?

Is this possible at all? Thanx!

Answer 1

Why not get an access token for yourself and then hard code that in your application (assuming it is running on a secure server where no one else can steal the credentials). Then anyone visiting the page can view the guest list using your own access token which is permissioned to view the list.

The client_credentials grant type is not meant for accessing user data, only application data. I don't know how the rest of the application works but I'm assuming that you need a user access token to see user data.

Answer 2

Did you encode the token while hard coding? | should be %7C . Cant think of anything else that might have gone wrong for the moment

Answer 3

The way i got around this was designating the offline_access permission, it generates an access token that never expires so you can use it indefinitely. You would then in theory authorize only your Facebook account to have the event data pulled from it. You could then view and serve your event details to your website no problem.