2

I am working on getting posts from a public Facebook page using the Facebook Graph API, without the user logging in. Using the steps from here I got the Token I would need since the end-user is not logging in, and the page is public. In my app, I have the following:

-(IBAction)testing {
    NSString *token = @"MYAccessToken";
    FBSession* session = [[FBSession alloc] initWithPermissions:@[@"manage_pages"]];
    FBAccessTokenData* tokenData =
    [FBAccessTokenData createTokenFromString:token
                                 permissions:@[@"manage_pages"]
                              expirationDate:nil
                                   loginType:FBSessionLoginTypeNone
                                 refreshDate:nil];


    [session openFromAccessTokenData:tokenData completionHandler:^(FBSession *session, FBSessionState status, NSError *error) {
        if ([session isOpen]) {
            [self performGraph];
        }
    }];
}
-(void)performGraph {
    NSLog(@"Go");
    [FBRequestConnection startWithGraphPath:@"/{your-page}/posts"
                                 parameters:nil
                                 HTTPMethod:@"GET"
                          completionHandler:^(
                                              FBRequestConnection *connection,
                                              id result,
                                              NSError *error
                                              ) {
                              NSLog(@"Result%@", result);
                              /* handle the result */
                          }];
}

It runs the method performGraph as I can see it in my Console, leading me to believe that the FBSession must be open, since that is where it runs it. However, I get the following error message in FBSDKLog: Error for request to endpoint '/{your-page}/posts': An open FBSession must be specified for calls to this endpoint.

If the FBSession isn't open, it shouldn't be even attempting to perform the Graph API call, yet it tells me it needs an open FBSession. Can someone help me out here a bit?

Community
  • 1
  • 1
user717452
  • 33
  • 14
  • 73
  • 149
  • There is no way you are actually thinking of releasing this as an app. You are embedding the access token directly into the app? The SO post you link still needs an initial login. What happens if the user invalidates the user access token accidentally? Will your app still work? I assure you, this is one of those you don't want to do what you think you're doing all to avoid logging in. Please implement a different strategy, I find it hard to believe Facebook will approve your `manage_pages` permission for this. – phwd Feb 04 '15 at 17:52
  • @phwd The app I use currently just uses the PHP method of getting a Facebook page's post via XML. The issue is that it randomly inserts in characters into post titles, making it look sloppy at best. Trying to find a way to parse those posts into a `UITableView` that still doesn't require a user to login before they can even view something. – user717452 Feb 04 '15 at 18:50
  • Ok, just preparing for a similar response from Facebook Review Team. The only way I see this working is using a page token owned by the app developer/owner. That way you don't have to go through review. *But* you still risk leaving a token embedded in your app. In terms of Facebook security, it's one of things that's said *not* to do. Consider combining the token with the app secret proof See https://developers.facebook.com/docs/graph-api/securing-requests So that does take care of the security if someone decrypts your iOS app and takes your token. – phwd Feb 04 '15 at 19:01
  • The actual functionality of your app however, seems unstable. You need to figure out what you're going to do on the off chance that the user token is invalidated, if it is your page token becomes invalidated as well. – phwd Feb 04 '15 at 19:02
  • As @phwd says, definitely do not hardcode ANY access token inside your app. If anything, you should either 1.) get the access token from your server side, and store it in a secure location on device, and update as necessary, or 2.) get a json response for page posts from your server side, and pass the json over to the client to parse. – Ming Li Feb 04 '15 at 19:36

1 Answers1

1

As provided by the documentation for startWithGraphPath:parameters:HTTPMethod:completionHandler: that method uses the [FBSession activeSession], and since you're creating a new session object, it is NOT the activeSession, which is why you're effectively calling the graph API with a nil session.

You can either set the session you created as the activeSession by calling FBSession.activeSession, or you can create an FBRequest object with your session instance, and then create a FBRequestConnection with the FBRequest.

Ming Li
  • 15,672
  • 3
  • 37
  • 35