search

ngxson / psid-to-fbid

This package allows you to match page-specific id (psid) with user's real id (id starts with 1000...) from webhook events.
5 stars 3 forks source link

The issue with using iOS TOKEN generated from mobile SDK #3

Open tereshchenkomax opened 5 years ago

tereshchenkomax commented 5 years ago

Hi @ngxson , Thanks so much for building such library. So far, I have not found the other ways to get FBID from PSID by using Node app.

In testing purposes, I have generated the TOKEN using your instructions more than once. Do not repeat my steps, guys:) * WARNING: This should be done only once, on client side to prevent checkpoint from facebook After the 2nd time, the FB has always forced me to change my password, so I had to generate to TOKEN again and again.

I have decided to generate an iOS token by usual way, so I have deployed the React Native app and got the TOKEN without any additional verifications from Facebook. https://screencast.com/t/TQCU89bgjN

Here's the proof that it's working: https://screencast.com/t/sr8wjg2W

Unfortunately, I still receiving the issue getFromMid m_oHOGnEtOJa0BMLPEEjs-OTUuOkd-D_us8kDk8_UqibW3Z3RiOLrD1j_grA1heltJ7cyeiVxaGBi5m6trE8Sv5A ERR: [object Object]

As we could see, there are no way to even see the error. I assume that it's somewhere here

function(error, response, body) {
                if (error) {
                    console.error(error);
                    resolve(null);
                } else {
                    var res = JSON.parse(body);
                    if (res.error) {
                        console.error("getFromMid " + mid + " ERR: " + res);
                        resolve(null);
                    } else if (res["from"].id != self.state.page_id) {
                        if (self.state.cache_enable) {
                            self.state.cache[psid] = res["from"].id;
                        }
                        resolve(res["from"].id);
                    } else if (res.to.data[0].id != self.state.page_id) {
                        if (self.state.cache_enable) {
                            self.state.cache[psid] = res.to.data[0].id;
                        }
                        resolve(res.to.data[0].id);
                    } else {
                        console.error("getFromMid " + mid + " ERR: " + res);
                        resolve(null);
                    }
                }

Here's my console response

Received message for user 2049464518504080 and page 630204857440599 at 1552258777542 with message: {"mid":"oHOGnEtOJa0BMLPEEjs-OTUuOkdD_us8kDk8_UqibW3Z3RiOLrD1j_grA1heltJ7cyeiVxaGBi5m6trE8Sv5A","seq":2283,"text":"Kek"} getFromMid m_oHOGnEtOJa0BMLPEEjs-OTUuOkdD_us8kDk8_UqibW3Z3RiOLrD1j_grA1heltJ7cyeiVxaGBi5m6trE8Sv5A ERR: [object Object] Got psid = 2049464518504080, fbid = null

Thanks in advance for your help.

ngxson commented 5 years ago

Hi @tereshchenkomax ,

Yup that's a known problem when I use this module on my product. The issue is that the token is generated on the client, fb will assign client's IP to this token. However when I use the token on the server, it has a different IP and therefore trigger fb's checkpoint procedure (actually that's a new change on fb. Before it dóe not happen).

However I found the solution. I generate the token from server instead of on client. The checkpoint will show only once, and no password change is needed. I also assigned the device-id header for each request, so my code have run smoothly for 1 month.

Sorry I couldn't update the code because I was too busy. I'm planning to fix it next week-end.

Your token does not work because is doesn't have page_read_mailbox permission. And even if it has, you can only see app-scoped ID, because you're using token from a custom app (and not the iOS or Android app)

tereshchenkomax commented 5 years ago

@ngxson Just to clarify - I have generated this token via React Native using AccessToken from react-native-fbsdk, as well as connected my Xcode Iphone app Bundle Identifier with Facebook app.

https://github.com/facebook/react-native-fbsdk?fbclid=IwAR0RWHkcrjqohHtZ4KWzR--m6WkEihRGBozHcrrVdYBSGyuD6K-eqoeeqCs#installation

import React, { Component } from 'react';
import { View } from 'react-native';
import { LoginButton, AccessToken } from 'react-native-fbsdk';
export default class Login extends Component {
  render() {
    return (
      <View>
        <LoginButton
          onLoginFinished={
            (error, result) => {
              if (error) {
                console.log("login has error: " + result.error);
              } else if (result.isCancelled) {
                console.log("login is cancelled.");
              } else {
                AccessToken.getCurrentAccessToken().then(
                  (data) => {
                    console.log(data.accessToken.toString())
                  }
                )
              }
            }
          }
          onLogoutFinished={() => console.log("logout.")}/>
      </View>
    );
  }
});

Any chance it will be working if I add page_read_mailbox permission? What do you think is the best way to fix my app right now to have the ability in receiving Page Ids again?

Thanks so much for your efforts again and have a great day!

A quick update: I have tried to reach out the URL to get the new token on the same app deployed Heroku using Puppeteer which is using Chromium as a client directly on server. Unfortunately, the result is the same - Facebook is forcing me to change my password during this try, not even when I'm reaching out to get UserID.

const puppeteer = require('puppeteer');

exports.puppeteerGetJSONfromPage = async () => {
    const browser = await puppeteer.launch({ args: ['--no-sandbox'] });
    const page = await browser.newPage();
    await page.goto('THE PROPER URL IS HERE');

    let content = await page.content();

    let innerText = await page.evaluate(() => {
        return JSON.parse(document.querySelector("body").innerText);
    });

    console.log("innerText now contains the JSON");
    console.log(innerText);
    await browser.close();
};