Closed mrjohnskelton closed 6 years ago
OK, I am indebted to (https://benbiddington.wordpress.com/2010/04/23/facebook-graph-api-getting-access-tokens/) for the insight I must have missed in other documentation.
An access_token
value is created by the passport framework and put on the session, accessible (in angular) by either $cookies
or Auth.getToken()
. This token is a session token, and so lacks user identification. So, the type of graph request I was trying https://graph.facebook.com/v2.11/me/friends...
, wasn't working because nothing I was passing was identifying who 'me' is. Changing the graph url request to https://graph.facebook.com/v2.11/{fbId}/friends
works with the token available from passport (where fbId can also be gotten from the user object generally available in the frameworks).
Any chance of a suitable tweak to the README.md
to explain/example the above? I'll have a go at doing it myself, but I'm not sure I trust my git skills!
Hey, do you have any examples of what you did? I'm trying to make Graph API calls in nodeJS, but am not sure how to authenticate them having already authenticated using passport.
Currently what I'm doing is using the FB JS-SDK, and setting the access token inside the passport strategy instantiation:
passport.use(new Strategy({
clientID: process.env.CLIENT_ID,
clientSecret: process.env.CLIENT_SECRET,
callbackURL: '_______',
profileFields: ['id', 'displayName', 'emails', 'name'],
enableProof: true
},
function(accessToken, refreshToken, profile, cb) {
FB.setAccessToken(accessToken);
return cb(null, profile);
}));
I've also raised this question regarding accessToken on stackoverflow - hoping for some help.
I am trying to figure out how to make further calls to the facebook graph api using the
accessToken
provided tofunction(accessToken, refreshToken, profile, cb) {
by the second phase of authentication .(* - My design assumptions are that the
accessToken
:I can't find any documentation to suggest the best way of doing this*. Please could the
README.md
be enhanced to include a best/good practice example of saving and then retrieving theaccessToken
.