Facebook Oauth 2.0 header format - facebook-oauth

I am having a native application in facebook. i would like to use oauth 2.0. Read that oauth header will contain timestamp, nounce, signature etc.. For google this can be generated with oauth playground. How to do the same in facebook.
Can anyone help me out with a good tutorial or can anyone say how the header format will be?
Thanks in advance

Facebook is not expecting timestamp,nounce,signature in its oauth header.
I got the problem solved.

Related

Facebook login broken, oauth response serialization changed from CGI parameters to JSON

Today the Facebook oauth login to my website broke. I fired up the debugger and found that parsing the access token was failing. This appears to be because Facebook changed the format of the oauth response. It used to be CGI parameters:
access_token=EAAFO...cBUZD&token_type=bearer&expires_in=5183996
But all of a sudden it appears to be coming over as JSON:
{"access_token":"EAAFO...cBUZD","token_type":"bearer","expires_in":5183996}
The fix in my code looks pretty simple. I just need to change the parser from a CGI parser to a JSON parser and get the same variable that I'm interested in: access_token.
My question is about versioning of this. I don't like it when my site breaks.
Why did Facebook change this? Is this change documented? Is there some sort of versioning on Oauth that I should be using to prevent breakages like this? How do I get notified of future changes to Oauth by Facebook?
The Facebook API upgrade tool does not list any changes that I need to my app for the latest version of the API. In any case, none of the URLs that I'm using for Oauth appear to have a version number embedded in them:
https://www.facebook.com/dialog/oauth
https://graph.facebook.com/oauth/access_token
As WizKid states, it was announced in Facebook Developers Changelog two years ago under the title "[Oauth Access Token] Format". Facebook does have a tool to try to find things that will break, because of API changes, but it didn't alert this one.
You can put API version numbers into Oauth URLs for Facebook. With version numbers, the flow for Facebook login is:
Redirect the user to https://www.facebook.com/v2.9/dialog/oauth with a bunch of required parameters such as your client id, the list of permissions you are requesting, and a return URL.
Facebook lets the user log in, asks them to accept the permissions you requested, and then redirects them back to your site with a "code" parameter
Server-side you contact https://graph.facebook.com/v2.9/oauth/access_token with that code (and some other stuff) as parameters. Facebook responds with a token
Server-side you contact https:///graph.facebook.com/v2.9/me with that token to request information about the user
This is the process that is pretty much documented here: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow

Chrome extension license validation always returns NO LICENSE

I am creating a chrome extension with free trial option. I followed the following url and am able to get a response from the license api.
https://developer.chrome.com/webstore/one_time_payments#update-manifest
https://developer.chrome.com/extensions/app_identity
However i am always getting the below response. License information is missing.
{"kind":"chromewebstore#userLicense","itemId":"my-app-id","result":false,"maxAgeSecs":"2"}
Any help is appreciated.
My bad. I was testing it with the developer google account instead of tester account. Now im getting proper response as below.
{"kind":"chromewebstore#userLicense","itemId":"my-app-id","createdTime":"1425237580974","result":true,"accessLevel":"FREE_TRIAL","maxAgeSecs":"2"}"

Facebook public JSON or RSS feed

So it seems that Facebook has deprecated the public JSON and XML feeds for profiles (https://www.facebook.com/feeds/page.php?format=json&id=[id]).
I have a client's website that was grabbing a simple facebook feed for display on the homepage. They own the facebook page they want to feed from.
I understand I'm supposed to use the Graph API. But it doesn't seem possible without authentication. Is there any way to pull this data without generating a temporary token each time? Asking the user for facebook access every time they open this separate website seems like a really bad user experience.
This seems to be a recent deprecation on the part of facebook (Did Facebook recently disable accessing public page feeds via uri?). Any help is greatly appreciated. Thanks!
For display public informations without authentifcation in Json, create a app to facebook graph.
You just need :
Facebookappid
Facebookappsecret
Facebookpageid
And use this url :
https://graph.facebook.com/Facebookpageid/feed?access_token=Facebookappid|Facebookappsecret
and Tada, you can see the public feed in Json.
Hope help someone.
Thanks #WizKid, that helped! More specifically it looks like I needed to find a permanent page access token. This page had my answer: facebook: permanent Page Access Token?

How to get gmail emails in my website

Is there a way to get emails from gmail using some API for emails to go directly in front end of web application through some JSON api or XML format?
You can get gmail emails using GMAIL API's ... XOAUTH will come into picture in it.
Step 1. Use OAUTH 2.0 to get access token and refresh token of GMAIL account.
Step 2. Use that access Token in XOAUTH and with the help of GMAIL API's access all the folders and emails from GMAIL.
Please refer -> https://developers.google.com/google-apps/gmail/oauth_overview for more information
There are no libraries available for front end .. ie JSON or XML..
You have to use either python ,java or PHP..
You can refere: http://context.io/ ... which might help you for what u need...
http://context.io/ provides API's through which you can access and sync your email through REST .
You would get response in form of JSON which you can easily parse... Hope it helps :)

How to learn about web communcation standards (xauth rest soap oauth json)?

I am an android application developer (trying to be one) and I want to learn how to communicate with web sites from my applications. However, I don't know where to start. Can you point me in the right direction?
PS : I believe "web communcation standarts" is wrong term but i don't know how to call them.
I'd suggest that you learn by doing. Pick an idea - let's say you want to upload a picture from your Android phone to facebook.
Now go and research how to do that. Facebook exposes what they call the "Graph API" for all fb resources, including users, statuses, and photos, among other things. The Graph API is a REST API - in other words each item on the backend is modelled as a "resource" which is accessible from a URL. (Learn more about REST on wikipedia). Send a GET HTTP message to the given URL and you can get information on the resource. Send a POST to the container of that resource, and you can add another of whatever it is. In this model, to add a photo, you POST to the album URL. Read on FB for how to do that. They call it "publishing".
But reading that doc page you learn that in order to POST you need an authorization token.
Your app needs publish_stream permissions. How do you get that? Keep reading in the FB doc and you'll see a link to the Authentication and authorization guide. That tells you about how to use OAuth 2.0 in Facebook apps.
Your app will send its first feeble message out, and get an error response. Why? You'll want to examine the message. so you google and figure out that you can use an http debugging proxy to help you, something like Fiddler2 for Windows, or Charles for other systems. So you download that, set the proxy on your Android device, and now you can view outgoing HTTP messages and their responses on your PC.
Keep plugging along, learning what you need to accomplish the task in front of you: in this example, posting a photo from an android device to Facebook.
After you reach that goal, you will have learned quite a bit of practical knowledge for this domain of problem. Then you can try a new goal, and work on that.
After a few iterations of this, you will have learned how to learn, which is even better than learning REST or OAuth. If you know how to learn, the sky's the limnit.
Learn about HTTP first. There is far more to HTTP than there first appears. It is a building block for everything on the web.
You will not go wrong by getting very familiar with this http://www.w3.org/Protocols/rfc2616/rfc2616.html