search

sns-sdks / python-facebook

A simple Python wrapper for facebook graph api :sparkles: :cake: :sparkles: .
https://sns-sdks.github.io/python-facebook/
322 stars 84 forks source link

Typo in `GraphAPI.debug_token`'s docstring #237

Closed nbro10 closed 5 months ago

nbro10 commented 10 months ago 
"""
Get input token info by issued app administrator's access token
:param input_token: Access token to debug.
:param access_token:
:return: Issued app administrator's access token
"""

Maybe you meant 

Get the input token info issued by the app administrator's access token

?

But then what's the difference between the "input token" and the "app administrator's access token"

It might be a good idea to base the description of this method on what is written here: https://developers.facebook.com/docs/facebook-login/guides/%20access-tokens/debugging.

MerleLiuKun commented 10 months ago

Yes, you are right, We can put the refer link to the description!

nbro10 commented 5 months ago

@MerleLiuKun Do you know the difference between the access token and input token? To me this is still unclear. According to the linked docs

Replace {input-token} with the access token you want to get information about and {access-token} with a valid access token. The tokens must be from the same app.

However, it's unclear to me if the access token is an access token or the client secret. Why am I confused? Because I'd assume that we can make this request without an access token, actually. For example, let's say you have only 1 existing access token and you want to check that it has the required scopes, then if this existing access token is not valid, you can't debug it. So, I'd assume that you actually don't need any access token to debug an access token.

Do you know something more about this topic? Do you have a code example for this mentioned case?

MerleLiuKun commented 5 months ago

hi,

You can use the app's token.

example:

If you have an access token ac=xxxxx

And you must have the app which the access token belonged to, then you must have the app's token,

So then you can do this.

api.debug_token(input_token="token which you want to debug,  just `ac`", access_token="your facebook app's token")

:)

nbro10 commented 5 months ago

@MerleLiuKun Yes, I did that in the end. It seems that the app token is indeed a token that you can generate with just the client ID and client secret. You need the app token to inspect a user access token. However, I wonder why would you need the app token to do this, because the client secret is already a secret. Why can't you automatically generate the app token? Wouldn't this be possible?

MerleLiuKun commented 5 months ago

Yes we can generate the app token just with the app_id and app_secret.

Now if you initial app instance as follows:

api = GraphAPI(
    app_id="xxx",
    app_secret="xxx",
    application_only_auth=True
)

Now this method will automatically to use app token

nbro10 commented 5 months ago

@MerleLiuKun I see now the code. For some reason, I thought this wasn't done automatically and I had to manually call get_app_token() to get the app token. Thanks.